* Add option to authenticate user independtly of OU
* Set config option in webui
* Compatibility with bind username option
* ran ./lnms translation:generate
* update doc
* fix a few bare URLs
* make mdl happy
* make Weathermap.md as mdl happy as possible
* make Varnish.md as mdl happy as possible
* make Two-Factor-Auth.md mdl happy
* touch one header for Syslog.md, but little can be done about the rest
* make Sub-Directory.md as mdl happy as possible
* make SNMP-Trap-Handler.md lint happy
* make SNMP-Proxy.md mdl happy
* make Smokeping.md as mdl happy as possible
* make Services.md mdl happy
* make RRDTune.md mdl happy
* cleanup RRDCached.md as much as possible
* make RRDCached-Security.md mdl happy
* make Rancid.md as mdl happy as possible
* make Proxmox.md mdl happy
* make Plugin-System.md as mdl happy as possible
* make PeeringDB.md mdl happy
* make Oxidized.md more lint happy
* make Network-Map.md mdl happy
* make MIB-based-polling.md as mdl happy as possible
* make Metric-Storage.md mdl happy
* make IRC-Bot.md as mdl happy as possible
* make IRC-Bot-Extensions.md as mdl happy as possible
* make
* make Graylog.md mdl happy
* make Gateone.md mdl happy
* make Fast-Ping-Check.md mdl happy
* make Distributed-Poller.md as mdl happy as possible
* make Dispatcher-Service.md as mdl happy as possible
* make Device-Groups.md mdl happy
* make Dell-OpenManage.md mdl happy
* make Dashboard.md mdl happy
* make Customizing-the-Web-UI.md as mdl happy as possible
* make Component.md mdl happy
* make Billing-Module.md mdl happy
* make Auto-Discovery.md mostly mdl happy
* make Authentication.md as mdl happy as possible
* tidy up a few lines in Applications.md
* make Agent-Setup.md as mdl happy as possible
* make metrics/OpenTSDB.md mdl happy
* spelling fix
* Modification of the getUserlist fonction to use ldap filter
* Modification of the getUserlist fonction to use ldap filter V2
* documentation of auth_ldap_Userlist_filter option
* documentation of auth_ldap_Userlist_filter option V2
* Allow filtering of getUserlist LDAP function
* Updated JumpCloud authentication example
Updated JumpCloud authentication example. Relevant Community Support Thread: https://community.librenms.org/t/ldap-with-jumpcloud/6883
* Updated JumpCloud authentication example.
Updated JumpCloud authentication example in accordance with @murrant review.
just found a little syntax error in the docs, nothing special :)
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 9145`
Allow to use full DN as value for member attribute instead of member: username
I dont use LDAP so this should be tested with both methods.
For using fulldn as user `$config['ldap_auth_userdn'] = true;` must be set in config.php
This comes from https://community.librenms.org/t/feature-request-full-dn-as-group-member-attibute-in-ldap-auth/4805
DO NOT DELETE THIS TEXT
#### Please note
> Please read this information carefully. You can run `./scripts/pre-commit.php` to check your code before submitting.
- [ x] Have you followed our [code guidelines?](http://docs.librenms.org/Developing/Code-Guidelines/)
#### Testers
If you would like to test this pull request then please run: `./scripts/github-apply <pr_id>`, i.e `./scripts/github-apply 5926`
* LDAP debug
Updated LDAP and AD docs
ldap protocol default to v3 (so we don't have to set it all the time). If this fails it should revert to v2.
ad was using auth_ad_timeout incorrectly (1 I think)
* Add option to list all users.
* Allow the URL a user is sent to after logging out to be customised
This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout).
* Allow auth plugins to return a username
This is a bit cleaner than the current auth flow, which special cases e.g. http authentication
* Add some tests, defaults and documentation
* Add single sign-on authentication mechanism
* Make HTTPAuth use the authExternal/getExternalUsername methods
* Add to acknowledgements
* Add reset method to Auth
* feature: LDAP auth update: alerts, api, remember me
Defer ldap connection until it is needed (saves connections from pollers)
Add ability to use a bind account if the server does not allow anonymous bind.
If the server does allow anonymous bind, no config change is needed.
Use Config class
FYI, I have no way to test this.
TODO: update/validate docs
* prevent duplicate users in get_userlist()
* fix bug in Config get for auth_ldap_uid_attribute, `.` should have been `,`
Change case of uidNumber to match common configs (should be case insensitive anyway)
* revert uidnumber case changes and fix up user supplied ones as it is unintuitive that they need to be lowercase.
Add auth_ldap_binddn setting to allow more a more specific way to enter the bind user.
* feature: bind user for active_directory auth
Optional, allows the use of "remember me", API, and alerting.
* missing global (but still may not be working)
* always return a value from reauthenticate()
* Make sure the ldapbind credentials are correct on reauth.
Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc.
Add scripts/auth_test.php, to make it easier to debug authentication.
* Refine auth_test.php a bit more
A few small cleanups in other places of the auth
* Add auth_test.php to docs
Some more improvements in the auth_test.php output.
* Update Authentication.md
* Add auth_ad_(group|user)_filter options
* use global
* Fix some AD annoyances
Use the power of the LDAP filter to minimize the number of queries and
hopefully help performance in get_userlist, change semantics of
auth_ad_(user|group)_filter in $config to be anded with
samaccountname=USERNAME.
* remove unused variable
* update documentation
* Update Authentication.md
* Update Authentication.md
Added note for SELinux users with LDAP/AD and Active Directory redundancy
* Update Authentication.md
Remove extra whitespace
This Authentitation / Authorization module provides the ability to let
the webserver (e.g. Apache) do the user Authentication (using Kerberos
f.e.) and let libreNMS do the Authorization of the already known user.
Authorization and setting of libreNMS user level is done by LDAP group
names specified in the configuration file. The group configuration is
basicly copied from the existing ldap Authentication module.
To save lots of redundant queries to the LDAP server and speed up the
libreNMS WebUI, all information is cached within the PHP $_SESSION as
long as specified in $config['auth_ldap_cache_ttl'] (Default: 300s).
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
