Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sun May 28, 2017 11:09 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Domains Plugin
PostPosted: Tue May 19, 2015 4:19 am 
Offline

Joined: Tue May 19, 2015 3:54 am
Posts: 1
Hi all,
After one day searching a way to authenticate users on our openldap and give them a different default profile defined by the user's group.
I chosed to use domains plugin and it took me long time to find this post that helped me a lot for testing : http://forums.cacti.net/viewtopic.php?f=7&t=47442

The goal : define different ldap domains with same server, same options except "Group Distingished Name (DN)" and template
exemple :
Code:
Domain Type : LDAP
UserTemplate : departmentNbr_template
Authentication Method: LDAP Authentication
Server: domainserver.domain.com
Port: 389
Version: 3
Encryption: SSL
Mode: No searching
Distinguished Name: uid=<username>,ou=people,dc=MYORG,dc=fr
Require Group Membership: Checked
Group Distingished Name: cn=MYORG:xx:departmentNbr:tous,ou=Grouper,dc=MYORG,dc=fr
Group Membership Attribute: member
Group Member Type: Distingished Name
Search Base: empty
Search Filter: empty
Search Distingished Name: empty
Search Password: empty


The problem is that if I enable "Require Group Membership" in domain's definition, the option isn't realy active.
The plugin sends "group_require" with value "on" instead of "true" I don't know and can't find why. so I decided to patch lib/ldap.php as next :

Code:
--- /root/cacti/cacti_0.8.8b/lib/ldap.php   2015-05-18 15:50:47.000000000 +0200
+++ /usr/share/cacti/lib/ldap.php   2015-05-19 10:43:43.843584332 +0200
@@ -154,6 +154,7 @@
class Ldap {
   function Ldap() {

+      $this->force_rco  = true; //CDELAUNA evite d'utiliser les parames de $SESSION lors de logins consecutifs. permet de ne pas fermer/ouvrir le browser entre deux tests
      /* Initialize LDAP parameters for Authenticate */
      $this->dn         = read_config_option("ldap_dn");
      $this->host       = read_config_option("ldap_server");
@@ -249,7 +250,7 @@
         /* Bind to the LDAP directory */
         $ldap_response = @ldap_bind($ldap_conn, $this->dn, $this->password);
         if ($ldap_response) {
-            if ($this->group_require == 1) {
+            if ($this->group_require == 1 or $this->group_require == "on") { // Le plugin "domains" envoie group_require a "on" au lieu de "true" ce patch permet de le faire fonctionner quand même
               /* Process group membership if required */
               if ($this->group_member_type == 1) {
                  $ldap_group_response = @ldap_compare($ldap_conn, $this->group_dn, $this->group_attrib, $this->dn);


I think this is not a bug in cacti but in domains plugin.
Do somebody know if I should declare a bug somewhere ?
If not, I hope this post will help.
Cheers
Chatar


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group