hello everyone,
This is my first ever post and I’m little anxious…so please help if possible…
My active directory LDAP authentication stopped working couple of weeks ago and I’m struggling to find what had happened. I have enabled daily and automated updates of stable release.
-bash-4.2$ whoami
librenms
-bash-4.2$ pwd
/opt/librenms
-bash-4.2$ ./validate.php
Component | Version |
---|---|
LibreNMS | 1.44 |
DB Schema | 268 |
PHP | 7.1.17 |
MySQL | 5.5.56-MariaDB |
RRDTool | 1.4.8 |
SNMP | NET-SNMP 5.7.2 |
====================================
[OK] Composer Version: 1.7.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[FAIL] Missing PHP extension: mysqlnd
[FIX] Please install mysqlnd
[WARN] IPv6 is disabled on your server, you will not be able to add IPv6 devices.
test auth script works ok
-bash-4.2$ ./scripts/auth_test.php -v -d -u xxx
Authentication Method: ldap
Password:
Authenticate user xxxx:
AUTH SUCCESS
User (1200402):
Groups: Array; cn=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx; cn=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx
-bash-4.2$
In web UI after providing username/password i cant get to dashboard … it says following in logs/librenms.log
[2018-10-25 17:24:32] production.ERROR: Auth Error (ldap): No user (1200402) [xxx]
here is my LDAP config in config.php
// Authentication Model
$config[‘auth_mechanism’] = “ldap”; // default, other options: ldap, http-auth, please see documentation for config help
$config[‘auth_ldap_kerberized’] = TRUE;
$config[‘auth_ldap_version’] = 3;
$config[‘auth_ldap_server’] = “ACTIVE DIRECTORY HOST”;
$config[‘auth_ldap_port’] = 389;
$config[‘auth_ldap_starttls’] = “require”;
$config[‘auth_ldap_binddn’] = “CN=xxx,OU=Functional_IDs,DC=xx,DC=xx,DC=xx,DC=xx”;
$config[‘auth_ldap_bindpw’] = “XXX”;
$config[‘auth_ldap_bindanonymous’] = FALSE;
$config[‘auth_ldap_prefix’] = “CN=”;
$config[‘auth_ldap_suffix’] = “,OU=xxx,DC=xx,DC=xx,DC=xx,DC=xx”;
$config[‘auth_ldap_attr’][‘uid’] = “sAMAccountName”;
$config[‘auth_ldap_attr’][‘uidNumber’] = “objectSid”;
$config[‘auth_ldap_attr’][‘cn’] = “name”;
$config[‘auth_ldap_objectclass’] = “person”;
$config[‘auth_ldap_groupbase’] = “OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx”;
$config[‘auth_ldap_group’] = array(“CN=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx”, “CN=xxx,OU=Manual,OU=Distribution Lists,DC=xx,DC=xx,DC=xx,DC=xx”);
$config[‘auth_ldap_groupmembertype’] = “fulldn”;
$config[‘auth_ldap_groupmemberattr’] = “member”;
$config[‘auth_ldap_debug’] = true; // enable for verbose debug messages
$config[‘auth_ldap_userdn’] = true; // Uses a users full DN as the value of the member attribute in a group instead of member: username. (it’s member: uid=username,ou=groups,dc=domain,dc=com)
unset($config[‘auth_ldap_groups’]);
$config[‘auth_ldap_groups’][‘xxx’][‘level’] = 10;
$config[‘auth_ldap_groups’][‘xxx’][‘level’] = 5;
Many thanks,