Unable to login using ad-authorization

I’ve been trying to set up oxidized but was unable to get the API token to work. After some research i found out that if I needed to use ad_binduser for it to work properly with Active Directory authentication.

However I cannot get ad-authorization to work and I would appreciate som assistance.

About LibreNMS

Version 155d9de - Tue May 16 2017 06:13:07 GMT+0200
DB Schema #191
Web Server nginx/1.10.0
PHP 7.0.15-0ubuntu0.16.04.4
MySQL 10.0.29-MariaDB-0ubuntu0.16.04.1
RRDtool 1.5.5


Active Directory Configuration
$config[‘auth_mechanism’] = “ad-authorization”;
$config[‘auth_ad_url’] = “ldap://dc1.redacted.local ldap://dc2.redacted.local”;
$config[‘auth_ad_domain’] = “redacted.local”;
$config[‘auth_ad_base_dn’] = “dc=redacted,dc=local”;
$config[‘auth_ad_check_certificates’] = false;
$config[‘auth_ad_debug’] = false;
$config[‘auth_ad_require_groupmembership’] = true;
$config[‘auth_ad_groups’][‘sys.librenms.admin’][‘level’] = 10;
$config[‘auth_ad_binduser’] = “[email protected]”;
$config[‘auth_ad_bindpassword’] = “redacted”;
$config[‘auth_ldap_cache_ttl’] = 300;

I don’t use ad auth but try: ./scripts/auth_test.php

I get the same result with ad-authorization and active_directory using./scripts/auth_test.php
However active_directory work when logging into webgui and ad-authorization doesn’t.

./scripts/auth_test.php -u username -d -v
SQL[SELECT config_name,config_value FROM config]
SQL[select * from graph_types]
SQL[DELETE FROM session WHERE session_expiry < ‘1494936175’]
PHP Fatal error: Uncaught Error: Call to undefined function get_client_ip() in /opt/librenms/html/includes/authenticate.inc.php:83
Stack trace:
#0 /opt/librenms/includes/init.php(169): require()
#1 /opt/librenms/scripts/auth_test.php(29): require(’/opt/librenms/i…’)
#2 {main}
thrown in /opt/librenms/html/includes/authenticate.inc.php on line 83

I am getting the same error on centos7 new install.

That particular error is because we aren’t loading up the file with that function. I’ve submitted a fix to: https://github.com/librenms/librenms/pull/6660

Aside from that I don’t use ad auth so can’t help much further.

Here is my config.
Our AD servers allow anonymous bind for a username/pw challenge so I didn’t have to deal with a bind user or password.
I think the first line below might be your issue though. ‘active_directory’ versus ‘ad-auth…’

$config[‘auth_mechanism’] = “active_directory”; # default, other options: ldap, http-auth
$config[‘auth_ad_url’] = “ldap://10.x.x.x ldap://10.x.x.x”;
$config[‘auth_ad_domain’] = “domain”;
$config[‘auth_ad_base_dn’] = “dc=domain,dc=ad”;
$config[‘auth_ad_check_certificates’] = false; // require a valid ssl certificate
$config[‘auth_ad_debug’] = false; // enable for verbose debug messages
$config[‘active_directory’][‘users_purge’] = 30; // purge users who haven’t logged in for 30 days.
$config[‘auth_ad_require_groupmembership’] = 0; // require users to be members of a group listed below
$config[‘auth_ad_global_read’] = 1;
$config[‘auth_ad_groups’][‘My Group Name’][‘level’] = 10;

active_directory and ad-authorization doesn’t do the same thing.


What is the working config on apache site?
@anderssonpof Did you manage it?