Domains Plugin

Addons for Cacti and discussion about those addons

Moderators: Developers, Moderators

Post Reply
chatar
Posts: 1
Joined: Tue May 19, 2015 3:54 am

Domains Plugin

Post by chatar »

Hi all,
After one day searching a way to authenticate users on our openldap and give them a different default profile defined by the user's group.
I chosed to use domains plugin and it took me long time to find this post that helped me a lot for testing : http://forums.cacti.net/viewtopic.php?f=7&t=47442

The goal : define different ldap domains with same server, same options except "Group Distingished Name (DN)" and template
exemple :

Code: Select all

Domain Type : LDAP
UserTemplate : departmentNbr_template
Authentication Method: LDAP Authentication
Server: domainserver.domain.com
Port: 389
Version: 3
Encryption: SSL
Mode: No searching
Distinguished Name: uid=<username>,ou=people,dc=MYORG,dc=fr
Require Group Membership: Checked
Group Distingished Name: cn=MYORG:xx:departmentNbr:tous,ou=Grouper,dc=MYORG,dc=fr
Group Membership Attribute: member
Group Member Type: Distingished Name
Search Base: empty
Search Filter: empty
Search Distingished Name: empty
Search Password: empty
The problem is that if I enable "Require Group Membership" in domain's definition, the option isn't realy active.
The plugin sends "group_require" with value "on" instead of "true" I don't know and can't find why. so I decided to patch lib/ldap.php as next :

Code: Select all

--- /root/cacti/cacti_0.8.8b/lib/ldap.php	2015-05-18 15:50:47.000000000 +0200
+++ /usr/share/cacti/lib/ldap.php	2015-05-19 10:43:43.843584332 +0200
@@ -154,6 +154,7 @@
 class Ldap {
 	function Ldap() {
 
+		$this->force_rco  = true; //CDELAUNA evite d'utiliser les parames de $SESSION lors de logins consecutifs. permet de ne pas fermer/ouvrir le browser entre deux tests
 		/* Initialize LDAP parameters for Authenticate */
 		$this->dn         = read_config_option("ldap_dn");
 		$this->host       = read_config_option("ldap_server");
@@ -249,7 +250,7 @@
 			/* Bind to the LDAP directory */
 			$ldap_response = @ldap_bind($ldap_conn, $this->dn, $this->password);
 			if ($ldap_response) {
-				if ($this->group_require == 1) {
+				if ($this->group_require == 1 or $this->group_require == "on") { // Le plugin "domains" envoie group_require a "on" au lieu de "true" ce patch permet de le faire fonctionner quand même
 					/* Process group membership if required */
 					if ($this->group_member_type == 1) {
 						$ldap_group_response = @ldap_compare($ldap_conn, $this->group_dn, $this->group_attrib, $this->dn);
I think this is not a bug in cacti but in domains plugin.
Do somebody know if I should declare a bug somewhere ?
If not, I hope this post will help.
Cheers
Chatar
Top
Post Reply

Return to “Addons for Cacti”

Who is online

Users browsing this forum: No registered users and 4 guests