No Admin Role from AD Group

Help
1

Hi,

I’m configuring AD authentication, and roles seem to be applying correctly through auth_test.php but not making it to the web UI. In this output I have global-read from $config[‘auth_ad_global_read’] = 1 in my config.php, and admin from group membership.

AD bind success
Password: 
Authenticate user ...: 
AUTH SUCCESS

User (...):
  user_id => ...
  username => ...
  realname => ...
  email => ...
  descr => 
  can_modify_passwd => 0
Groups: CN=LibreNMS Admin,OU=...
Roles: global-read; admin

image

I was looking through prior posts, and I’m not sure whether there was a transition from “level” to “role” for the AD config. The docs say to use lnms config:set auth_ad_groups.ad-admingroup.level 10. When I try to set that, I’m told that auth_ad_groups.ad-admingroup.roles is required. I set the role through the web UI, but permissions aren’t carrying over before or after setting level 10 manually.

$ lnms config:get auth_ad_groups
{
    "LibreNMS Admin": {
        "roles": [
            "admin"
        ],
        "level": 10
    }
}

Anyone have an idea of what I’m doing wrong?

2

Any ideas on creating a cron job or login event to modify permissions based on a username list (i.e. admins = [x, y, z])? I’m looking through the database and not entirely clear on how permissions are handled on the backend. I can modify a user’s roles manually via a session-saved admin account, and that role is saved until the user’s next login. The users table has an auth_id column but nothing with explicit permissions.