Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated JumpCloud authentication example #9722

Merged
merged 2 commits into from Feb 15, 2019
Merged

Updated JumpCloud authentication example #9722

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3f84a6e
Updated JumpCloud authentication example
dsmfool Jan 23, 2019
e3fc047
Updated JumpCloud authentication example.
dsmfool Jan 28, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 9 additions & 6 deletions doc/Extensions/Authentication.md
View file
Open in desktop
Expand Up @@ -182,17 +182,20 @@ An example config setup for use with Jumpcloud LDAP as a service is:

```php
$config['auth_mechanism'] = "ldap";
unset($config['auth_ldap_group']); #Remove built-in group
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be omitted it is unneeded. LibreNMS removes the default group if it is unchanged.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this line removed the setting still remains in the "Global Settings" page as:
auth_ldap_group | cn=groupname,ou=groups,dc=example,dc=com

I would rather not see the default or placeholder setting. Though, it seems like this parameter isn't required at all for successful authentication.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dsmfool yeah, the code discards any entries that are set to that.

Feel free to keep the unset in your local config. I just don't think it should be in the docs ;)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that it shouldn't have to be unset in the docs, but it should perhaps be shown how to remove them or overwrite them until the default groups are removed.

I'm not very familiar with Git, and unaware how to modify my commit for this pull request to reflect these requested changes to my pull request.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dsmfool go to the files changed tab and click the edit button. That will allow you to edit this file.

You can cancel and browse around to other files in that branch to edit them too if you want.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done. Hopefully I did it correctly.

unset($config['auth_ldap_groups']); #Remove built-in groups
Copy link
Member

@murrant murrant Jan 23, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of unset(), I'd say overwrite them like this:

$config['auth_ldap_groups'] = [
    '{admin_group}' => ['level' => 10],
    '{global_readonly_group}' => ['level' => 5],
];

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code block works, but I only have one group for my LibreNMS admins. My suggested change is for a basic example. If you don't unset the variable it just appends your desired group to the defaults. Perhaps include this codeblock in an advanced example?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

$config['auth_ldap_groups'] = [
    '{admin_group}' => ['level' => 10],
];

boom, only one group. I added the second to illustrate how multiple groups would be added. (rather than duplicating the entire entry like the current docs)

Copy link
Member

@murrant murrant Jan 24, 2019
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honestly, it is probably best if we remove the default groups entirely. I can't imagine why they are set.

$config['auth_ldap_version'] = 3;
$config['auth_ldap_server'] = "ldap.jumpcloud.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_server'] = "ldap.jumpcloud.com"; #Set to ldaps://ldap.jumpcloud.com to enable LDAPS
$config['auth_ldap_port'] = 389; #Set to 636 if using LDAPS
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",ou=Users,o={id},dc=jumpcloud,dc=com";
$config['auth_ldap_groupbase'] = "cn=librenms,ou=Users,o={id},dc=jumpcloud,dc=com";
$config['auth_ldap_groupmemberattr'] = "memberUid";
$config['auth_ldap_groups']['librenms']['level'] = 10;
$config['auth_ldap_groupbase'] = "ou=Users,o={id},dc=jumpcloud,dc=com";
$config['auth_ldap_groupmemberattr'] = "member";
$config['auth_ldap_groups']['{group}']['level'] = 10;
$config['auth_ldap_userdn'] = true;
```

Replace {id} with the unique ID provided by Jumpcloud.
Replace {group} with the unique group name created in Jumpcloud. This field is case sensitive.


# Radius Authentication
Expand Down