Active Directory LDAP authentication is not working

hello everyone,

This is my first ever post and I’m little anxious…so please help if possible…

My active directory LDAP authentication stopped working couple of weeks ago and I’m struggling to find what had happened. I have enabled daily and automated updates of stable release.

-bash-4.2$ whoami
librenms
-bash-4.2$ pwd
/opt/librenms
-bash-4.2$ ./validate.php

Component Version
LibreNMS 1.44
DB Schema 268
PHP 7.1.17
MySQL 5.5.56-MariaDB
RRDTool 1.4.8
SNMP NET-SNMP 5.7.2

====================================

[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[FAIL] Missing PHP extension: mysqlnd
[FIX] Please install mysqlnd
[WARN] IPv6 is disabled on your server, you will not be able to add IPv6 devices.

test auth script works ok

-bash-4.2$ ./scripts/auth_test.php -v -d -u xxx
Authentication Method: ldap
Password:
Authenticate user xxxx:
AUTH SUCCESS

User (1200402):
Groups: Array; cn=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx; cn=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx
-bash-4.2$

In web UI after providing username/password i cant get to dashboard … it says following in logs/librenms.log

[2018-10-25 17:24:32] production.ERROR: Auth Error (ldap): No user (1200402) [xxx]

here is my LDAP config in config.php

// Authentication Model
$config[‘auth_mechanism’] = “ldap”; // default, other options: ldap, http-auth, please see documentation for config help
$config[‘auth_ldap_kerberized’] = TRUE;

$config[‘auth_ldap_version’] = 3;
$config[‘auth_ldap_server’] = “ACTIVE DIRECTORY HOST”;
$config[‘auth_ldap_port’] = 389;
$config[‘auth_ldap_starttls’] = “require”;

$config[‘auth_ldap_binddn’] = “CN=xxx,OU=Functional_IDs,DC=xx,DC=xx,DC=xx,DC=xx”;
$config[‘auth_ldap_bindpw’] = “XXX”;

$config[‘auth_ldap_bindanonymous’] = FALSE;

$config[‘auth_ldap_prefix’] = “CN=”;
$config[‘auth_ldap_suffix’] = “,OU=xxx,DC=xx,DC=xx,DC=xx,DC=xx”;

$config[‘auth_ldap_attr’][‘uid’] = “sAMAccountName”;
$config[‘auth_ldap_attr’][‘uidNumber’] = “objectSid”;
$config[‘auth_ldap_attr’][‘cn’] = “name”;
$config[‘auth_ldap_objectclass’] = “person”;

$config[‘auth_ldap_groupbase’] = “OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx”;
$config[‘auth_ldap_group’] = array(“CN=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx”, “CN=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx”);

$config[‘auth_ldap_groupmembertype’] = “fulldn”;
$config[‘auth_ldap_groupmemberattr’] = “member”;

$config[‘auth_ldap_debug’] = true; // enable for verbose debug messages
$config[‘auth_ldap_userdn’] = true; // Uses a users full DN as the value of the member attribute in a group instead of member: username. (it’s member: uid=username,ou=groups,dc=domain,dc=com)

unset($config[‘auth_ldap_groups’]);
$config[‘auth_ldap_groups’][‘xxx’][‘level’] = 10;
$config[‘auth_ldap_groups’][‘xxx’][‘level’] = 5;

Many thanks,

What isn’t working login? Userlevel? API?

Have you thought of using AD authentication? That’s what we are using…

$config[‘auth_mechanism’] = ‘active_directory’;

1 Like

Web UI login…

thanks. AD authentication works flawlessly… Cheers

Can you please explain little more about as I am also having issue with my loging?

root@abdulwpk:/opt/librenms/scripts# ./auth_test.php -u abdul
Authentication Method: ldap
Password:
Authenticate user abdul:
Error: LibreNMS\Exceptions\AuthenticationException thrown!
Success

I’m having the same issue. @Abdul_Wahab have you found any fixes?

Thanks,
J

I have still not found any solution for this. have you found any solution?