* Updated JumpCloud authentication example
Updated JumpCloud authentication example. Relevant Community Support Thread: https://community.librenms.org/t/ldap-with-jumpcloud/6883
* Updated JumpCloud authentication example.
Updated JumpCloud authentication example in accordance with @murrant review.
just found a little syntax error in the docs, nothing special :)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 9145`
Allow to use full DN as value for member attribute instead of member: username
I dont use LDAP so this should be tested with both methods.
For using fulldn as user `$config['ldap_auth_userdn'] = true;` must be set in config.php
This comes from https://community.librenms.org/t/feature-request-full-dn-as-group-member-attibute-in-ldap-auth/4805
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [ x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
* LDAP debug
Updated LDAP and AD docs
ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2.
ad was using auth_ad_timeout incorrectly (1 I think)
* Add option to list all users.
* Allow the URL a user is sent to after logging out to be customised
This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout).
* Allow auth plugins to return a username
This is a bit cleaner than the current auth flow, which special cases e.g. http authentication
* Add some tests, defaults and documentation
* Add single sign-on authentication mechanism
* Make HTTPAuth use the authExternal/getExternalUsername methods
* Add to acknowledgements
* Add reset method to Auth
* feature: LDAP auth update: alerts, api, remember me
Defer ldap connection until it is needed (saves connections from pollers)
Add ability to use a bind account if the server does not allow anonymous bind.
If the server does allow anonymous bind, no config change is needed.
Use Config class
FYI, I have no way to test this.
TODO: update/validate docs
* prevent duplicate users in get_userlist()
* fix bug in Config get for auth_ldap_uid_attribute, `.` should have been `,`
Change case of uidNumber to match common configs (should be case insensitive anyway)
* revert uidnumber case changes and fix up user supplied ones as it is unintuitive that they need to be lowercase.
Add auth_ldap_binddn setting to allow more a more specific way to enter the bind user.
* feature: bind user for active_directory auth
Optional, allows the use of "remember me", API, and alerting.
* missing global (but still may not be working)
* always return a value from reauthenticate()
* Make sure the ldapbind credentials are correct on reauth.
Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc.
Add scripts/auth_test.php, to make it easier to debug authentication.
* Refine auth_test.php a bit more
A few small cleanups in other places of the auth
* Add auth_test.php to docs
Some more improvements in the auth_test.php output.
* Update Authentication.md
* Add auth_ad_(group|user)_filter options
* use global
* Fix some AD annoyances
Use the power of the LDAP filter to minimize the number of queries and
hopefully help performance in get_userlist, change semantics of
auth_ad_(user|group)_filter in $config to be anded with
samaccountname=USERNAME.
* remove unused variable
* update documentation
* Update Authentication.md
* Update Authentication.md
Added note for SELinux users with LDAP/AD and Active Directory redundancy
* Update Authentication.md
Remove extra whitespace
This Authentitation / Authorization module provides the ability to let
the webserver (e.g. Apache) do the user Authentication (using Kerberos
f.e.) and let libreNMS do the Authorization of the already known user.
Authorization and setting of libreNMS user level is done by LDAP group
names specified in the configuration file. The group configuration is
basicly copied from the existing ldap Authentication module.
To save lots of redundant queries to the LDAP server and speed up the
libreNMS WebUI, all information is cached within the PHP $_SESSION as
long as specified in $config['auth_ldap_cache_ttl'] (Default: 300s).
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
