Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Professional Edition
-
None
-
Debian with LDAP authentication
All members in observium_user
to grant more acces added to observium_admin or observium_global_read
Description
i added a couple normal users and added them to have access to a whole group. when i did that they logged in and saw no devices. so i tried giving them permissions to individual devices and they still couldn't see anything.
Attachments
Issue Links
- is mentioned by
-
OBS-4097 LDAP user don't see assigned devices
-
- In Review
-
Activity
Hi Mike,
I did and SVN Update, re-implemented the LDAP auth with AD and it seem to be working now.
Thanks very much for addressing this!
-Ryan
Issue still not resolved for you?
I made some LDAP fixes, please try with latest revision (Pro, rolling).
Ok,
So essentially at this point there are no plans to modify the LDAP implementation to resolve this issue?
LDAP with AD does not currently work.
AD doesn't support LDAP features we use, so it fails to correctly assign a user id and the user never picks up its permissions.
Hello,
Has there been any movement on this issue. I'm experiencing the same thing. Unless the user level is 10, my 'normal' users at level 1 are unable to see devices they have been assigned. Actual LDAP authentication with Active Directory is not a issue.
Thanks!
It seems that somewhere in the LDAP code, we're failing to work out the user_id for the user.
You use LDAP? Well, I never!
BTW, you're much more likely to get a resolution to an issue if you provide the maximum about of information.
Often if people can't see all of the information, they'll be much less likely to reply, this a big thing for support in general. More information will never prevent a resolution, too little information will prevent a resolution every time.
I've just realised there's not actually anywhere in the UI which tells you your username though, so, that's probably something for us to fix, too!
That said, I'm still not sure there's actually a way this can happen, though I don't actually have an LDAP installation to test.
I'll add the username to the UI somewhere, so we can verify that the correct database user account is being used.
I tested my own LDAP config and normal user groups and permissions.
All worked fine, I not found any issues. But I not use AD and not tested with it.
Also as I see, you use lowercase 'cn=', 'ou=', 'dc='.. I not sure but AD can be case-sensitive and you should use uppercase 'OU='.
Anyway, this is just troubles with your config, ask in maillist for people who used AD integration.
I didnt think it was relevant to give the full screenshot since i cant get a screenshot that shows the dashboard AND who is signed in since this information is not displayed. I will post in this mailing list and hope they are more trusting that i am correctly authenticating since i am in fact logged in.
Woo hoo