I'm running v0.8.6g-1 on FC4, and have just completed creating my user accounts. I'm using LDAP against Active Directory, which works great! The only problem I had was that I had to copy an existing LDAP users records in the USER_AUTH table in MySQL to create new LDAP users. There doesn't appear to be a flag on the new user form to select LDAP authentication. Am I missing something? Is this in a new version? If not, can it be added to the wishlist?
Thanks for your help! - Chris
How to select LDAP authentication when creating a user
Moderators: Developers, Moderators
-
chrisl1977
- Posts: 4
- Joined: Wed Nov 23, 2005 9:23 am
-
rony
- Developer/Forum Admin
- Posts: 6022
- Joined: Mon Nov 17, 2003 6:35 pm
- Location: Michigan, USA
- Contact:
Pretty much you setup a template user and let the LDAP authenication create the user for you.
If you would like to create it after the fact, you will have to update only one field for that users. Use the following query to change a regular user to a LDAP user.
New version does the copy thing... You bring up a valid question, what if I want to precreate these users. Please submit a feature request so that I do this in the next version of cacti, FYI, 0.9.0.
If you would like to create it after the fact, you will have to update only one field for that users. Use the following query to change a regular user to a LDAP user.
Code: Select all
update user_auth set realm = 1 where username = 'LDAP User';[size=117][i][b]Tony Roman[/b][/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
[size=84][i]Experience is what causes a person to make new mistakes instead of old ones.[/i][/size]
[size=84][i]There are only 3 way to complete a project: Good, Fast or Cheap, pick two.[/i][/size]
[size=84][i]With age comes wisdom, what you choose to do with it determines whether or not you are wise.[/i][/size]
I don't quiet get what you're problem is.
I am using LDAP as well to auth my users against the running ADS Infrastructure.
If they have an account in the domain, they can log on. What they can do after login is defined by a template user which i created. You point to that template user and everything is fine. I didn't import anything into mysql.
Or are you talking about something totally different?
I am using LDAP as well to auth my users against the running ADS Infrastructure.
If they have an account in the domain, they can log on. What they can do after login is defined by a template user which i created. You point to that template user and everything is fine. I didn't import anything into mysql.
Or are you talking about something totally different?
-
chrisl1977
- Posts: 4
- Joined: Wed Nov 23, 2005 9:23 am
I think we are pretty close. I did notice if someone could log in via LDAP they could access Cacti. Since I didn't have a template for LDAP users, they couldn't access anything. I wanted to pre-create the users who had access, which I couldn't do in Cacti itself as it didn't have a switch to say 'use LDAP authentication.'
However, when I started poking around in the database, I noticed there was a flag which set which type of authentication was used. I precreated my accounts by manually changing this flag in the database and tested by logging in. This worked.
If Cacti had a switch on the new user form to set the authentication switch to LDAP, someone could pre-create an LDAP user account.
However, when I started poking around in the database, I noticed there was a flag which set which type of authentication was used. I precreated my accounts by manually changing this flag in the database and tested by logging in. This worked.
If Cacti had a switch on the new user form to set the authentication switch to LDAP, someone could pre-create an LDAP user account.
I am using LDAP with my AD as well. I pointed Cacti to my AD LDAP and when a user logs in they can choose the local Cacti db or LDAP option which automatically creates them an account with a pre defined set of rights with the template user.
To 'pre' create the user accounts as you suggested would place all the burned on you. The LDAP option with template user allows new users to access the system on their own time-table and after becoming familiar with the system they can request elevated privelages. Anyway, its all in the way you want to manage it i guess. I like to place as much burden on the end user as possible. It forces them to become more involved in the process and understand privelage levels.
<snip> get off soap box </snip>
To 'pre' create the user accounts as you suggested would place all the burned on you. The LDAP option with template user allows new users to access the system on their own time-table and after becoming familiar with the system they can request elevated privelages. Anyway, its all in the way you want to manage it i guess. I like to place as much burden on the end user as possible. It forces them to become more involved in the process and understand privelage levels.
<snip> get off soap box </snip>
Who is online
Users browsing this forum: No registered users and 1 guest