I have setup AD authentication, and Users are able to login.
My users are able to see devices when I have this config in config.php
$config[‘auth_ad_require_groupmembership’] = false; // false: allow all users to auth level 0
$config[‘auth_ad_global_read’] = 1;
but when I try to use groups they start being added as normal users without access to any devices.
$config[‘auth_ad_require_groupmembership’] = true; // false: allow all users to auth level 0
$config[‘auth_ad_groups’][‘DEL-NET_LibreNMS_Admin’][‘level’] = 10; // set the “AD AdminGroup” group to admin level
$config[‘auth_ad_groups’][‘DEL-NET_LibreNMS_user’][‘level’] = 5; // set the “AD UserGroup” group to global read only level
====================================
Component | Version |
---|---|
LibreNMS | 1.55 |
DB Schema | 2019_07_09_150217_update_users_widgets_settings (140) |
PHP | 7.2.22 |
MySQL | 5.5.64-MariaDB |
RRDTool | 1.4.8 |
SNMP | NET-SNMP 5.7.2 |
==================================== |
[OK] Composer Version: 1.9.0
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct
When I verify access from CLI it seems fine.
./scripts/auth_test.php -u
Authentication Method: active_directory
Success
Could not bind to AD, you will not be able to use the API or alert AD users
Password:
Authenticate user :
AUTH SUCCESS
User (306309):
user_id => 306309
username =>
realname =>
email =>
descr =>
level => 5
can_modify_passwd => 0
But when I verify in the gui, the user isn’t created at global read user, instead it is created as normal user without access to any devices.