[OBS-1830] Require bind entity permissions is not working - Observium

Details

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: Professional Edition
Component/s: Authentication
Labels:
- Monitoring
- alerting
- permission
- users
Environment:
See image attached.

Description

I update observium version, but i get the same error on ticket ~~OBSERVIUM-1828~~ Resume: [I create diferents user in active directory and gave diferents levels of access, 1,5, 10. Everything work fine except level 1.
When I gave access with level 1 to anyone and special permission on specified device, but permission no working. Not show anything. I atached some images with user permissions example]. I attached the image with version and permission.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Sanpshot Version.PNG
12 kB
2016/05/11 04:04 AM
User Permission.PNG
52 kB
2016/05/11 04:04 AM
Config LDAP.PNG
35 kB
2016/05/11 10:55 PM
UsuarioSantaFe-SessionObservium.PNG
46 kB
2016/05/11 10:55 PM
UsuarioSantaFe.PNG
13 kB
2016/05/11 10:55 PM
UsuarioSantaFe2.PNG
24 kB
2016/05/11 10:55 PM
UsuarioSantaFe3.PNG
21 kB
2016/05/11 10:55 PM
SQL_Device_Permission.PNG
22 kB
2016/05/12 09:33 PM
SFUser_ID.PNG
11 kB
2016/05/12 09:33 PM
Debug3.PNG
23 kB
2016/05/13 05:28 AM
Debug1.PNG
139 kB
2016/05/13 05:28 AM
Debug2.PNG
135 kB
2016/05/13 05:28 AM

Activity

[OBS-1830] Require bind entity permissions is not working

Mike Stupalov made changes - 2016/05/22 07:59 PM

Workflow

Original: classic default workflow [ 12935 ]

New: Observium workflow [ 13198 ]

Fernando Avella added a comment - 2016/05/14 01:55 AM

Hi. i found something. I have direferents users in differents OU in the root AD domain. When I set 'auth_ldap_suffix for one selected OU, the user who lives in ths OU login perfectly with the rights permission, but the rest of users cant login. So if use 'auth_ldap_suffix whith ",DC=domain,dc=com" so can authenticate all users, but cant read permission in level 1 or another level. There are any configuration o work around to resolve this?

Fernando Avella added a comment - 2016/05/14 01:55 AM Hi. i found something. I have direferents users in differents OU in the root AD domain. When I set 'auth_ldap_suffix for one selected OU, the user who lives in ths OU login perfectly with the rights permission, but the rest of users cant login. So if use 'auth_ldap_suffix whith ",DC=domain,dc=com" so can authenticate all users, but cant read permission in level 1 or another level. There are any configuration o work around to resolve this?

Mike Stupalov added a comment - 2016/05/13 10:48 PM

And check User IDs in user edit page, they not should -1 or 0!

Mike Stupalov added a comment - 2016/05/13 10:48 PM And check User IDs in user edit page, they not should -1 or 0 !

Mike Stupalov added a comment - 2016/05/13 10:46 PM

Observium fully support authentication via LDAP (and AD also).
Your config and auth work well, except not get correct User ID from AD (can be this is related to your specific install).
My devel AD config also work fine.

Please sure, that you use rolling (trunk, not stable!) branch.
Relogin with this user.
Add you should set used permissions again, since old user_id was incorrect.

Mike Stupalov added a comment - 2016/05/13 10:46 PM Observium fully support authentication via LDAP (and AD also). Your config and auth work well, except not get correct User ID from AD (can be this is related to your specific install). My devel AD config also work fine. Please sure, that you use rolling (trunk, not stable!) branch. Relogin with this user. Add you should set used permissions again, since old user_id was incorrect.

Fernando Avella added a comment - 2016/05/13 10:39 PM

I red the documentation y and the config, so I think observium not support user authentication via LDAP (Active Directory) in diferents OU, so I have to put all users that have access to observium in the same OU?

Fernando Avella added a comment - 2016/05/13 10:39 PM I red the documentation y and the config, so I think observium not support user authentication via LDAP (Active Directory) in diferents OU, so I have to put all users that have access to observium in the same OU?

Mike Stupalov added a comment - 2016/05/13 10:36 PM

This message non informative

Mike Stupalov added a comment - 2016/05/13 10:36 PM This message non informative

Fernando Avella added a comment - 2016/05/13 10:31 PM

We are on this revision

[root@observium observium]# svn update
At revision 7850.

Fernando Avella added a comment - 2016/05/13 10:31 PM We are on this revision [root@observium observium] # svn update At revision 7850.

Mike Stupalov added a comment - 2016/05/13 10:28 PM

Please update to latest revision (r7850) and try now, I think should be fixed.

Mike Stupalov added a comment - 2016/05/13 10:28 PM Please update to latest revision (r7850) and try now, I think should be fixed.

Mike Stupalov made changes - 2016/05/13 10:27 PM

Assignee

Original: Tom Laermans [ sid3windr ]

New: Mike Stupalov [ landy ]

Fernando Avella made changes - 2016/05/13 05:28 AM

Attachment		New: Debug1.PNG [ 13160 ]
Attachment		New: Debug2.PNG [ 13161 ]
Attachment		New: Debug3.PNG [ 13162 ]

People

Assignee:: Mike Stupalov

Reporter:: Fernando Avella

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2016/05/11 04:05 AM

Updated:: 2016/05/14 01:55 AM