LDAP Authentication Issues

I have migrated the LibreNMS from the docker container to the standalone server. However, after setting it up on CentOS 7 Platform using the guide provided by your site, I ported over the database and did the upgrade to the current version. After doing the necessary steps for updating the configuration to the new version, I went to re-add the LDAP Authenitication and I found it does not work anymore.

Here is the old version which it works vs the current version:

Original:

$ ./validate.php

Component Version
LibreNMS 1.36
DB Schema ?
PHP 7.2.1-1+ubuntu16.04.1+deb.sury.org+1
MySQL ?
RRDTool 1.5.5
SNMP NET-SNMP 5.7.3
====================================

Current:

-bash-4.2$ ./validate.php

Component Version
LibreNMS 1.54
DB Schema 2019_07_03_132417_create_mpls_saps_table (177)
PHP 7.2.19
MySQL 10.3.13-MariaDB
RRDTool 1.6.0
SNMP NET-SNMP 5.7.2
====================================

The main issue is that the auth_test.php shows it can authenticate and fetch the users list, but when it comes to authentication by passwords, it always keep throwing this error and from the logs, it shows it to be error in authentication by password.

-bash-4.2$ ./auth_test.php -u rrademacher
Authentication Method: mysql
Password:
Authenticate user rrademacher:
Error: LibreNMS\Exceptions\AuthenticationException thrown!
Invalid credentials

auth_test.php -l

-bash-4.2$ ./auth_test.php -l
Authentication Method: ldap
Users: (0), davidp (1009), cterry (1004), rrademacher (1010), syedi (1011), agolestan (1014), sahn (1002), YunaLee (1005), TanasiaD (1036), JayK (1040), TonyHong (1045), DongEekRhee (1047), WonJinKim (1048), alee (1003)
Total users: 14

Under the docker system, it works correctly under the old LibreNMS version. Both LibreNMS systems are authenticating to the same OpenLDAP server and the current LibreNMS have issues with authentication for it.

Did you copy the config from the old server exactly?

Yes, same config.php as it was before. Note that when I tested it using the test_auth.php -l, it returned all the users available which indicate that it works, but when trying to authenticate as the user, it fails.

Does the user have search access on ldap?

Howdy,

It should be after authentication by the master account for it. This is the snippet of our settings.

//$config[‘auth_mechanism’] = ‘ldap’;
$config[‘auth_ldap_version’] = 3; # v2 or v3
$config[‘auth_ldap_server’] = ‘205.234.124.174’;
$config[‘auth_ldap_port’] = 389;
$config[‘auth_ldap_prefix’] = ‘uid=’;
$config[‘auth_ldap_suffix’] = ‘,cn=Staff,dc=micfo,dc=com’;
$config[‘auth_ldap_group’] = ‘cn=groupname,ou=Groups,dc=micfo,dc=com’;
$config[‘auth_ldap_groupbase’] = ‘ou=Groups,dc=micfo,dc=com’;
$config[‘auth_ldap_groups’][‘configadmins’][‘level’] = 10;
$config[‘auth_ldap_groups’][‘netadmins’][‘level’] = 7;
$config[‘auth_ldap_groups’][‘employee’][‘level’] = 5;

$config[‘auth_ldap_groupmemberattr’] = ‘memberUid’;
$config[‘auth_ldap_uid_attribute’] = ‘uidNumber’;

$config[‘auth_ldap_binddn’] = ‘cn=Manager,dc=micfo,dc=com’;
$config[‘auth_ldap_bindpassword’] = ‘xxxxxxxxxxxxxxx’;

And here is the access ACL for the LDAP:

dn: olcDatabase={2}hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {2}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=micfo,dc=com
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn=“cn
=admin,dc=micfo,dc=com” write by anonymous auth by * none
olcAccess: {1}to * by self write by dn=“cn=admin,dc=micfo,dc=com” write by *
none
olcRootDN: cn=Manager,dc=micfo,dc=com
olcRootPW:: Commented Out
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq,pres
olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub
olcDbIndex: uid eq
olcDbIndex: memberOf eq
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
structuralObjectClass: olcHdbConfig

So as you can see, it have read access rights to go though the subtree for it with authentication.  However, I have noted that when I tested it using the auth_test.php -l it lists all the users in the Staff Subtree properly but everytime i try to test the user authentication, it fails saying invalid pass for any of the acconuts.

Anyone have any ideas on this? I would really appreciate help to get this resolved, so I can get this finished and off the tasklist to move on to other projects that need my attention for it.

Does anyone here actually have working implemention of the LibreNMS with OpenLDAP? If so, I would appreciate the OpenLDAP configuration and the config.php setup, since it seems it is in the minority on who is using this implemention.