Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-3240

Fix for LDAP Web INterface auth

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • None
    • Professional Edition
    • Authentication
    • None

    Description

      Problem description

      When integrating Observium with LDAP that has strong requirement of group nesting and usage of "groupOfNames", ran into following issues:

      • When groups are recursively fetched from LDAP (i.e. uid=admin is member of cn=system_admins, and cn=system_admins is member of cn=observium_admins which is used to get privileges in Observium interface), upon 2nd iteration I received not "cn=system_admins", but just "c" this is due to a fact that ldap_search_user function referenced "$element[$config['auth_ldap_attr']['dn']][0]" instead of just "$element[$config['auth_ldap_attr']['dn']]";
      • When group search is performed ldap_filter_create function uses fixed value of "group" for objectClass, but the LDAP I integrated with uses "groupOfNames".

      Proposed solution

      Use not "$element[$config['auth_ldap_attr']['dn']]" and not "$element[$config['auth_ldap_attr']['dn']][0]" to fix recursive group search.
      Introduce "$config['auth_ldap_attr']['group']" variable in config to fix different names of group attribute in LDAP. Use default value of "group" for this variable to avoid breaking existing installations.

      Attached patch fixes both of them.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. OBS-3310 LDAP Recursion broken

          • Major - Major loss of function.
          • Closed

          Activity

            [OBS-3240] Fix for LDAP Web INterface auth
            bot Observium Bot made changes -
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            landy Mike Stupalov made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: Reopened [ 4 ] New: Resolved [ 5 ]
            landy Mike Stupalov made changes -
            Resolution Original: Fixed [ 1 ]
            Status Original: Closed [ 6 ] New: Reopened [ 4 ]
            landy Mike Stupalov made changes -
            Link New: This issue relates to OBS-3310 [ OBS-3310 ]
            landy Mike Stupalov made changes -
            Status Original: Resolved [ 5 ] New: Closed [ 6 ]
            landy Mike Stupalov made changes -
            Resolution New: Fixed [ 1 ]
            Status Original: In Progress [ 3 ] New: Resolved [ 5 ]
            landy Mike Stupalov made changes -
            Status Original: In Review [ 10101 ] New: In Progress [ 3 ]
            landy Mike Stupalov made changes -
            Status Original: Pending Response [ 10000 ] New: In Review [ 10101 ]
            landy Mike Stupalov made changes -
            Comment [ Please make and attach additional information about the device:
             * full snmp dump from device:
            {noformat}
            snmpwalk -v2c -c <community> --hexOutputLength=0 -ObentxU <hostname> .1 > myagent.snmpwalk
            snmpwalk -v2c -c <community> --hexOutputLength=0 -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk
            {noformat}
              _If device not support SNMP version 2c, replace -v2c with -v1._

             * If you have problems with discovery or poller processes, please do and attach these debugs:
            {noformat}
            ./discovery.php -d -h <device>
            ./poller.php -d -h <device>
            {noformat}
               ]
            landy Mike Stupalov made changes -
            Status Original: Open [ 1 ] New: Pending Response [ 10000 ]
            j-v-c Sergei Fomin created issue -

            People

              landy Mike Stupalov
              j-v-c Sergei Fomin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: