LDAP config breaks WebUI

Help
1

Hello,

When trying to implement LDAP authentication per docs - The webui completely fails with the example JumpCloud configuration. I can’t see anything in any error log, the PHP LDAP perquisites are installed.

Could I get any pointers as to where I need to look to debug this? There’s nothing helpful in /opt/librenms/logs/error_log or /opt/librenms/logs/librenms.log

$config['auth_mechanism'] = "ldap"; # default, other options: ldap, http-auth
unset($config['auth_ldap_group']);
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['operations-team']['level'] = 10;
$config['auth_ldap_version'] = 3; # v2 or v3
$config['auth_ldap_server'] = "ldap.jumpcloud.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",ou=Users,o=000aaa999ccc888fff,dc=jumpcloud,dc=com";
$config['auth_ldap_groupbase'] = "cn=operations-team,ou=Users,o=000aaa999ccc888fff,dc=jumpcloud,dc=com";
$config['auth_ldap_groupmemberattr'] = "memberUid";

[root@mon001 librenms]# ./validate.php 
====================================
Component | Version
--------- | -------
LibreNMS  | 1.31.03-30-g9cafcb6
DB Schema | 206
PHP       | 7.0.22
MySQL     | 5.5.52-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Database connection successful
[OK]    Database schema correct
2

https://docs.librenms.org/Extensions/Authentication/#testing-authentication

3

Thank you - that doesn’t return any errors.
The configuration however does break the web interface.

Is there anyway to debug that to see what’s preventing the web interface from working when set to ldap?

-bash-4.2$ ./scripts/auth_test.php -u TESTUSER -d -v
SQL[SET NAMES 'utf8'] 
SQL[SET CHARACTER SET 'utf8'] 
SQL[SET COLLATION_CONNECTION = 'utf8_unicode_ci'] 
SQL[SELECT `config_name`,`config_value` FROM `config`] 
SQL[select * from graph_types] 
SQL[SELECT DISTINCT(`os`) FROM `devices`] 
SQL[DELETE FROM `session` WHERE `session_expiry` <  '1505302330'] 
Authentication Method: ldap
Password: 
Authenticate user TESTUSER: 
AUTH SUCCESS

User:
Groups: cn=GROUP,cn=GROUP,ou=Users,o=aaaa11110000111100001111,dc=jumpcloud,dc=com
4

https://docs.librenms.org/Support/FAQ/#how-do-i-debug-pages-not-loading-correctly

What does completely fails mean? If you mean it’s a white page then it’s usually max mem, a config issue or you don’t have a php module required to be loaded.

6

Have you followed the faq link?

7

@laf Yes, I have, thank-you.
The server was immediately closing the connection so /debug=yes/ was of little value.

I restarted with service php-fpm restart and it has resolved the issue for the interface.

I am now getting Invalid Credentials when logging in with a valid user. I’ve re-tested with ./scripts/auth_test.php and the user can auth.

I assume the group “operations-team” is not receiving the privilege that it should?

47 AM

8

Not sure you’re around anymore but we have an updated PR you can test for ldap: https://github.com/librenms/librenms/pull/7335

After that unfortunately I have no other suggestions.

1 Like