PDA

View Full Version : Authentication via ActiveDirectory

jzimmerman
01-01-2008, 12:51 AM
Has anyone got authentication to the Centreon front end via ActiveDirectory to work using LDAP?

I am currently authenticating other web applications via an Apache LDAP lookup as follows....


AuthName "Network Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthUserFile /dev/null
AuthzLDAPAuthoritative off
AuthLDAPBindDN "cn=WG Browse,ou=Staff,dc=mydomain,dc=com"
AuthLDAPBindPassword "mypassword"
AuthLDAPURL "ldap://0.0.0.0:3268/dc=mydomain,dc=com?samAccountName?"
require ldap-group cn=GroupName,ou=Global,ou=Groups-Shared,dc=mydomain,dc=com


Groups, IP Addresses and domain above ommitted.

Hints, ideas, suggestions?
WAtt
01-02-2008, 10:26 AM
Hi,

Have you look on centreon wiki ?
http://wiki.centreon.com/index.php/Use_LDAP/Active_Directory_for_import_users
jzimmerman
01-04-2008, 09:46 PM
I have seen the wiki but have not successfully authenticated.

I do not speak French and have been running it through a translater although most of it is in English anyway. I am probably just missing something.

If you have AD authentication working w/ Centreon any help is appreciated. Or if you know a way for Centreon to just take the username that is already used for Apache authentication the way Nagios does that will work for me too.

Thanks
WAtt
01-05-2008, 05:54 PM
Hi,

I'll look on Monday if I want to translate the wiki page.

I using AD in my compagny with Centreon without problems.
jzimmerman
01-17-2008, 02:42 AM
Does anyone have any ideas?

I went over my configuration again today and can't get anything to work for the life of me.

My options on the LDAP properties page are set as follows...

Enable LDAP Authentication: Yes
LDAP Server: (ip address of our Active Directory server)
LDAP Port: 3268
LDAP Base DN: dc=mydomain,dc=network
LDAP Login Attribut: sammaccountname
Enable LDAP over SSL: no
User for search: cn=WG Browse,ou=Staff,dc=mydomain,dc=network
Password: *****
Default LDAP filter: (&(objectClass=user)(samaccounttype=805306368)(membe rOf=CN=GroupName,OU=Global,OU=Groups-Shared,DC=mydomain,DC=network)(cn=*))
LDAP search timout: 60
LDAP Search Size Limit: 60
WAtt
01-17-2008, 10:56 AM
Hi

LDAP Port: 3268

Why want you use a Global Catalog port ? LDAP access doesn't support a modifications directly on Active Directory.

Try with a LDAP port 389.
jzimmerman
01-21-2008, 07:59 AM
Hi

LDAP Port: 3268

Why want you use a Global Catalog port ? LDAP access doesn't support a modifications directly on Active Directory.

Try with a LDAP port 389.

I used 3268 because that is what we are successfully using for authenticating Apache2 against the LDAP on the same server. Changing to port 389 with the above settings the same produces the same result.