LDAP Authentication is working and I am also able to login on LibreNME Web Console. But After Logging into Web console, I dont have any rights. I am member of GROUP_RW group still no rights. I dont see any devices.

./validate.php

[OK] Composer Version: 2.6.4
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQl and PHP time match
[OK] Active pollers found
[OK] Dispatcher Service is enabled
[OK] Locks are functional
[OK] Python wrapper cron entry is not present
[OK] Redis is unavailable
[OK] rrd_dir is writable
[OK] rrdtool version ok

./scripts/auth_test.php -u amit
Authentication Method: ldap
Password:
Authenticate user amit:
AUTH SUCCESS

User (1234567):
username => amit
realname => Batham Amit
user_id => 1234567
email => yxz.com
level => 10
Groups: ; cn=GROUP_RW,ou=Groups,o=ABC; cn=GROUP_RO,ou=Groups,o=ABC

grep auth_ config.php
#$config[‘auth_mechanism’] = “mysql”; # default, other options: ldap, http-auth
#$config[‘http_auth_guest’] = “guest”; # remember to configure this user if you use http-auth
$config[‘auth_mechanism’] = ‘ldap’;
$config[‘auth_ldap_server’] = ‘ldaps://ABC.com’;
$config[‘auth_ldap_suffix’] = ‘,ou=Internal,ou=People,o=ABC’;
$config[‘auth_ldap_groupbase’] = ‘ou=Groups,o=ABC’;
$config[‘auth_ldap_groups’][‘GROUP_RW’][‘level’] = 10;
$config[‘auth_ldap_groups’][‘GROUP_RO’][‘level’] = 5;
$config[‘auth_ldap_userdn’] = true;
$config[‘auth_ldap_prefix’] = ‘uid=’;
$config[‘auth_ldap_dn_prefix’] = ‘employeeNumber=’;
$config[‘auth_ldap_groupmemberattr’] = ‘member’;
$config[‘auth_ldap_uid_attribute’] = ‘employeeNumber’;
$config[‘auth_ldap_userlist_filter’] = ‘&(objectclass=person)(|(abcMemberOf=GROUP_RW)(abcMemberOf=GROUP_RO))’;
$config[‘auth_ldap_binddn’] = ‘cn=dnuser,ou=SystemUsers,ou=Accounts,o=ABC’;
$config[‘auth_ldap_bindpassword’] = ‘xxxxxxxxxx’;
$config[‘auth_ldap_bindanonymous’] = FALSE;

grep -Ew getUser LibreNMS/Authentication/LdapAuthorizer.php -A10
public function getUser($user_id)
{
$connection = $this->getLdapConnection();

    $filter = '(' . Config::get('auth_ldap_prefix') . $this->userloginname . ')';
    if (Config::get('auth_ldap_userlist_filter') != null) {
        $filter = '(' . Config::get('auth_ldap_userlist_filter') . ')';
    }

    $search = ldap_search($connection, trim(Config::get('auth_ldap_suffix'), ','), $filter);
    $entries = ldap_get_entries($connection, $search);

Something is wrong because this doesn’t exist in the current code even though your validate claims to be the latest release.

Thank you for Reply !!

Its working now with level = 10 value .

I changed below function in /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php file

Original :

protected function getFullDn($username)
{
return Config::get(‘auth_ldap_prefix’, ‘’) . $username . Config::get(‘auth_ldap_suffix’, ‘’);
}

Changed to :

protected function getFullDn($username)
{
// $user_id added and auth_ldap_dn_prefix variable to handle company Ldap Config
$user_id = $this->getUserid($username);
return Config::get(‘auth_ldap_dn_prefix’, ‘’) . $user_id . Config::get(‘auth_ldap_suffix’, ‘’);
//return Config::get(‘auth_ldap_prefix’, ‘’) . $username . Config::get(‘auth_ldap_suffix’, ‘’);
}