LDAP config breaks WebUI


When trying to implement LDAP authentication per docs - The webui completely fails with the example JumpCloud configuration. I can’t see anything in any error log, the PHP LDAP perquisites are installed.

Could I get any pointers as to where I need to look to debug this? There’s nothing helpful in /opt/librenms/logs/error_log or /opt/librenms/logs/librenms.log

$config['auth_mechanism'] = "ldap"; # default, other options: ldap, http-auth
$config['auth_ldap_groups']['operations-team']['level'] = 10;
$config['auth_ldap_version'] = 3; # v2 or v3
$config['auth_ldap_server'] = "ldap.jumpcloud.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",ou=Users,o=000aaa999ccc888fff,dc=jumpcloud,dc=com";
$config['auth_ldap_groupbase'] = "cn=operations-team,ou=Users,o=000aaa999ccc888fff,dc=jumpcloud,dc=com";
$config['auth_ldap_groupmemberattr'] = "memberUid";
[[email protected] librenms]# ./validate.php 
Component | Version
--------- | -------
LibreNMS  | 1.31.03-30-g9cafcb6
DB Schema | 206
PHP       | 7.0.22
MySQL     | 5.5.52-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2

[OK]    Database connection successful
[OK]    Database schema correct


Thank you - that doesn’t return any errors.
The configuration however does break the web interface.

Is there anyway to debug that to see what’s preventing the web interface from working when set to ldap?

-bash-4.2$ ./scripts/auth_test.php -u TESTUSER -d -v
SQL[SET NAMES 'utf8'] 
SQL[SET COLLATION_CONNECTION = 'utf8_unicode_ci'] 
SQL[SELECT `config_name`,`config_value` FROM `config`] 
SQL[select * from graph_types] 
SQL[SELECT DISTINCT(`os`) FROM `devices`] 
SQL[DELETE FROM `session` WHERE `session_expiry` <  '1505302330'] 
Authentication Method: ldap
Authenticate user TESTUSER: 

Groups: cn=GROUP,cn=GROUP,ou=Users,o=aaaa11110000111100001111,dc=jumpcloud,dc=com


What does completely fails mean? If you mean it’s a white page then it’s usually max mem, a config issue or you don’t have a php module required to be loaded.

This post was flagged by the community and is temporarily hidden.

Have you followed the faq link?

@laf Yes, I have, thank-you.
The server was immediately closing the connection so /debug=yes/ was of little value.

I restarted with service php-fpm restart and it has resolved the issue for the interface.

I am now getting Invalid Credentials when logging in with a valid user. I’ve re-tested with ./scripts/auth_test.php and the user can auth.

I assume the group “operations-team” is not receiving the privilege that it should?

47 AM

Not sure you’re around anymore but we have an updated PR you can test for ldap: https://github.com/librenms/librenms/pull/7335

After that unfortunately I have no other suggestions.

1 Like