LDAP with Group Authentication (SOLVED!!!)

remensperger · Post by **remensperger** » Thu Jan 29, 2009 6:32 pm

I have been attempting to get group authentication working for the last few hours. Just figured it out, thought I'd lend a hand to those still struggling.

This is assuming you have gotten LDAP to work already.

My setup:

Version 0.8.7c
OS Debian (VMWare)
Apache2
PHP5

Authentication Method: LDAP Authentication
Server: domainserver.domain.com
Port: 389
Version: 3
Encryption: None
Mode: Specific
Distinguished Name: (Doesnt matter)
Require Group Membership: Checked
Group Distingished Name: (DN to your group) ie CN=Cacti,OU=Intranet,DC=lb,DC=domain,DC=com
Group Membership Attribute: member
Group Member Type: Distingished Name
Search Base: ou=users,dc=lb,dc=domain,dc=com
Search Filter: (&(objectclass=user)(objectcategory=user)(sAMAccountName=<username>))
Search Distingished Name: (Valid Username)
Search Password: (Valid Password)

With all this configured correctly I could not get it to work for the life of me. I would keep getting this error message: LDAP Error: Group DN could not be found to compare. As I have some php and ldap authentication knowledge I started looking thought the php files. Inside of ldap.php I found the error. I noticed @ldap_compare was using a variable that I could not find defigned anywhere. Turns out it must have been typed wrong. I modified these two lines:

$ldap_group_response = @ldap_compare($ldap_conn,$ldap_group,$ldap_group_attrib,$ldap_dn);

$ldap_group_response = @ldap_compare($ldap_conn,$ldap_group,$ldap_group_attrib,$username);

to

$ldap_group_response = @ldap_compare($ldap_conn,$ldap_group_dn,$ldap_group_attrib,$ldap_dn);

$ldap_group_response = @ldap_compare($ldap_conn,$ldap_group_dn,$ldap_group_attrib,$username);

From there you should be golden!

Post by **gandalf** » Sat Jan 31, 2009 5:53 am

Added this to mantis and assigned to me
http://bugs.cacti.net/view.php?id=1385
Reinhard

Post by **gandalf** » Sat Jan 31, 2009 3:26 pm

Solved in SVN#4900
Reinhard

monkeypaul · Post by **monkeypaul** » Thu Feb 19, 2009 3:41 pm

New bug in the svn:

function cacti_ldap_search_dn($username,$ldap_dn

$username is missing the "" causing all auth to fail using specified username.

P

Post by **gandalf** » Fri Feb 20, 2009 4:01 pm

Please open a new bug report as given by http://www.cacti.net/bugs.php. If possible, attach a patch
Reinhard

Post by **rony** » Sat Feb 21, 2009 12:32 pm

Um, you shouldn't have to do that.

sabir_mustafa · Post by **sabir_mustafa** » Mon Jul 12, 2010 6:11 am

Hi:
I am using RedHat Directory Server 8 and CactiEZ 0.8.7c. My following configuration let the user logon through LDAP.

Authentication Method = LDAP Authentication
Guest User = No user
User Template = No user
Server = IP Address of LDAP server
Port = 389
Protocol Version = 3
Refeeral = Disables
Mode = No Searching
Distinguished Name (DN) = uid=<username>, ou=ouname, dc=dcname, dc=dcname, dc=dcname
Search Base = "dc=dcname,dc=dcname,dc=dcname" (with quotes)

Now I had made a group in LDAP Server and want only the group users to login to cacti. But it does not work. I also applied the error patch as mentioned above but still the result is null.

Please guide me on how to do this.

cmarko · Post by **cmarko** » Mon Dec 20, 2010 7:38 pm

I ran into same issue and submitted patch. http://bugs.cacti.net/view.php?id=1919 solves this.

Cheers,
Chris

Cacti