* fix: AD authentication when auth_ad_base_dn is an OU
OUs don't have SID, so we can't use them to figure out the domain SID
* Only match leading OUs
* Actually, might be best to remove everything except the domain components.
* fix: move user preferences dashboard and twofactor out of users table
This allows them to work with any authentication method
Add set_user_pref() and get_user_pref() helper functions
* fix edit users for other users
* Fix updated_at default timestamp
* Update and rename 183.sql to 184.sql
* removed commented out debug
* feature: bind user for active_directory auth
Optional, allows the use of "remember me", API, and alerting.
* missing global (but still may not be working)
* always return a value from reauthenticate()
* Make sure the ldapbind credentials are correct on reauth.
Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc.
Add scripts/auth_test.php, to make it easier to debug authentication.
* Refine auth_test.php a bit more
A few small cleanups in other places of the auth
* Add auth_test.php to docs
Some more improvements in the auth_test.php output.
* Update Authentication.md
* Order user alphabetically (MySQL)
* Add (admin) or (demo) after login on Edit User page
* Fix missing $user_level
* Complete the switch/case on user level
* Remove redundant case
* Remove blank line
Fixes issue where the librenms_logo_mono.svg is now loaded by making the background black to match the logo.
Update twofactor.lib.php.
Remove unused if statement
* Add auth_ad_(group|user)_filter options
* use global
* Fix some AD annoyances
Use the power of the LDAP filter to minimize the number of queries and
hopefully help performance in get_userlist, change semantics of
auth_ad_(user|group)_filter in $config to be anded with
samaccountname=USERNAME.
* remove unused variable
* update documentation
* Update Authentication.md
* Updated to remove passwords from sessions
* Remove users sessions when user deleted
* Updated when cookies are set
* Updated setcookies to always contain a value
* Added destroy_cookies() to remove users cookies on failed login
* Removed debug line
* Fixed graph issues
This Authentitation / Authorization module provides the ability to let
the webserver (e.g. Apache) do the user Authentication (using Kerberos
f.e.) and let libreNMS do the Authorization of the already known user.
Authorization and setting of libreNMS user level is done by LDAP group
names specified in the configuration file. The group configuration is
basicly copied from the existing ldap Authentication module.
To save lots of redundant queries to the LDAP server and speed up the
libreNMS WebUI, all information is cached within the PHP $_SESSION as
long as specified in $config['auth_ldap_cache_ttl'] (Default: 300s).
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Tony Murray
Neil Lathwood
rockyluke
Eldon Koyle
Joachim Tingvold
jonathon-k
Vitali Kari
Adam Winberg
Ultra2D
Maximilian Wilhelm
Daniel Preussker
vizay
Peter Lamperud
Falk Stern