LDAP Groups Request

Anything that you think should be in Cacti.

Moderators: Developers, Moderators

Post Reply
rizlo100
Posts: 11
Joined: Fri Jul 08, 2011 12:24 pm

LDAP Groups Request

Post by rizlo100 »

Currently we are using OpenLDAP to auth users in cacti. There are some problems with this, mainly you still need to create the accounts within cacti and assign permissions.

I would like to be able to assign the cacti permissions to a group within my LDAP. That way, as long as users are part of that group, they can log in, and they get the permissions I've assigned in cacti to that group.


Unless I've completely missed something, this can't be done under the current version.
User avatar
gandalf
Developer
Posts: 22383
Joined: Thu Dec 02, 2004 2:46 am
Location: Muenster, Germany
Contact:

Re: LDAP Groups Request

Post by gandalf »

You can't offload permissions to LDAP, that's correct.
Best match would be to create different "template users".
IMHO, we have no plans to move that way ...
R.
User avatar
TheWitness
Developer
Posts: 17047
Joined: Tue May 14, 2002 5:08 pm
Location: MI, USA
Contact:

Re: LDAP Groups Request

Post by TheWitness »

The Domains plugin might help here.
True understanding begins only when we realize how little we truly understand...

Life is an adventure, let yours begin with Cacti!

Author of dozens of Cacti plugins and customization's. Advocate of LAMP, MariaDB, IBM Spectrum LSF and the world of batch. Creator of IBM Spectrum RTM, author of quite a bit of unpublished work and most of Cacti's bugs.
_________________
Official Cacti Documentation
GitHub Repository with Supported Plugins
Percona Device Packages (no support)
Interesting Device Packages


For those wondering, I'm still here, but lost in the shadows. Yearning for less bugs. Who want's a Cacti 1.3/2.0? Streams anyone?
yousillygoose
Cacti User
Posts: 62
Joined: Fri Sep 23, 2011 2:48 pm

Re: LDAP Groups Request

Post by yousillygoose »

I actually like this idea a lot. We have a product that we purchased that works a similar way:

You define group buckets with a set permission scheme on the cacti end. You pair this to ldap to say that anyone that meets these criteria should fall into this gruop bucket. This would allow you to do group authentication. You can always have a default bucket if they don't fall into an upper group. This would help on our end because we could simply add a security group to cacti and anyone found in it could be an admin of the tool.
Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest