I just wanted to post this because I just spent my whole day trying to figure out why LDAP authentication wasn't working on my windows installation.

If you have some of the recent patches for Server 2003, I'm not sure which patch it is, it adds the function where it will mark any files that were copied from an external source as possibly unsafe requiring you to go into the properties of the file and clicking the unblock button. Once you do that you can use the file properly.

Well this was the problem with my installation and I had to "Unblock" the auth_login.php file. I also went ahead and "Unblocked" the cmd.php and the poller.php file.

LDAP authentication started to work immediately.

Hope this helps.

Where did you have to unblock the file access?

I've just setup an authentication against Active Directory. In case someone has troubles with that, here are the settings (cacti 0.8.7a).
Browse to configuration, settings, authentication:

Authentication Method: Ldap Authentication
User Template: guest
Server: IP of your AD
Port Standard: 389
Protocol Version: Version 3
Encryption: None
Referrals: disabled
Mode: No searching
Distinguished Name (DN): <username>@your_domain.com

Cacti creates particular account after first login. Don't forget to change its permissions in Utilities - User management.

Good luck

Can you tell me what exactly you have entered into the fields? I just don't get it working.

I have gotten it to work with phpBB3 with the following settings:
LDAP server name: localhost
LDAP server port: 389
LDAP base dn: CN=Users,DC=my,DC=domain,DC=com
LDAP uid: samaccountname
LDAP user filter: <left empty>
LDAP e-mail attribute: mail
LDAP user dn: CN=Administrator,CN=Users,DC=my,DC=domainDC=com
LDAP password: <Administrator Password>

Can someone help me how I need to adapt these settings to work with cacti? I've tried a lot of different combinations from several posts here, but always get

Raising the log-level isn't more verbose here:


My cacti-version is 0.8.7b.

Silly question, does your password contain any characters other than numbers and letters?

No, nothing special.
I'm happy to provide more details if you like. Just tell me how I can help.

Just for a notice. I have exactly the same problem. I also get "LDAP Error: Authentication Failure" if i want to login. Maybe someone has a hint for us.

Ok, this has really be bugging me and recently I have been resolving some issues in the LDAP code.

I'm curious, where is Cacti running? Linux/Unix or Windows?

Also, if you can post or email me your settings, I would greatly appreciate it.

Hi,

i attached my settings. Of course i tried changing various settings like without encryption, protocl version 2 and 3 and so on.

Version info of the ldap-server:


OpenLDAP:


kind regards

From your settings screenshot, your "Encryption" should be "None", selecting TLS and having no port will break things.

Hi,

I get still the same error message, after setting encryption to none.

Please try "Protocol Version" = "1".

Report back.

The settings I got to work in our Windows 2003 domain:

Server: <ldap server>.domain.com
Port Standard: 389
Port SSL: 689
Protocol Version: Version 3
Encryption: None
Referrals: Disabled
Mode: Specific Searching
Distinguished Name (DN): <username>@domain.com
Search Base: ou=IT Staff,ou=IT Department,dc=domain,dc=com
Search Filter: (&(objectClass=user)(objectcategory=user)(sAMAccountName=<username>))
Search Distingished Name (DN): CN=Administrator,CN=Users,DC=domain,DC=com
Search Password: <password>

Hi,

i´ve got it running with the following settings:

Server: 192.168.***.***
Port: 389
Protocol: Version 3
Encryption: None
Referrals: disabled
Mode: no searching
DN: <username>@***.corp
Searchbase: OU=Konten,DC=***,DC=corp

Thanks for the help.

I spent quite a while getting LDAP authenticating against AD on a Windows Server 2003 DC. Cacti is running on RHEL 5.2 64-bit. This works in my environment, where we have a limited account with AD for applications to use for querying. I was finally able to get it working with the following settings:



Unfortunately, I wasn't able to get encryption working (which I know works), and also couldn't get the right search base working (ou=Alpha,ou=CountryA,dc=example,dc=com;ou=Beta,ou=CountryB,dc=example,dc=com). The php-ldap module, or the way it is implemented seem to puke on multiple search bases, no idea why yet. I thought maybe I could get it to work by specifying higher in the hierarchy (eg, dc=example,dc=com), but that didn't work either.

Hope it helps, but I probably won't be keeping it on because sending authentication info in cleartext is bad news!