Hello
I have implemented a working authorisation with Active Directory but I keep getting the error “Could not bind to AD, you will not be able to use the API or alert AD users” when using auth_test.php.
With “$config[‘auth_ad_require_groupmembership’] = false;” I am even able to login as my binduser successfully.
So I am a bit perplexed. Can anybody help?
Part of auth_test.php output:
** ld 0x55b33eb10810 Connections:
- host: srv-801.example.se port: 636 (default)
refcnt: 2 status: Connected
last used: Mon Sep 21 12:01:59 2020
** ld 0x55b33eb10810 Outstanding Requests:
- msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x55b33eb10810 request count 1 (abandoned 0)
** ld 0x55b33eb10810 Response Queue:
Empty
ld 0x55b33eb10810 response count 0
ldap_chkResponseList ld 0x55b33eb10810 msgid 1 all 1
ldap_chkResponseList returns ld 0x55b33eb10810 NULL
ldap_int_select
read1msg: ld 0x55b33eb10810 msgid 1 all 1
read1msg: ld 0x55b33eb10810 msgid 1 message type bind
read1msg: ld 0x55b33eb10810 0 new referrals
read1msg: mark request completed, ld 0x55b33eb10810 msgid 1
request done: ld 0x55b33eb10810 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x55b33eb10810 msgid 2
wait4msg ld 0x55b33eb10810 msgid 2 (infinite timeout)
wait4msg continue ld 0x55b33eb10810 msgid 2 all 1
** ld 0x55b33eb10810 Connections: - host: srv-801.example.se port: 636 (default)
refcnt: 2 status: Connected
last used: Mon Sep 21 12:01:59 2020
** ld 0x55b33eb10810 Outstanding Requests:
- msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x55b33eb10810 request count 1 (abandoned 0)
** ld 0x55b33eb10810 Response Queue:
Empty
ld 0x55b33eb10810 response count 0
ldap_chkResponseList ld 0x55b33eb10810 msgid 2 all 1
ldap_chkResponseList returns ld 0x55b33eb10810 NULL
ldap_int_select
read1msg: ld 0x55b33eb10810 msgid 2 all 1
read1msg: ld 0x55b33eb10810 msgid 2 message type bind
read1msg: ld 0x55b33eb10810 0 new referrals
read1msg: mark request completed, ld 0x55b33eb10810 msgid 2
request done: ld 0x55b33eb10810 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
ldap_parse_result
ldap_msgfree
ldap_err2string
Success
Could not bind to AD, you will not be able to use the API or alert AD users
ldap_search_ext
put_filter: “(&(objectclass=group)(samaccountname=LibreNMS - Admins))”
config.php:
$config[‘auth_mechanism’] = “active_directory”; # default, other options: mysql, ldap, http-auth, active_directory
#$config[‘http_auth_guest’] = “guest”; # remember to configure this user if you use http-auth
$config[‘auth_ad_url’] = ‘ldaps://srv-801.example.se ldaps://srv-802.example.se ldaps://srv-803.example.se’; // Set server(s), space separated. Prefix with ldaps:// for ssl
$config[‘auth_ad_domain’] = ‘example.se’;
$config[‘auth_ad_base_dn’] = ‘dc=example,dc=se’; // groups and users must be under this dn
$config[‘auth_ad_check_certificates’] = true; // require a valid ssl certificate
$config[‘auth_ad_binduser’] = ‘svclib’; // bind user (non-admin)
$config[‘auth_ad_bindpassword’] = ‘password!’; // bind password
$config[‘auth_ad_timeout’] = 5; // time to wait before giving up (or trying the next server)
$config[‘auth_ad_debug’] = true; // enable for verbose debug messages
$config[‘active_directory’][‘users_purge’] = 30; // purge users who haven’t logged in for 30 days.
$config[‘auth_ad_require_groupmembership’] = false; // false: allow all users to auth level 0
$config[‘auth_ad_groups’][‘LibreNMS - Admins’][‘level’] = 10; // set the “AD AdminGroup” group to admin level
$config[‘auth_ad_groups’][‘LibreNMS - Users’][‘level’] = 5; // set the “AD UserGroup” group to global read only level
====================================
**Component | Version** |
---|---|
LibreNMS | 1.67-49-g8ec9183df |
DB Schema | 2020_08_28_212054_drop_uptime_column_outages (173) |
PHP | 7.4.3 |
Python | 3.8.2 |
MySQL | 10.3.22-MariaDB-1ubuntu1 |
RRDTool | 1.7.2 |
SNMP | NET-SNMP 5.8 |
====================================
[OK] Composer Version: 1.10.13
[OK] Dependencies up-to-date.
[OK] Database connection successful
[OK] Database schema correct