Uploaded image for project: 'Observium'
  1. Observium
  2. OBS-4097

LDAP user don't see assigned devices

Details

    • New Feature
    • Resolution: Unresolved
    • Major
    • None
    • Professional Edition
    • Web Interface
    • centos8, php 7.2, Observium 22.4.11952

    Description

      As in ticket OBS-1684 described before: I assign users authenticated via LDAP read-only devices. But when them logging in their page is empty. (No device listed)

       

      I tried to assign users to a role, which contains a set of devices, try to assign directly some devices, logged out and logged in again - nothing helps. 

       

      we're using a standard ldap, all users are listed so I have no idea anymore and it looks like a bug.

      Attachments

        Issue Links

          mentions

          Bug - A problem which impairs or prevents the functions of the product. OBS-1684 Normal users cant see anything they have access to

          • Major - Major loss of function.
          • Closed

          Activity

            [OBS-4097] LDAP user don't see assigned devices
            landy Mike Stupalov made changes -
            Status Original: Pending Response [ 10000 ] New: In Review [ 10101 ]
            albrecht Rajko Albrecht added a comment -

            yes, in config.php

             

            sorry for late answers, I was away.

            albrecht Rajko Albrecht added a comment - yes, in config.php   sorry for late answers, I was away.
            landy Mike Stupalov made changes -
            Status Original: In Review [ 10101 ] New: Pending Response [ 10000 ]
            landy Mike Stupalov added a comment -

            Just for sure, where you set this configs..
            In config.php file?

            landy Mike Stupalov added a comment - Just for sure, where you set this configs.. In config.php file?
            landy Mike Stupalov made changes -
            Status Original: Pending Response [ 10000 ] New: In Review [ 10101 ]
            albrecht Rajko Albrecht added a comment - - edited 

            $config['auth_ldap_binddn'] = "uid=ldapservice,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com";
            		 
            $config['auth_ldap_bindpw'] = "<topsecret>";
            		 
            $config['auth_ldap_bindanonymous'] = FALSE;
            		 
            $config['auth_ldap_server'] = "ldap.jumpcloud.com";
            		 
            $config['auth_ldap_port'] = 389;
            		 
            $config['auth_ldap_starttls'] = TRUE;
            		 
            $config['auth_ldap_version'] = 3; # v2 or v3$config['auth_ldap_suffix'] = ",ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com";
            		 
            $config['auth_ldap_prefix'] = "uid=";
            		 
            $config['auth_ldap_attr']['uidNumber'] = "uidNumber";
            		 
            $config['auth_ldap_attr']['mail'] = "email";#$config['auth_ldap_objectclass'] = "posixAccount";
            		 
            $config['auth_ldap_attr']['group']="posixgroup";#$config['auth_ldap_group']  = array("cn=itadmin,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com");
            		 
            #$config['auth_ldap_group']  = array("cn=itadmin,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com","cn=github,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com");
            		 
            $config['auth_ldap_groupbase'] = "ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com";
            		 
            $config['auth_ldap_groups']['itadmin']['level'] = 10;
            		 
            $config['auth_ldap_groups']['github']['level'] = 1;

            Here we go.

             

            Some interesting fact: when using group filters (like in commented lines) than I get absolut no uidNumber assigned, but I think, this is something different for a future debug. But this isn't that easy for me because I'm not a php-expert and don't know how to debug php in realtime like I would do with python.

            albrecht Rajko Albrecht added a comment - - edited $config[ 'auth_ldap_binddn' ] = "uid=ldapservice,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com" ; $config[ 'auth_ldap_bindpw' ] = "<topsecret>" ; $config[ 'auth_ldap_bindanonymous' ] = FALSE; $config[ 'auth_ldap_server' ] = "ldap.jumpcloud.com" ; $config[ 'auth_ldap_port' ] = 389 ; $config[ 'auth_ldap_starttls' ] = TRUE; $config[ 'auth_ldap_version' ] = 3 ; # v2 or v3$config[ 'auth_ldap_suffix' ] = ",ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com" ; $config[ 'auth_ldap_prefix' ] = "uid=" ; $config[ 'auth_ldap_attr' ][ 'uidNumber' ] = "uidNumber" ; $config[ 'auth_ldap_attr' ][ 'mail' ] = "email" ;#$config[ 'auth_ldap_objectclass' ] = "posixAccount" ; $config[ 'auth_ldap_attr' ][ 'group' ]= "posixgroup" ;#$config[ 'auth_ldap_group' ]  = array( "cn=itadmin,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com" ); #$config[ 'auth_ldap_group' ]  = array( "cn=itadmin,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com" , "cn=github,ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com" ); $config[ 'auth_ldap_groupbase' ] = "ou=Users,o=<identifiercode>,dc=jumpcloud,dc=com" ; $config[ 'auth_ldap_groups' ][ 'itadmin' ][ 'level' ] = 10 ; $config[ 'auth_ldap_groups' ][ 'github' ][ 'level' ] = 1 ; Here we go.   Some interesting fact: when using group filters (like in commented lines) than I get absolut no uidNumber assigned, but I think, this is something different for a future debug. But this isn't that easy for me because I'm not a php-expert and don't know how to debug php in realtime like I would do with python.
            landy Mike Stupalov added a comment -

            Hi, can you show ldap related config entries (hide passwords)?

            I will try tests on dev server with same params.

            Strange why same function not always return correct user_id.

            landy Mike Stupalov added a comment - Hi, can you show ldap related config entries (hide passwords)? I will try tests on dev server with same params. Strange why same function not always return correct user_id.
            landy Mike Stupalov made changes -
            Status Original: In Review [ 10101 ] New: Pending Response [ 10000 ]
            adama Adam Armstrong added a comment -

            failure user_id should be NULL maybe?

            i'm not sure of the purpose of even allowing auth with an unavailable user_id

            adama Adam Armstrong added a comment - failure user_id should be NULL maybe? i'm not sure of the purpose of even allowing auth with an unavailable user_id
            landy Mike Stupalov made changes -
            Status Original: Pending Response [ 10000 ] New: In Review [ 10101 ]

            People

              adama Adam Armstrong
              albrecht Rajko Albrecht
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: