Cacti (home)ForumsRepositoryDocumentation
Cacti: offical forums and support  

 FAQFAQ   SearchSearch   MemberlistMemberlist    RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in    


LDAP Authentication extension

 
Post new topic   Reply to topic    Cacti Forum Index -> Feature Requests
Author Message
Guest
PostPosted: Wed Sep 17, 2003 4:39 pm    Post subject: LDAP Authentication extension Reply with quote
I would like to have an LDAP user search account which finds the authenticating user's dn.
This is needed because users are not allways under the same branch (see below) in the directory so the dn is not fixed.
If this option is implemented then it will also require the ability to run an external script to add new users to LDAP.

Tree Eg.

Code:

realms
    foo.com
        user1@foo.com
        user2@foo.com
    bar.com
        user1@bar.com
Back to top
ablyler



Joined: 19 Mar 2002
Posts: 40
Location: Marysville, PA
PostPosted: Mon Sep 29, 2003 9:45 am    Post subject: LDAP and Cacti Reply with quote
This is a great idea, I too have given this a great deal of thought.

I initially created the LDAP code for my company's Windows 2000 Active Directory. I knew that eventually I would need to scale to code to allow for users to restrict access on a LDAP container based level.

Maybe it would be beneficial to have authentication groups, where you can define what rights the group has and then you can link the group to a LDAP object and/or just add standard cacti user accounts.

I do realize that the current LDAP support is limited and will not work for everyone.

In any case this will take a lot more brain storming.
Back to top
TheWitness
Developer


Joined: 14 May 2002
Posts: 9692
Location: MI, USA
PostPosted: Sun Oct 05, 2003 6:31 am    Post subject: >> LDAP Authentication << Reply with quote
I suggest that you maintain lists of users locally and then associate each users with their respective directory or simply as a local user as you do now. Each user would be associated with pre-defined access levels.

As eluded to, user types would be local, active directory, or LDAP. Then each user type would would be authenticated using the appropriate method or api. Some consideration should be given to the potential that each user could be associated with different LDAP or AD directories. Therefore, there will have to be some association of ID's to their respective directory. For example, in my company our IT is performed by one supplier who have their own AD, while the customer maintains another AD. Both groups of users are likely required to access the system.

Keep in mind that it is more difficult in some corporate worlds to make changes in LDAP than it is to simply query one.

It's been a long time since I posted. It looks like the product is comming along well! I will be providing additional commentary in the near future. Peace!

Larry Adams
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Cacti Forum Index -> Feature Requests All times are GMT - 5 Hours
Page 1 of 1

 



Powered by phpBB © 2001, 2005 phpBB Group