LDAP authentication

[StarLog]

We are running CactiEZ v 0.3 - loaded the php-ldap.

We get authenticated as the log shows, but then I do not know where to go to give the user access.

Code: Select all

 02/13/2008 09:57:12 AM - AUTH LOGIN: User 'admin' Authenticated
02/13/2008 09:56:45 AM - AUTH LOGIN: Access Denied, No guest enabled or template user to copy
02/13/2008 09:56:45 AM - AUTH LOGIN: LDAP User 'tfrench' Authenticated
02/13/2008 09:56:45 AM - AUTH LDAP: Setting protocol version to 3

I have set the guest account to the following:

View graphs
console access
view monitoring
plugin- weathermap.

But I do not see the users name in the user management area.

[TheWitness]

Settings->Authentication, then select a template user.

[StarLog]

Witness,

I thought of that too.

When we go to that section, and look in
User Template:
There is only : "no user" and "admin"

none of the users that we have tried to log in with.

After looking at the "guest account"

I see ENABLED checked
Allow this user to keep custom settings checked
user has rights to tree view checked
user has rights to list view checked
user has rights to preview view checked
authentication LDAP
Realm:
view graphs
console access
view monitoring
pluging weathermap

does this help.?

[rony]

Template users can only be "Authentication Realm" local.

[StarLog]

rony,

mot sure what your telling me, can you explain a bit easier for me.
Thanks

[rony]

To use a user for a template, it must have "Authentication Realm" set to "Local".

Your "Guest" user is set for "Authentication Realm" of "LDAP".

[StarLog]

I changed the "guest" account to local as you mentioned, and then tried to log in again. using LDAP.

Below shows that I was authenticated. But still did not show up as a user in the management console. I got the RED text saying contact the Cacti administrator.

Is there something else I can look at.?

Code: Select all

login as: root
root@192.168.111.41's password:
Last login: Thu Feb 14 17:46:36 2008 from 192.168.111.160
[root@m-cornelius ~]# cat /var/www/html/log/cacti.log | grep LDAP
02/14/2008 08:57:51 PM - AUTH LDAP: Setting protocol version to 3
02/14/2008 08:57:51 PM - AUTH LOGIN: LDAP User 'tfrench' Authenticated
[root@m-cornelius ~]#

UPDATE TO ABOVE..

Got it to work, did not realize i had to build out the user, and then enable it and give it LDAP as the authentication realm. All is good in the hood.

[rony]

If you select a "Template User" that will be used to create a new user with the correct username when a person logs in using LDAP. Otherwise, it will use the "Guest" account.

[pyth]

hi all,
I have setup a LDAP authentification, just one problem :

-When it comes to an account with a simple password (ex : lola) its march

-But when it comes to an account with a password with special character (ex: lola$*µ etc...) it does not work.

Can you help me?

[rony]

Yep, that is a problem to which I currently do not have a solution to..

[StarLog]

We got it working like this:

LDAP Authentication
no user
no user
our-server-name
389
636
Version 3
none
disabled
no searching
<username>@ourdomain.com
dc=internal,dc=ourdomain,dc=net,dc=local

all other boxes are empty

[lnxflocki]

hi all,
I have setup a LDAP authentification, just one problem :

-When it comes to an account with a simple password (ex : lola) its march

-But when it comes to an account with a password with special character (ex: lola$*µ etc...) it does not work.

Can you help me?

Yep, that is a problem to which I currently do not have a solution to..

In auth_login.php on line 102 simply add stripslashes around the get_request_var_post("login_password"). So line 102 should look like this:

Code: Select all

$ldap_auth_response = cacti_ldap_auth($username,stripslashes(get_request_var_post("login_password")),$ldap_dn);

Fixed it for me