* Active Directory user in nested groups
* Active Directory user in nested groups
* Active Directory user in nested groups
* Use Config in new function
* Enable secure cookies for authentication
Enables secure cookies for authentication when HTTPS is used.
* Add line with example secure session cookies
* Fix comment line that's too long
* Remove session secure cookie config
* Added secure cookie config to init.php
Commented out because having this enabled will prevent the server from sending cookies over HTTPS.
* Enable secure cookies if config value provided
* Make code formatting consistent
* Remove secure cookie config
* Use $config['secure_cookies'] to set cookies
* Add default option to turn secure cookies on
* Fix formatting issues
* Set secure cookies to default to false
* Add info about secure cookies
* Fix formatting
* Remove trailing whitespace
* move secure cookie default config to defaults.inc.php
* Remove trailing whitespace
* Fix formatting
* Remove empty line by rrd config
* Remove whitespace
* fix: Fixed http-auth not honouring http_auth_guest
* Always fall back to http_auth_guest.
Make sure $username is set, otherwise, we won't try to authenticate.
* reverted elseif to default to http-auth-guest
* Update authenticate.inc.php
simplify logic
* fix: Two-Factor Auth
Moved library to a class to take advantage of namespacing and auto loading.
Update the two factor code to use the AuthenticationException for error messages.
Fix remember me to work with 2fa.
* missing change
* fix: minimize session open time
page/graphs speedup part 2
Write close the session as soon as we no longer need to write to it. Prevents the session from blocking other requests.
Do not run through full authentication functions if the session is already authenticated.
Removes password from the session as well as some items to prevent session fixation from #4608.
WARNING: This will cause issues for ad/ldap users who do not have a bind user configured!
* Do no erase username when using cookie auth.
Properly close the session in ajax_setresolution.php
* write close the session as soon as possible in ajax_setresolution.php
* Remove session regeneration. It is not compatible with the current code and would require more changes.
* Totally refactor authentication. Extract code to functions for re-use and improved readability
* Use exceptions for authentication and error logging
Tested: mysql, ad_auth with and without bind user
* fix a couple scrutinizer issues
* fix reauthenticate in radius
* fix: AD authentication when auth_ad_base_dn is an OU
OUs don't have SID, so we can't use them to figure out the domain SID
* Only match leading OUs
* Actually, might be best to remove everything except the domain components.
* fix: move user preferences dashboard and twofactor out of users table
This allows them to work with any authentication method
Add set_user_pref() and get_user_pref() helper functions
* fix edit users for other users
* Fix updated_at default timestamp
* Update and rename 183.sql to 184.sql
* removed commented out debug
* feature: bind user for active_directory auth
Optional, allows the use of "remember me", API, and alerting.
* missing global (but still may not be working)
* always return a value from reauthenticate()
* Make sure the ldapbind credentials are correct on reauth.
Do not send output if they are incorrect (use d_echo) this breaks ajax calls, etc.
Add scripts/auth_test.php, to make it easier to debug authentication.
* Refine auth_test.php a bit more
A few small cleanups in other places of the auth
* Add auth_test.php to docs
Some more improvements in the auth_test.php output.
* Update Authentication.md
* Order user alphabetically (MySQL)
* Add (admin) or (demo) after login on Edit User page
* Fix missing $user_level
* Complete the switch/case on user level
* Remove redundant case
* Remove blank line
Fixes issue where the librenms_logo_mono.svg is now loaded by making the background black to match the logo.
Update twofactor.lib.php.
Remove unused if statement
* Add auth_ad_(group|user)_filter options
* use global
* Fix some AD annoyances
Use the power of the LDAP filter to minimize the number of queries and
hopefully help performance in get_userlist, change semantics of
auth_ad_(user|group)_filter in $config to be anded with
samaccountname=USERNAME.
* remove unused variable
* update documentation
* Update Authentication.md
* Updated to remove passwords from sessions
* Remove users sessions when user deleted
* Updated when cookies are set
* Updated setcookies to always contain a value
* Added destroy_cookies() to remove users cookies on failed login
* Removed debug line
* Fixed graph issues
This Authentitation / Authorization module provides the ability to let
the webserver (e.g. Apache) do the user Authentication (using Kerberos
f.e.) and let libreNMS do the Authorization of the already known user.
Authorization and setting of libreNMS user level is done by LDAP group
names specified in the configuration file. The group configuration is
basicly copied from the existing ldap Authentication module.
To save lots of redundant queries to the LDAP server and speed up the
libreNMS WebUI, all information is cached within the PHP $_SESSION as
long as specified in $config['auth_ldap_cache_ttl'] (Default: 300s).
Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
