Hi, I am having issues to use Active directory Authentication using Group access
root@i-02ec7dd6c1177d928:/opt/librenms/scripts# ./auth_test.php -u test -d -v
Authentication Method: active_directory
Reporting disabled by user setting
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/ldap/ldap.conf
ldap_init: using /etc/ldap/ldap.conf
ldap_init: HOME env is /root
ldap_init: trying /root/ldaprc
ldap_init: trying /root/.ldaprc
ldap_init: trying ldaprc
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_url_parse_ext(ldap://usaaws-dc01.orchest.net)
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP usaaws-dc01.orchest.net:389
ldap_new_socket: 6
ldap_prepare_socket: 6
ldap_connect_to_host: Trying 10.10.50.239:389
ldap_pvt_connect: fd: 6 tm: 5 async: 0
ldap_ndelay_on: 6
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 6 tm: 5
ldap_is_sock_ready: 6
ldap_ndelay_off: 6
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x55ee1ce958a0 msgid 1
wait4msg ld 0x55ee1ce958a0 msgid 1 (infinite timeout)
wait4msg continue ld 0x55ee1ce958a0 msgid 1 all 1
** ld 0x55ee1ce958a0 Connections:
* host: usaaws-dc01.orchest.net port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Nov 28 01:50:35 2023
** ld 0x55ee1ce958a0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x55ee1ce958a0 request count 1 (abandoned 0)
** ld 0x55ee1ce958a0 Response Queue:
Empty
ld 0x55ee1ce958a0 response count 0
ldap_chkResponseList ld 0x55ee1ce958a0 msgid 1 all 1
ldap_chkResponseList returns ld 0x55ee1ce958a0 NULL
ldap_int_select
read1msg: ld 0x55ee1ce958a0 msgid 1 all 1
read1msg: ld 0x55ee1ce958a0 msgid 1 message type bind
read1msg: ld 0x55ee1ce958a0 0 new referrals
read1msg: mark request completed, ld 0x55ee1ce958a0 msgid 1
request done: ld 0x55ee1ce958a0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55ee1ce958a0 msgid 2
wait4msg ld 0x55ee1ce958a0 msgid 2 (infinite timeout)
wait4msg continue ld 0x55ee1ce958a0 msgid 2 all 1
** ld 0x55ee1ce958a0 Connections:
* host: usaaws-dc01.orchest.net port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Nov 28 01:50:35 2023
** ld 0x55ee1ce958a0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x55ee1ce958a0 request count 1 (abandoned 0)
** ld 0x55ee1ce958a0 Response Queue:
Empty
ld 0x55ee1ce958a0 response count 0
ldap_chkResponseList ld 0x55ee1ce958a0 msgid 2 all 1
ldap_chkResponseList returns ld 0x55ee1ce958a0 NULL
ldap_int_select
read1msg: ld 0x55ee1ce958a0 msgid 2 all 1
read1msg: ld 0x55ee1ce958a0 msgid 2 message type bind
read1msg: ld 0x55ee1ce958a0 0 new referrals
read1msg: mark request completed, ld 0x55ee1ce958a0 msgid 2
request done: ld 0x55ee1ce958a0 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ldap_msgfree
AD bind success
Password:
Authenticate user test:
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55ee1ce958a0 msgid 3
wait4msg ld 0x55ee1ce958a0 msgid 3 (infinite timeout)
wait4msg continue ld 0x55ee1ce958a0 msgid 3 all 1
** ld 0x55ee1ce958a0 Connections:
* host: usaaws-dc01.orchest.net port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Nov 28 01:50:39 2023
** ld 0x55ee1ce958a0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x55ee1ce958a0 request count 1 (abandoned 0)
** ld 0x55ee1ce958a0 Response Queue:
Empty
ld 0x55ee1ce958a0 response count 0
ldap_chkResponseList ld 0x55ee1ce958a0 msgid 3 all 1
ldap_chkResponseList returns ld 0x55ee1ce958a0 NULL
ldap_int_select
read1msg: ld 0x55ee1ce958a0 msgid 3 all 1
read1msg: ld 0x55ee1ce958a0 msgid 3 message type bind
read1msg: ld 0x55ee1ce958a0 0 new referrals
read1msg: mark request completed, ld 0x55ee1ce958a0 msgid 3
request done: ld 0x55ee1ce958a0 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
Error: LibreNMS\Exceptions\AuthenticationException thrown!
User is not in one of the required groups or user/group is outside the base dn
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed
ubuntu@i-02ec7dd6c1177d928:/opt/librenms$ ./validate.php
Component | Version |
---|---|
LibreNMS | 23.11.0 (2023-11-18T00:15:03+00:00) |
DB Schema | 2023_11_21_172239_increase_vminfo.vmwvmguestos_column_length (274) |
PHP | 8.2.13 |
Python | 3.8.10 |
Database | MariaDB 10.3.38-MariaDB-0ubuntu0.20.04.1 |
RRDTool | 1.7.2 |
SNMP | 5.8 |
=========================================== |
[OK] Composer Version: 2.6.5
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database Schema is current
[OK] SQL Server meets minimum requirements
[OK] lower_case_table_names is enabled
[OK] MySQL engine is optimal
[OK] Database and column collations are correct
[OK] Database schema correct
[OK] MySQl and PHP time match
[OK] Active pollers found
[OK] Dispatcher Service not detected
[OK] Locks are functional
[OK] Python poller wrapper is polling
[OK] Redis is unavailable
[WARN] Could not check Python dependencies because this script is not running as librenms
[FIX]:
The install docs show how this is done on a new install: Installing LibreNMS - LibreNMS Docs
[OK] rrd_dir is writable
[OK] rrdtool version ok
DistinguishedName : CN=librenms-admin,OU=Groups,DC=orchest,DC=net
GroupCategory : Security
GroupScope : Global
Name : librenms-admin
ObjectClass : group
ObjectGUID : 4fe7c2a4-92b7-4739-8a83-3c9b650fc0e7
SamAccountName : librenms-admin
SID : S-1-5-21-3178212107-2497674231-1792966716-1127
cmdlet Get-ADGroupMember at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Identity: librenms-admin
distinguishedName : CN=test,CN=Users,DC=orchest,DC=net
name : test
objectClass : user
objectGUID : 6bf567bb-a4ba-482a-94c0-e757a0dff7ef
SamAccountName : test
SID : S-1-5-21-3178212107-2497674231-1792966716-1129