We will soon be merging an update to active directory authentication to allow for nested groups.
But, this will require that all groups must be under auth_ad_base_dn, which wasn’t previously the case even though it was noted by the documentation.
Please verify your configurations to avoid interruptions. This change will be reflected in version 1.33 and will be applied soon for daily updaters.
This change will be merged in 48 hours.
And we have an alternative? Can definitively block some users.
Yes, to correct this use a shorter base_dn.
For example:
Previous base_dn:
ou=Users,ou=Company,dc=company,dc=com
Assuming groups are here:
ou=Groups,ou=Company,dc=company,dc=com
New auth_ad_base_dn setting should be:
ou=Company,dc=company,dc=com
You could even just use: dc=company,dc=com, but the further down the tree you can put your base dn the faster searches will be. But this won’t affect LibreNMS much since it primarily only searches at login.