LDAP not working

Guillermo_Colmena · 2 September 2019 14:14

After adding the LdapAuthorizer.php and configuring properly the config.php the ldap connection continues not working.

/opt/librenms/logs/librenms.log
[2019-09-02 14:10:25] production.ERROR: Auth Error (ldap): No user (-1)

The librenms website is reachable, but the ldap connection is being a problem. Any idea about this? I am starting to loose the patience. For me seems all ok, but something may be missing.

Elias · 2 September 2019 14:21

What is in your config? Without it it’s going to be quite hard to troubleshoot anything. Or you can start tcpdumping the traffic and looking at it.

Guillermo_Colmena · 2 September 2019 14:26

Hi Elias,

I have followed the standard configuration that was working few days ago:

Standard config

$config['auth_mechanism'] = 'ldap';
$config['auth_ldap_server'] = 'ldap.example.com';               // Set server(s), space separated. Prefix with ldaps:// for ssl
$config['auth_ldap_suffix'] = ',ou=People,dc=example,dc=com';   // appended to usernames
$config['auth_ldap_groupbase'] = 'ou=groups,dc=example,dc=com'; // all groups must be inside this
$config['auth_ldap_groups']['admin']['level'] = 10;             // set admin group to admin level
$config['auth_ldap_groups']['pfy']['level'] = 5;                // set pfy group to global read only level
$config['auth_ldap_groups']['support']['level'] = 1;            // set support group as a normal user

Also I used the /opt/librenms/Authentication/LdapAuthorizer.php standard one
https://github.com/librenms/librenms/blob/master/LibreNMS/Authentication/LdapAuthorizer.php

(This second part not 100% sure if needed)

Any further details that may be needed? It is strange. All this happened after fixing my db syncronizing it with librenms.

Guillermo_Colmena · 2 September 2019 14:29

Also not very sure if the LdapAuthorizer.php to use is the generic shown in the link above or may require some customization… ; /

Guillermo

Elias · 3 September 2019 08:09

I am using ldap auth with active directory backend and never changed or had to place any extra file, just used the standard source code. If you look here: https://docs.librenms.org/Extensions/Authentication/#ldap-authentication there is also no mention of having to do anything with the LdapAuthorizer.php file so not sure where that comes from.

But I have indeed an active directory config so it’s not directly comparable.

Guillermo_Colmena · 4 September 2019 15:06

Thank you very much Elias, the issue has been resolved. It took me a while to see which ones where the new ldap files.

Elias · 11 September 2019 11:00

Good to hear, glad that it’s resolved