Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-3308

Whit LDAP there are no members in Roles

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • Professional Edition
    • Web Interface
    • Ubuntu 18.04 (Updated)
      Observium 20.3.10324 (stable)
      MS Active Directory for authentication

    Description

      Hi,

      When I use LDAP for authentication and make roles there are no members in the Roles.

      And I can not add members to the role.

      Please see attached file.

      Thanks!

      Attachments

        Activity

          [OBS-3308] Whit LDAP there are no members in Roles
          sallport Steve Allport added a comment -

          I'm currently using Observium CE 20.9.10731 with LDAP authenticating against AD. I've found that for users to appear in the Users list, they need to be direct members of a group in auth_ldap_group array. If you're using nested groups, then users do not appear in the Users list.

          I don't know if there's a config setting to resolve this. I am using:

          $config['auth_ldap_recursive'] = TRUE;
          $config['auth_ldap_recursive_maxdepth'] = 4;

          But this has no effect on the users list. but does allow for nested user authentication.

          sallport Steve Allport added a comment - I'm currently using Observium CE 20.9.10731 with LDAP authenticating against AD. I've found that for users to appear in the Users list, they need to be direct members of a group in auth_ldap_group array. If you're using nested groups, then users do not appear in the Users list. I don't know if there's a config setting to resolve this. I am using: $config ['auth_ldap_recursive'] = TRUE; $config ['auth_ldap_recursive_maxdepth'] = 4; But this has no effect on the users list. but does allow for nested user authentication.
          Peb Matthew Drolc added a comment -

          I found mention of an old bug from 2016 which is still open which looks like it refers to this issue of not being able to assign access access to specific devices, groups, sensors for AD (LDAP) users (https://jira.observium.org/browse/OBS-1701).

           

          We are currently running 20.7.10549, we only enabled LDAP auth after having upgraded but have now reverted to using internal users for the time being again.

          Peb Matthew Drolc added a comment - I found mention of an old bug from 2016 which is still open which looks like it refers to this issue of not being able to assign access access to specific devices, groups, sensors for AD (LDAP) users ( https://jira.observium.org/browse/OBS-1701 ).   We are currently running 20.7.10549, we only enabled LDAP auth after having upgraded but have now reverted to using internal users for the time being again.
          Peb Matthew Drolc added a comment -

          I appear to be having the same issue.  I've just enabled LDAP authentication (against AD), I've had four different user accounts log in, but when I look in the Users management section to edit a user (in order to configure devices they have access to), or attempt to edit a Role to add a user to a role, no users are being displayed.

          Peb Matthew Drolc added a comment - I appear to be having the same issue.  I've just enabled LDAP authentication (against AD), I've had four different user accounts log in, but when I look in the Users management section to edit a user (in order to configure devices they have access to), or attempt to edit a Role to add a user to a role, no users are being displayed.
          adama Adam Armstrong made changes -
          Comment [ Please make and attach additional information about the device:
           * full snmp dump from device:
          {noformat}
          snmpwalk -v2c -c <community> --hexOutputLength=0 -ObentxU <hostname> .1 > myagent.snmpwalk
          snmpwalk -v2c -c <community> --hexOutputLength=0 -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk
          {noformat}
            _If device not support SNMP version 2c, replace -v2c with -v1._

           * If you have problems with discovery or poller processes, please do and attach these debugs:
          {noformat}
          ./discovery.php -d -h <device>
          ./poller.php -d -h <device>
          {noformat}
           
          * additionally attach device and/or vendor specific MIB files

          {color:#505F79}_Note, this comment is added automatically._{color} ]
          landy Mike Stupalov made changes -
          Status Original: Pending Response [ 10000 ] New: In Review [ 10101 ]
          ar1tst Gabor Nagy added a comment -

          Hello Mike,

          I don't know how my problem related to snmp, discovery or polling.

          Without any added device I just configured Observium to authenticate from Active Directory and it's working fine.
          I can create roles but as you see on the attached picture I can not add members to the role because there are no user in the list.

          I have around 30 person who can log in to Observium.

           

          Thanks!

          ar1tst Gabor Nagy added a comment - Hello Mike, I don't know how my problem related to snmp, discovery or polling. Without any added device I just configured Observium to authenticate from Active Directory and it's working fine. I can create roles but as you see on the attached picture I can not add members to the role because there are no user in the list. I have around 30 person who can log in to Observium.   Thanks!
          landy Mike Stupalov made changes -
          Status Original: Open [ 1 ] New: Pending Response [ 10000 ]
          ar1tst Gabor Nagy created issue -

          People

            adama Adam Armstrong
            ar1tst Gabor Nagy
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated: