Hello, new on this community, i hope i will find some help.
I’m trying to configure ldap active_directory authentication. All seems well configured but i still have the erro message "PHP does not support LDAP, please install or enable the PHP LDAP extension "
./validate.php
Component |
Version |
LibreNMS |
1.52-70-gf3ba894 |
DB Schema |
2019_05_30_225937_device_groups_rewrite (135) |
PHP |
7.2.24-1+0~20191026.31+debian8~1.gbpbbacde |
MySQL |
5.5.62-0+deb8u1 |
RRDTool |
1.4.8 |
SNMP |
NET-SNMP 5.7.2.1 |
==================================== |
|
[OK] Composer Version: 1.9.2
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
[WARN] IPv6 is disabled on your server, you will not be able to add IPv6 devices.
[WARN] Your install is over 24 hours out of date, last update: Sun, 23 Jun 2019 05:29:12 +0000
[FIX]:
Make sure your daily.sh cron is running and run ./daily.sh by hand to see if there are any errors.
root@monitoring2 /opt/librenms ./daily.sh
Re-running /opt/librenms/daily.sh as librenms user
Updating SQL-Schema OK
Cleaning up DB OK
and authent script works too ./scripts/auth_test.php -d -u mnfd56dca
Authentication Method: active_directory
Success
Could not bind to AD, you will not be able to use the API or alert AD users
Password:
Authenticate user mnfd56dca:
AUTH SUCCESS
User (1105):
user_id => 1105
username => mnfd56dca
realname => mnfd56dca
email => [email protected]
descr =>
level => 10
can_modify_passwd => 0
Groups: CN=Librenms,CN=Users,DC=manifone,DC=corp
So i don’t understand where i’m wrong.
config.php file
$config[‘auth_mechanism’] = “active_directory”;
$config[‘auth_ad_check_certificates’] = 0;
$config[‘auth_ad_url’] = “ldaps://manifone-dc01.manifone.corp ldaps://manifone-dc02.manifone.corp”; // you can add multiple servers
$config[‘auth_ad_domain’] = “manifone.corp”;
$config[‘auth_ad_base_dn’] = “dc=manifone,dc=corp”; //base DN
$config[‘auth_ad_binduser’] = ‘xxxxx’;
$config[‘auth_ad_bindpassword’] = ‘xxxxxx’;
$config[‘auth_ad_timeout’] = 5;
$config[‘auth_ad_debug’] = false; //no need
$config[‘active_directory’][‘users_purge’] = 30;
$config[‘auth_ad_require_groupmembership’] = true;
$config[‘auth_ad_groups’][‘Librenms’][‘level’] = 10;
$config[‘auth_ad_user_filter’] = “(objectclass=user)”;
$config[‘auth_ad_group_filter’] = “(objectclass=group)”;
Is the php-ldap module installed?
yes
dpkg -l | grep ldap
ii ldap-utils 2.4.40+dfsg-1+deb8u4 amd64 OpenLDAP utilities
ii libaprutil1-ldap:amd64 1.5.4-1 amd64 Apache Portable Runtime Utility Library - LDAP Driver
ii libldap-2.4-2:amd64 2.4.40+dfsg-1+deb8u4 amd64 OpenLDAP libraries
ii php-ldap 2:7.3+70+0~20190814.17+debian8~1.gbp1e7da2 all LDAP module for PHP [default]
ii php7.0-ldap 7.0.33-12+0~20191026.23+debian8~1.gbp940de0 amd64 LDAP module for PHP
ii php7.2-ldap 7.2.24-1+0~20191026.31+debian8~1.gbpbbacde amd64 LDAP module for PHP
ii php7.3-ldap 7.3.11-1+0~20191026.48+debian8~1.gbpf71ca0 amd64 LDAP module for PHP
Hello, coming back on my topic and still facing issue with AD authentication.
I cleaned a bit the php7-ldap packages to keep only the good one. I did some test with auth_test.php and i’m able to authenticate , i only have a could not bind to AD message.
But when i triy to connect in the interface i still have the message “PHP does not support LDAP, please install or enable the PHP LDAP extension”
Any idea on this ?
Did you enable the module? phpenmod.
Hi John,
when i type : phpenmod php7.2-ldap
WARNING: Module php7.2-ldap ini file doesn’t exist under /etc/php/7.2/mods-available
WARNING: Module php7.2-ldap ini file doesn’t exist under /etc/php/7.2/mods-available
WARNING: Module php7.2-ldap ini file doesn’t exist under /etc/php/7.1/mods-available
WARNING: Module php7.2-ldap ini file doesn’t exist under /etc/php/7.1/mods-available
WARNING: Module php7.2-ldap ini file doesn’t exist under /etc/php/7.0/mods-available
WARNING: Module php7.2-ldap ini file doesn’t exist under /etc/php/7.0/mods-available
and when i type :phpenmod ldap
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.1/mods-available
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.1/mods-available
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.0/mods-available
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.0/mods-available
but : dpkg -l | grep ldap
ii ldap-utils 2.4.40+dfsg-1+deb8u4 amd64 OpenLDAP utilities
ii libaprutil1-ldap:amd64 1.5.4-1 amd64 Apache Portable Runtime Utility Library - LDAP Driver
ii libldap-2.4-2:amd64 2.4.40+dfsg-1+deb8u4 amd64 OpenLDAP libraries
ii php7.2-ldap 7.2.28-4+0~20200224.38+debian8~1.gbp1ca010 amd64 LDAP module for PHP
a2enmod ldap
Module ldap already enabled
php -m | grep ldap
ldap
ldap module is enabled
command listing the pkg
apt-cache pkgnames | grep ldap | grep php
php-net-ldap2
php-net-ldap3
php-horde-ldap
php7.4-ldap
php5.6-ldap
php7.3-ldap
php5-ldap
php7.2-ldap
phpldapadmin
php7.1-ldap
php-ldap
php7.0-ldap
php-net-ldap
a2enmod if for Apache modules. phpenmod ldap should enable the pdp LDAP module. It looks like you are missing /etc/php/7.2/mods-available/ldap.ini, which should look like:
; configuration for php ldap module
; priority=20
extension=ldap.so
phpenmod ldap
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.1/mods-available
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.1/mods-available
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.0/mods-available
WARNING: Module ldap ini file doesn’t exist under /etc/php/7.0/mods-available
root@monitoring2 ~ cat /etc/php/7.2/mods-available/ldap.ini
; configuration for php ldap module
; priority=20
extension=ldap.so
phpenmod doesn’t see php/7.2 ?