I am trying to authenticate via AD but it is not working.
User is not in one of the required groups or user/group is outside the base dn
This is the Output
librenms:/opt/librenms# ./scripts/auth_test.php -v -d -u xxx.xxx
Authentication Method: active_directory
Reporting disabled by user setting
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldap://xxx.xxx.local)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP xxx.xxx.local:389
ldap_new_socket: 7
ldap_prepare_socket: 7
ldap_connect_to_host: Trying 10.0.10.1:389
ldap_pvt_connect: fd: 7 tm: 5 async: 0
ldap_ndelay_on: 7
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 7 tm: 5
ldap_is_sock_ready: 7
ldap_ndelay_off: 7
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f38e041f230 msgid 1
wait4msg ld 0x7f38e041f230 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f38e041f230 msgid 1 all 1
** ld 0x7f38e041f230 Connections:
* host: xxx.xxx.local port: 389 (default)
* from: IP=172.25.0.4:52892
refcnt: 2 status: Connected
last used: Thu Nov 9 13:13:47 2023
** ld 0x7f38e041f230 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f38e041f230 request count 1 (abandoned 0)
** ld 0x7f38e041f230 Response Queue:
Empty
ld 0x7f38e041f230 response count 0
ldap_chkResponseList ld 0x7f38e041f230 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f38e041f230 NULL
ldap_int_select
read1msg: ld 0x7f38e041f230 msgid 1 all 1
ldap_find_request_by_msgid: msgid 1, lr 0x7f38dff8e250 lr->lr_refcnt = 1
read1msg: ld 0x7f38e041f230 msgid 1 message type bind
read1msg: ld 0x7f38e041f230 0 new referrals
read1msg: mark request completed, ld 0x7f38e041f230 msgid 1
request done: ld 0x7f38e041f230 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_return_request: lrx 0x7f38dff8e250, lr 0x7f38dff8e250
ldap_return_request: lrx->lr_msgid 1, lrx->lr_refcnt is now 0, lr is still present
ldap_free_request (origid 1, msgid 1)
ldap_free_request_int: lr 0x7f38dff8e250 msgid 1 removed
ldap_do_free_request: asked to free lr 0x7f38dff8e250 msgid 1 refcnt 0
ldap_parse_result
ldap_msgfree
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f38e041f230 msgid 2
wait4msg ld 0x7f38e041f230 msgid 2 (infinite timeout)
wait4msg continue ld 0x7f38e041f230 msgid 2 all 1
** ld 0x7f38e041f230 Connections:
* host: xxx.xxx.local port: 389 (default)
* from: IP=172.25.0.4:52892
refcnt: 2 status: Connected
last used: Thu Nov 9 13:13:47 2023
** ld 0x7f38e041f230 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f38e041f230 request count 1 (abandoned 0)
** ld 0x7f38e041f230 Response Queue:
Empty
ld 0x7f38e041f230 response count 0
ldap_chkResponseList ld 0x7f38e041f230 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f38e041f230 NULL
ldap_int_select
read1msg: ld 0x7f38e041f230 msgid 2 all 1
ldap_find_request_by_msgid: msgid 2, lr 0x7f38dff8e2e0 lr->lr_refcnt = 1
read1msg: ld 0x7f38e041f230 msgid 2 message type bind
read1msg: ld 0x7f38e041f230 0 new referrals
read1msg: mark request completed, ld 0x7f38e041f230 msgid 2
request done: ld 0x7f38e041f230 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_return_request: lrx 0x7f38dff8e2e0, lr 0x7f38dff8e2e0
ldap_return_request: lrx->lr_msgid 2, lrx->lr_refcnt is now 0, lr is still present
ldap_free_request (origid 2, msgid 2)
ldap_free_request_int: lr 0x7f38dff8e2e0 msgid 2 removed
ldap_do_free_request: asked to free lr 0x7f38dff8e2e0 msgid 2 refcnt 0
ldap_parse_result
ldap_msgfree
AD bind success
Password:
Authenticate user xxx.xxx:
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f38e041f230 msgid 3
wait4msg ld 0x7f38e041f230 msgid 3 (infinite timeout)
wait4msg continue ld 0x7f38e041f230 msgid 3 all 1
** ld 0x7f38e041f230 Connections:
* host: xxx.xxx.local port: 389 (default)
* from: IP=172.25.0.4:52892
refcnt: 2 status: Connected
last used: Thu Nov 9 13:13:54 2023
** ld 0x7f38e041f230 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f38e041f230 request count 1 (abandoned 0)
** ld 0x7f38e041f230 Response Queue:
Empty
ld 0x7f38e041f230 response count 0
ldap_chkResponseList ld 0x7f38e041f230 msgid 3 all 1
ldap_chkResponseList returns ld 0x7f38e041f230 NULL
ldap_int_select
read1msg: ld 0x7f38e041f230 msgid 3 all 1
ldap_find_request_by_msgid: msgid 3, lr 0x7f38dff8e370 lr->lr_refcnt = 1
read1msg: ld 0x7f38e041f230 msgid 3 message type bind
read1msg: ld 0x7f38e041f230 0 new referrals
read1msg: mark request completed, ld 0x7f38e041f230 msgid 3
request done: ld 0x7f38e041f230 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_return_request: lrx 0x7f38dff8e370, lr 0x7f38dff8e370
ldap_return_request: lrx->lr_msgid 3, lrx->lr_refcnt is now 0, lr is still present
ldap_free_request (origid 3, msgid 3)
ldap_free_request_int: lr 0x7f38dff8e370 msgid 3 removed
ldap_do_free_request: asked to free lr 0x7f38dff8e370 msgid 3 refcnt 0
ldap_parse_result
ldap_msgfree
Error: LibreNMS\Exceptions\AuthenticationException thrown!
User is not in one of the required groups or user/group is outside the base dn
And the Groupmembership setting is not available
librenms:/opt/librenms# lnms config:set auth_ad_require_groupmembership false
This is not a valid setting. Please check your input
librenms:/opt/librenms#
My LibreNMS is running on Docker