Hello there,
I'm a very, very happy Cacti user since a while now.
But I've recently found a little inconvenience (bug or feature?) using LDAP auth with a specific dn (ldap_mode=2).
It turns out cacti bind first with the ldap_specific_dn/password to authenticate the user (as expected), but when ldap_group_require=1, the ldap compare is done using the dn of the authenticated user, regardless we set a ldap_specific_dn/password.
I would expect this ldap_specific_dn to be used for any ldap request. Or am I wrong?
In attach a little patch for lib/ldap.php that works for me against 0.8.8b-7.el6 and shoud still work against branch 0.8.8.
But as I see a bit further in function Search form the same file, maybe better use the specific dn/password in every mode?
To be more specific, this issue is making my life harder as I have to allow each user to read all group attributes, which I find unnecessary and is apparently not required by other software (like pam_ldap or apache mod_authnz_ldap for instance).
Thx to consider my proposal and congrats for the good job anyway.
bEn
PS: the patch also fix what I think is a little mistake in a comment.
Little issue when using ldap specific dn and group require
Moderators: Developers, Moderators
Little issue when using ldap specific dn and group require
- Attachments
-
- cacti_ldap.patch
- Patch for ldap.php
- (591 Bytes) Downloaded 60 times
Re: Little issue when using ldap specific dn and group requi
Have you tried 0.8.8d? there were 2 LDAP issues fixed http://www.cacti.net/changelog.php
If the problem still exists, please file a bug against 0.8.8d http://www.cacti.net/bugs.php
If the problem still exists, please file a bug against 0.8.8d http://www.cacti.net/bugs.php
| Scripts: Monitor processes | RFC1213 MIB | DOCSIS Stats | Dell PowerEdge | Speedfan | APC UPS | DOCSIS CMTS | 3ware | Motorola Canopy |
| Guides: Windows Install | [HOWTO] Debug Windows NTFS permission problems |
| Tools: Windows All-in-one Installer |
Re: Little issue when using ldap specific dn and group requi
Thanks a lot for your answer,
But I know for sure the patch still make sense against the current 0.8.8 branch (since I've checked out from SVN).
Point is: it is even a bug? I would understand if some dev would not approve the patch.
Anyhow, I'll try to find time to submit it... Can always be rejected :-p
I've not tried 0.8.8d (cause not packaged in EPEL...).BSOD2600 wrote:Have you tried 0.8.8d? there were 2 LDAP issues fixed http://www.cacti.net/changelog.php
But I know for sure the patch still make sense against the current 0.8.8 branch (since I've checked out from SVN).
I guess I could try a manual update to 0.8.8.d to be really sure, but I'm 99% sure it's not fixed in any 0.8.8 version.BSOD2600 wrote:If the problem still exists, please file a bug against 0.8.8d http://www.cacti.net/bugs.php
Point is: it is even a bug? I would understand if some dev would not approve the patch.
Anyhow, I'll try to find time to submit it... Can always be rejected :-p
Who is online
Users browsing this forum: No registered users and 3 guests