Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-1684

Normal users cant see anything they have access to

Details

    • Bug
    • Resolution: Fixed
    • Major
    • None
    • Professional Edition
    • Web Interface
    • None
    • Debian with LDAP authentication
      All members in observium_user
      to grant more acces added to observium_admin or observium_global_read

    Description

      i added a couple normal users and added them to have access to a whole group. when i did that they logged in and saw no devices. so i tried giving them permissions to individual devices and they still couldn't see anything.

      Attachments

        Issue Links

          Activity

            [OBS-1684] Normal users cant see anything they have access to

            The person you need to ask can't see any of these replies. You need to go to the mailing list :>

            When providing screenshots you need to provide the entire screen. We can't verify that the usernames match, so for all we know, you're just being incredibly careless

            adama Adam Armstrong added a comment - The person you need to ask can't see any of these replies. You need to go to the mailing list :> When providing screenshots you need to provide the entire screen. We can't verify that the usernames match, so for all we know, you're just being incredibly careless

            You are correct i miss read #534. There is no way for these normal users to see any devices

            sschrader11 Spencer Schrader added a comment - You are correct i miss read #534. There is no way for these normal users to see any devices

            Yes, i believe it is an issue with observium not attaching the permissions at login. The part of the screenshot that was not included is that the user is listed as a "Normal User". so the LDAP authentication is working fine. They are able to log in just not getting the permissions that they were given(cant see devices admin allowed), which is why i think it is a bug. The authentication is working properly. I just didnt know if there is a different way permissions were assigned to ldap users compared to mysql users.

            sschrader11 Spencer Schrader added a comment - Yes, i believe it is an issue with observium not attaching the permissions at login. The part of the screenshot that was not included is that the user is listed as a "Normal User". so the LDAP authentication is working fine. They are able to log in just not getting the permissions that they were given(cant see devices admin allowed), which is why i think it is a bug. The authentication is working properly. I just didnt know if there is a different way permissions were assigned to ldap users compared to mysql users.

            Also, this has absolutely nothing to do with #534.

            adama Adam Armstrong added a comment - Also, this has absolutely nothing to do with #534.

            Though, I'm not sure this is actually related to LDAP at all. If the user is able to log in, and Observium allows you to edit settings for the user (which we can't actually verify since you thought it useful to only post 1/3rd of screenshots), it's probably more related to Observium not attaching to permissions to the user at login time, which would be... odd.

            adama Adam Armstrong added a comment - Though, I'm not sure this is actually related to LDAP at all. If the user is able to log in, and Observium allows you to edit settings for the user (which we can't actually verify since you thought it useful to only post 1/3rd of screenshots), it's probably more related to Observium not attaching to permissions to the user at login time, which would be... odd.

            This should better be directed to the mailing list where might find someone who has made LDAP work properly.

            Neither Mike nor myself use LDAP.

            adama Adam Armstrong added a comment - This should better be directed to the mailing list where might find someone who has made LDAP work properly. Neither Mike nor myself use LDAP.

            This is identical to issue #534 that was "already fixed"

            sschrader11 Spencer Schrader added a comment - This is identical to issue #534 that was "already fixed"

            with active directory it has to have the full path to the group

            sschrader11 Spencer Schrader added a comment - with active directory it has to have the full path to the group

            I set it up EXACTLY how documentation states. http://www.observium.org/docs/authentication/ these are the examples that are on that page
            $config['auth_ldap_groups']['CN=Observium Admins,OU=Groups,DC=example,DC=COM']['level'] = 10;
            $config['auth_ldap_groups']['CN=Observium Users,OU=Groups,DC=example,DC=COM']['level'] = 1;
            Mine is exactly like this...

            sschrader11 Spencer Schrader added a comment - I set it up EXACTLY how documentation states. http://www.observium.org/docs/authentication/ these are the examples that are on that page $config ['auth_ldap_groups'] ['CN=Observium Admins,OU=Groups,DC=example,DC=COM'] ['level'] = 10; $config ['auth_ldap_groups'] ['CN=Observium Users,OU=Groups,DC=example,DC=COM'] ['level'] = 1; Mine is exactly like this...

            you use incorrect group names, as I see.

            group name should be simple name ie "Observium_Admins":

             $config['auth_ldap_groups']['Observium_Admins']['level'] = 10;
             $config['auth_ldap_groups']['Observium_Global_Read']['level'] = 7; 
             $config['auth_ldap_groups']['Observium_Users']['level'] = 1; 
            

            landy Mike Stupalov added a comment - you use incorrect group names, as I see. group name should be simple name ie "Observium_Admins": $config['auth_ldap_groups']['Observium_Admins']['level'] = 10; $config['auth_ldap_groups']['Observium_Global_Read']['level'] = 7; $config['auth_ldap_groups']['Observium_Users']['level'] = 1;

            I also included a screenshot of what i set for permissions and then sent a screenshot of what that user sees

            sschrader11 Spencer Schrader added a comment - I also included a screenshot of what i set for permissions and then sent a screenshot of what that user sees

            People

              landy Mike Stupalov
              sschrader11 Spencer Schrader
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: