Difficulty with using a bind user with Active Directory authentication

Oblikhan · 11 January 2019 19:31

I’ve gotten Active Directory auth working with LibreNMS, but I’m having some trouble with API integration. I can create an API key, but it ends up breaking after a while (loses the user information).

When I run auth_test.php -l, I get the following:

Authentication Method: active_directory
Success
Could not bind to AD, you will not be able to use the API or alert AD users
Users: removed (4999), removed (2026), removed (2014), removed (15523), removed (14394), removed (18760), removed (20107)
Total users: 7

I’ve checked, and I have the user information correct, and the domain and OU seem right in config.php:

Authentication Model

$config[‘auth_mechanism’] = ‘active_directory’;
$config[‘auth_ad_url’] = ‘ldap://dc-svr-1.domain.local’;
$config[‘auth_ad_domain’] = ‘domain.local’;
$config[‘auth_ad_base_dn’] = ‘dc=domain,dc=local’;
$config[‘auth_ad_check_certificates’] = false;
$config[‘auth_ad_binduser’] = ‘ldap-librenms’;
$config[‘auth_ad_bindpassword’] = ‘password’;
$config[‘auth_ad_timeout’] = 15;
$config[‘auth_ad_debug’] = false;
$config[‘active_directory’][‘users_purge’] = 30;
$config[‘auth_ad_require_groupmembership’] = true;
$config[‘auth_ad_groups’][‘Network Operations’][‘level’] = 10;

What might be the problem? How can I continue to troubleshoot the issue?

Kevin_Krumm · 12 January 2019 14:24

Hi,
Post the out put of ./validate.php

Oblikhan · 12 January 2019 17:26

./validate.php

Component	Version
LibreNMS	1.47-41-gc99c97a
DB Schema	281
PHP	7.2.14
MySQL	5.5.60-MariaDB
RRDTool	1.4.8
SNMP	NET-SNMP 5.7.2

====================================

[OK] Composer Version: 1.8.0
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[WARN] Your local git contains modified files, this could prevent automatic updates.
[FIX]:
You can fix this with ./scripts/github-remove
Modified Files:
includes/definitions/asa.yaml
includes/definitions/ios.yaml

Danis_Kng · 7 July 2020 11:21

Hi
Did you fix this?

Oblikhan · 7 July 2020 14:34

Hey Danis,

So this issue was resolved for me after I completely deleted out the API and recreated it under my own user rather than a service account user, but the Authentication portion of the config file is exactly the same. I log into LibreNMS each day with my user, so maybe that is the difference?

Honestly, it’s been long enough that it may have coincided with an update to LibreNMS, but I basically remember playing with it until it worked.