docs: Update Authentication.md (#4387)

* Update Authentication.md Added note for SELinux users with LDAP/AD and Active Directory redundancy * Update Authentication.md Remove extra whitespace
2024-10-07 16:52:45 +00:00 · 2016-09-09 16:18:07 +02:00
parent 956e18ffcd
commit 5ef5d65458
1 changed files with 15 additions and 0 deletions
--- a/doc/Extensions/Authentication.md
+++ b/doc/Extensions/Authentication.md
@@ -34,6 +34,13 @@ To enable a particular authentication module you need to set this up in config.p
 $config['auth_mechanism'] = "mysql";
 ```

+#### Note for SELinux users
+When using SELinux on the LibreNMS server, you need to allow Apache (httpd) to connect LDAP/Active Directory server, this is disabled by default. You can use SELinux Booleans to allow network access to LDAP resources with this command:
+
+```shell
+setsebool -P httpd_can_connect_ldap=1
+```
+
 #### MySQL Authentication

 Config option: `mysql`
@@ -155,6 +162,14 @@ $config['auth_ad_groups']['<ad-usergroup>']['level']  = 7;

 Replace `<ad-admingroup>` with your Active Directory admin-user group and `<ad-usergroup>` with your standard user group.

+##### Active Directory redundancy
+
+You can set two Active Directory servers by editing the `$config['auth_ad_url']` like this example:
+
+```
+$config['auth_ad_url'] = "ldaps://dc1.example.com ldaps://dc2.example.com";
+```
+
 #### Radius Authentication

 Please note that a mysql user is created for each user the logs in successfully. User level 1 is assigned to those accounts so you will then need to assign the relevant permissions unless you set `$config['radius']['userlevel']` to be something other than 1.