Thanks Sarah I'm going to test it, hope I can find What happen!? ;)
On Wed, Aug 14, 2013 at 12:44 PM, Schmiechen, Sarah <schmi...@iu.edu> wrote:
> HI Ricardo,
>
> I was running into a similar recently (but for OpenLDAP). I could use
> ldapsearch on the command line as well. Turns out I was missing some
> libraries. What I did to figure it out was to get the nagios plugin
> check_ldap working on the command line (the first time I ran it the error
> told me what I was missing ).
>
> Hope that's of any help.
>
> Sarah
>
>
> --
> SWAMP Developer, High Throughput Computing Group
> Indiana University Research Technologies division of UITS; Research
> Technologies is a PTI Cyberinfrastructure & Service Center.
>
> From: Rickb Calderón <rscalder...@gmail.com>
> Reply-To: "icinga-users@lists.sourceforge.net" <
> icinga-users@lists.sourceforge.net>
> Date: Wednesday, August 14, 2013 2:34 PM
> To: "icinga-users@lists.sourceforge.net" <
> icinga-users@lists.sourceforge.net>
> Subject: [icinga-users] AD-LDAP authentication icinga-web
>
> Hi All,
>
> I need your valuable help.
>
> I'm trying to make the AD authentication with my icinga-web instance,
> but When I enabled the ldap config, give me an error in the we.log (see it
> below) and I can not login anymore, even with the local users. Maybe I'm
> missing something in the ldap section config or in other part. As a note, I
> can query the ad and list the users with ldap tools.
>
> I edited the */opt/icinga/web/app/modules/AppKit/config/auth.xml* like
> this (after every change I clear the cache) :
>
> <!-- My AD Authentication connection -->
>
> <ae:parameter name="msad-ldap1">
> <ae:parameter name="auth_module">AppKit</ae:parameter>
> <ae:parameter
> name="auth_provider">Auth.Provider.LDAP</ae:parameter>
> <ae:parameter name="auth_enable">true</ae:parameter>
> <ae:parameter name="auth_authoritative">true</ae:parameter>
> <ae:parameter name="auth_create">true</ae:parameter>
> <ae:parameter name="auth_update">true</ae:parameter>
>
> <ae:parameter name="auth_map">
> <ae:parameter
> name="user_firstname">givenName</ae:parameter>
> <ae:parameter name="user_lastname">sn</ae:parameter>
> <ae:parameter name="user_email">mail</ae:parameter>
> </ae:parameter>
>
> <ae:parameter
> name="ldap_allow_anonymous">false</ae:parameter>
> <ae:parameter name="ldap_dsn">ldap://*mycompany*:*389*
> </ae:parameter>
> <ae:parameter name="ldap_start_tls">false</ae:parameter>
> <ae:parameter name="ldap_basedn">cn=*Users*,dc=corp,dc=*
> mycompany*,dc=com</ae:parameter>
> <ae:parameter name="ldap_binddn">*myuser*@corp.*mycompany*
> .com</ae:parameter>
> <ae:parameter name="ldap_bindpw"><![CDATA[*mypass*
> ]]></ae:parameter>
> <ae:parameter
> name="ldap_userattr">sAMAccountName</ae:parameter>
> <ae:parameter
> name="ldap_filter_user"><![CDATA[(&(sAMAccountName=__USERNAME__))]]></ae:parameter>
> </ae:parameter>
>
>
> As well, I have tried this way and always got the same error:
>
> <ae:parameter name="ldap_basedn">dc=corp,dc=*mycompany*
> ,dc=com</ae:parameter>
> <ae:parameter name="ldap_binddn">*cn=myuser,cn=Users,*dc=corp,dc=*
> mycompany*,dc=com</ae:parameter>
>
>
> *Web log:*
>
> [Wed Aug 14 17:35:40 2013] [error] Auth.Provider.LDAP Bind failed:
> (dn=cn=opennmsad,cn=*Users*,dc=corp,dc=*mycompany*,dc=com)
> [Wed Aug 14 17:35:40 2013] [error] Auth.Dispatch/import: Import failed
> (provider=msad-ldap1,msg=Auth.Provider.LDAP: Bind failed)
> [Wed Aug 14 17:35:40 2013] [error] Userlogin by *user* failed!
>
>
> This is the complete* auth.xml* file before the ldap section:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <settings prefix="modules.appkit.auth." xmlns="
> http://agavi.org/agavi/config/parts/module/1.0"; xmlns:ae="
> http://agavi.org/agavi/config/global/envelope/1.0";>
>
> <!--
>
> **********************************************************************
> auth.xml - authentication and authorisation for icinga-web
>
> * After changes please clear the cache (rm -rf
> app/cache/config/*.php)
> * All provider writes massive output to debug log
> (app/data/log/debug-*)
>
>
> **********************************************************************
> -->
>
> <!--
> This is how group-inheritance works. Top-down is like
> class inheritance: The deepest group gets all credentials.
>
> Setting this to 'false' its more like group management
> systems like LDAP/AD: The group on top will get all
> credentials
> -->
> <setting name="behaviour.group_topdown">true</setting>
>
> <!-- Allow silent providers (like HTTPBasicAuthentication) -->
> <setting name="behaviour.enable_silent">true</setting>
>
> <!--
> Allow dialog based authentication
> * Are both settings enabled, the dialog will be displayed as
> fallback
> -->
> <setting name="behaviour.enable_dialog">true</setting>
>
> <!--
> Enable store of login name into cookie and provide
> this as default username for the login mask
> -->
> <setting name="behaviour.store_loginname">true</setting>
>
> <!-- Provider default settings -->
> <setting name="defaults">
> <!--
> * auth_create
> Try to import the user profile on initial creation
> -->
> <ae:parameter name="auth_create">false</ae:parameter>
>
> <!--
> * auth_update
> Update changes in the userprofile
> -->
> <ae:parameter name="auth_update">false</ae:parameter>
>
> <!--
> * auth_resume
> Do not stop if a provider has knows the user, but cat not
> authorize
>
> If auth_authoritative is disabled and auth_import /
> auth_update is enabled the
> provider can create the user profile and delegates the
> authentication to other
> providers (Cool thing for HTTPBasicAuth with Apache2/Kerberos
> and LDAP to
> import users).
> -->
>
> <ae:parameter name="auth_resume">true</ae:parameter>
>
> <!--
> * auth_groups
> Comma seperated list of icinga group name a new user will be
> added to
> -->
> <ae:parameter name="auth_groups">icinga_user</ae:parameter>
>
> <!--
> * auth_enable
> If the provider is enabled or not
> -->
> <ae:parameter name="auth_enable">false</ae:parameter>
>
> <!--
> * auth_authoritative
> Use this provider to authenticate users
> -->
> <ae:parameter name="auth_authoritative">false</ae:parameter>
>
> <!--
> * auth_lowercase_username
> Convert every username to lowercase
> -->
> <ae:parameter name="auth_lowercase_username">true</ae:parameter>
>
>
> <!-- Just including your configuration -->
> <xi:include
> xmlns:xi="http://www.w3.org/2001/XInclude";
> href="/opt/icinga/etc/icinga-web/conf.d/auth.xml"
>
> xpointer="xpointer(//settings/setting[@name='defaults']/node())">
> <xi:fallback></xi:fallback>
> </xi:include>
> </setting>
>
> <!--
> * provider
> List of providers used for this installation.
> -->
> <setting name="provider">
> <!--
> * internal database authentication
> Better to change nothing here
> -->
>
> <ae:parameter name="internal">
> <ae:parameter name="auth_module">AppKit</ae:parameter>
> <ae:parameter
> name="auth_provider">Auth.Provider.Database</ae:parameter>
>
> <ae:parameter name="auth_enable">true</ae:parameter>
> <ae:parameter name="auth_authoritative">true</ae:parameter>
> </ae:parameter>
>
> <!--
> * api key
> Providing user defined api key in the url to authenticate as
> fast as possible
> Also please change anything ;-)
> -->
> <ae:parameter name="auth_key">
> <ae:parameter name="auth_module">AppKit</ae:parameter>
> <ae:parameter
> name="auth_provider">Auth.Provider.AuthKey</ae:parameter>
> <ae:parameter name="auth_enable">true</ae:parameter>
> <ae:parameter name="auth_authoritative">true</ae:parameter>
> </ae:parameter>
>
>
> Thanks in advance.
>
> -------
>
> Ricardo
>
>
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead.
> Download for free and get started troubleshooting in minutes.
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> icinga-users mailing list
> icinga-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/icinga-users
>
>
--
Atte.
Ricardo Calderón
------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead.
Download for free and get started troubleshooting in minutes.
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
icinga-users mailing list
icinga-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/icinga-users
