I was wandering if anyone has gotten LibreNMS to authenticate against a FreeIPA implementation of LDAP. If so, could you share your config. My non-working config is as follows:
$config[‘auth_mechanism’] = ‘ldap’;
$config[‘auth_ldap_server’] = ‘ipa.example.local’;
$config[‘auth_ldap_suffix’] = ‘,cn=users,cn=accounts,dc=example,dc=local’;
$config[‘auth_ldap_prefix’] = “uid=”;
$config[‘auth_ldap_groupbase’] = ‘cn=groups,cn=accounts,dc=example,dc=local’;
$config[‘auth_ldap_groups’][‘admins’][‘level’] = 10;
$config[‘auth_ldap_groupmemberattr’] = ‘memberOf’;
$config[‘auth_ldap_uid_attribute’] = ‘uidNumber’;
Output from auth_test.php -l
Authentication Method: ldap
Users: (0), admin (1463200000), jvdst1 (1463200001)
Total users: 3
Output from auth_test.php -u jvdst1 (using a known good password)
Authentication Method: ldap
Password: *********
Authenticate user jvdst1:
Error: LibreNMS\Exceptions\AuthenticationException thrown!
Compare False
Output from auth_test.php -u jvdst1 (using a wrong password)
Authentication Method: ldap
Password: *************
Authenticate user jvdst1:
Error: LibreNMS\Exceptions\AuthenticationException thrown!
Invalid credentials
Logs from my IPA server:
[26/Nov/2018:00:17:49.243830898 +0000] conn=299795 fd=121 slot=121 connection from 10.10.100.32 to 10.10.100.30
[26/Nov/2018:00:17:49.244220827 +0000] conn=299795 op=0 BIND dn=“uid=jvdst1,cn=users,cn=accounts,dc=example,dc=local” method=128 version=3
[26/Nov/2018:00:17:49.245422404 +0000] conn=299795 op=0 RESULT err=0 tag=97 nentries=0 etime=0.0001502331 dn=“uid=jvdst1,cn=users,cn=accounts,dc=example,dc=local”
[26/Nov/2018:00:17:49.245937073 +0000] conn=299795 op=1 CMP dn=“cn=admin,cn=groups,cn=accounts,dc=example,dc=local” attr=“memberOf”
[26/Nov/2018:00:17:49.246208351 +0000] conn=299795 op=1 RESULT err=32 tag=111 nentries=0 etime=0.0000367137
[26/Nov/2018:00:17:49.246653693 +0000] conn=299795 op=2 CMP dn=“cn=pfy,cn=groups,cn=accounts,dc=example,dc=local” attr=“memberOf”
[26/Nov/2018:00:17:49.246908772 +0000] conn=299795 op=2 RESULT err=32 tag=111 nentries=0 etime=0.0000325050
[26/Nov/2018:00:17:49.247356293 +0000] conn=299795 op=3 CMP dn=“cn=support,cn=groups,cn=accounts,dc=example,dc=local” attr=“memberOf”
[26/Nov/2018:00:17:49.247591052 +0000] conn=299795 op=3 RESULT err=32 tag=111 nentries=0 etime=0.0000300139
[26/Nov/2018:00:17:49.248121477 +0000] conn=299795 op=4 CMP dn=“cn=admins,cn=groups,cn=accounts,dc=example,dc=local” attr=“memberOf”
[26/Nov/2018:00:17:49.248300938 +0000] conn=299795 op=4 RESULT err=5 tag=111 nentries=0 etime=0.0000246744
[26/Nov/2018:00:17:49.249471598 +0000] conn=299795 op=5 UNBIND
[26/Nov/2018:00:17:49.249495041 +0000] conn=299795 op=5 fd=121 closed - U1
[26/Nov/2018:00:18:01.659242852 +0000] conn=299770 op=30 SRCH base=“cn=accounts,dc=example,dc=local” scope=2 filter="(&(uid=librenms)(objectClass=posixAccount)(&(uidNumber=)(!(uidNumber=0))))" attrs=“objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary mail”
[26/Nov/2018:00:18:01.659683076 +0000] conn=299770 op=30 RESULT err=0 tag=101 nentries=0 etime=0.0000776439
[26/Nov/2018:00:18:01.662199491 +0000] conn=299770 op=31 SRCH base=“cn=accounts,dc=example,dc=local” scope=2 filter="(&(uid=librenms)(objectClass=posixAccount)(&(uidNumber=)(!(uidNumber=0))))" attrs=“objectClass uid userPassword uidNumber gidNumber gecos homeDirectory loginShell krbPrincipalName cn memberOf ipaUniqueID ipaNTSecurityIdentifier modifyTimestamp entryusn shadowLastChange shadowMin shadowMax shadowWarning shadowInactive shadowExpire shadowFlag krbLastPwdChange krbPasswordExpiration pwdattribute authorizedService accountexpires useraccountcontrol nsAccountLock host logindisabled loginexpirationtime loginallowedtimemap ipaSshPubKey ipaUserAuthType usercertificate;binary mail”
[26/Nov/2018:00:18:01.662388773 +0000] conn=299770 op=31 RESULT err=0 tag=101 nentries=0 etime=0.0002640777
Thanks for taking a look!