mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
librenms-librenms/doc/Extensions/Authentication.md
laf 6ef66cc15d Added missing to
2015-05-06 11:22:50 +01:00

3.0 KiB
Raw Blame History

Authentication modules

LibreNMS supports multiple authentication modules along with Two Factor Auth. Here we will provide configuration details for these modules.

Available authentication modules

  • MySQL: mysql

  • LDAP: ldap

HTTP Auth: http-auth

User levels

  • 1: Normal User. You will need to assign device / port permissions for users at this level.

  • 5: Global Read.

  • 10: This is a global read/write admin account

  • 11: Demo Account. Provides full read/write with certain restrictions (i.e can't delete devices).

Enable authentication module

To enable a particular authentication module you need to set this up in config.php.

$config['auth_mechanism'] = "mysql";

MySQL Authentication

Config option: mysql

This is default option with LibreNMS so you should have already got the configuration setup.

$config['db_host'] = "HOSTNAME";
$config['db_user'] = "DBUSER";
$config['db_pass'] = "DBPASS";
$config['db_name'] = "DBNAME";

HTTP Authentication

Config option: http-auth

LibreNMS will expect the user to have authenticated via your webservice already. At this stage it will need to assign a userlevel for that user which is done in one of two ways:

  • A user exists in MySQL still where the usernames match up.

  • A global guest user (which still needs to be added into MySQL:

$config['http_auth_guest'] = "guest";

This will then assign the userlevel for guest to all authenticated users.

LDAP Authentication

Config option: ldap

This one is a little more complicated :)

$config['auth_ldap_version'] = 3; # v2 or v3
$config['auth_ldap_server'] = "ldap.example.com";
$config['auth_ldap_port']   = 389;
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",ou=People,dc=example,dc=com";
$config['auth_ldap_group']  = "cn=groupname,ou=groups,dc=example,dc=com";

$config['auth_ldap_groupbase'] = "ou=group,dc=example,dc=com";
$config['auth_ldap_groups']['admin']['level'] = 10;
$config['auth_ldap_groups']['pfy']['level'] = 7;
$config['auth_ldap_groups']['support']['level'] = 1;
$config['auth_ldap_groupmemberattr'] = "memberUid";

Typically auth_ldap_suffix, auth_ldap_group, auth_ldap_groupbase, auth_ldap_groups are what's required to be configured.

An example config setup for use with Jumpcloud LDAP as a service is:

$config['auth_mechanism'] = "ldap"; # default, other options: ldap, http-auth
unset($config['auth_ldap_group']);
unset($config['auth_ldap_groups']);
$config['auth_ldap_groups']['librenms']['level'] = 10;
$config['auth_ldap_version'] = 3; # v2 or v3
$config['auth_ldap_server'] = "ldap.jumpcloud.com";
$config['auth_ldap_port'] = 389;
$config['auth_ldap_prefix'] = "uid=";
$config['auth_ldap_suffix'] = ",ou=Users,o={id},dc=jumpcloud,dc=com";
$config['auth_ldap_groupbase'] = "cn=librenms,ou=Users,o={id},dc=jumpcloud,dc=com";
$config['auth_ldap_groupmemberattr'] = "memberUid";

Replace {id} with the unique ID provided by Jumpcloud.