New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated JumpCloud authentication example #9722
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -182,17 +182,20 @@ An example config setup for use with Jumpcloud LDAP as a service is: | |
|
||
```php | ||
$config['auth_mechanism'] = "ldap"; | ||
unset($config['auth_ldap_group']); #Remove built-in group | ||
unset($config['auth_ldap_groups']); #Remove built-in groups | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Instead of unset(), I'd say overwrite them like this: $config['auth_ldap_groups'] = [
'{admin_group}' => ['level' => 10],
'{global_readonly_group}' => ['level' => 5],
]; There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This code block works, but I only have one group for my LibreNMS admins. My suggested change is for a basic example. If you don't unset the variable it just appends your desired group to the defaults. Perhaps include this codeblock in an advanced example? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. $config['auth_ldap_groups'] = [
'{admin_group}' => ['level' => 10],
]; boom, only one group. I added the second to illustrate how multiple groups would be added. (rather than duplicating the entire entry like the current docs) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Honestly, it is probably best if we remove the default groups entirely. I can't imagine why they are set. |
||
$config['auth_ldap_version'] = 3; | ||
$config['auth_ldap_server'] = "ldap.jumpcloud.com"; | ||
$config['auth_ldap_port'] = 389; | ||
$config['auth_ldap_server'] = "ldap.jumpcloud.com"; #Set to ldaps://ldap.jumpcloud.com to enable LDAPS | ||
$config['auth_ldap_port'] = 389; #Set to 636 if using LDAPS | ||
$config['auth_ldap_prefix'] = "uid="; | ||
$config['auth_ldap_suffix'] = ",ou=Users,o={id},dc=jumpcloud,dc=com"; | ||
$config['auth_ldap_groupbase'] = "cn=librenms,ou=Users,o={id},dc=jumpcloud,dc=com"; | ||
$config['auth_ldap_groupmemberattr'] = "memberUid"; | ||
$config['auth_ldap_groups']['librenms']['level'] = 10; | ||
$config['auth_ldap_groupbase'] = "ou=Users,o={id},dc=jumpcloud,dc=com"; | ||
$config['auth_ldap_groupmemberattr'] = "member"; | ||
$config['auth_ldap_groups']['{group}']['level'] = 10; | ||
$config['auth_ldap_userdn'] = true; | ||
``` | ||
|
||
Replace {id} with the unique ID provided by Jumpcloud. | ||
Replace {group} with the unique group name created in Jumpcloud. This field is case sensitive. | ||
|
||
|
||
# Radius Authentication | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be omitted it is unneeded. LibreNMS removes the default group if it is unchanged.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With this line removed the setting still remains in the "Global Settings" page as:
auth_ldap_group | cn=groupname,ou=groups,dc=example,dc=com
I would rather not see the default or placeholder setting. Though, it seems like this parameter isn't required at all for successful authentication.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dsmfool yeah, the code discards any entries that are set to that.
Feel free to keep the unset in your local config. I just don't think it should be in the docs ;)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that it shouldn't have to be unset in the docs, but it should perhaps be shown how to remove them or overwrite them until the default groups are removed.
I'm not very familiar with Git, and unaware how to modify my commit for this pull request to reflect these requested changes to my pull request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dsmfool go to the files changed tab and click the edit button. That will allow you to edit this file.
You can cancel and browse around to other files in that branch to edit them too if you want.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. Hopefully I did it correctly.