Active Directory Base DN

We will soon be merging an update to active directory authentication to allow for nested groups.

But, this will require that all groups must be under auth_ad_base_dn, which wasn’t previously the case even though it was noted by the documentation.

Please verify your configurations to avoid interruptions. This change will be reflected in version 1.33 and will be applied soon for daily updaters.

1 Like

This change will be merged in 48 hours.

1 Like

And we have an alternative? Can definitively block some users.

Yes, to correct this use a shorter base_dn.

For example:

Previous base_dn:

Assuming groups are here:

New auth_ad_base_dn setting should be:

You could even just use: dc=company,dc=com, but the further down the tree you can put your base dn the faster searches will be. But this won’t affect LibreNMS much since it primarily only searches at login.