mirror of
https://github.com/librenms/librenms.git
synced 2024-10-07 16:52:45 +00:00
100 lines
3.0 KiB
Markdown
100 lines
3.0 KiB
Markdown
# Authentication modules
|
|
|
|
LibreNMS supports multiple authentication modules along with [Two Factor Auth](http://docs.librenms.org/Extensions/Two-Factor-Auth/).
|
|
Here we will provide configuration details for these modules.
|
|
|
|
#### Available authentication modules
|
|
|
|
- MySQL: mysql
|
|
|
|
- LDAP: ldap
|
|
|
|
HTTP Auth: http-auth
|
|
|
|
#### User levels
|
|
|
|
- 1: Normal User. You will need to assign device / port permissions for users at this level.
|
|
|
|
- 5: Global Read.
|
|
|
|
- 10: This is a global read/write admin account
|
|
|
|
- 11: Demo Account. Provides full read/write with certain restrictions (i.e can't delete devices).
|
|
|
|
#### Enable authentication module
|
|
|
|
To enable a particular authentication module you need to set this up in config.php.
|
|
|
|
```php
|
|
$config['auth_mechanism'] = "mysql";
|
|
```
|
|
|
|
#### MySQL Authentication
|
|
|
|
Config option: `mysql`
|
|
|
|
This is default option with LibreNMS so you should have already got the configuration setup.
|
|
|
|
```php
|
|
$config['db_host'] = "HOSTNAME";
|
|
$config['db_user'] = "DBUSER";
|
|
$config['db_pass'] = "DBPASS";
|
|
$config['db_name'] = "DBNAME";
|
|
```
|
|
|
|
#### HTTP Authentication
|
|
|
|
Config option: `http-auth`
|
|
|
|
LibreNMS will expect the user to have authenticated via your webservice already. At this stage it will need to assign a
|
|
userlevel for that user which is done in one of two ways:
|
|
|
|
- A user exists in MySQL still where the usernames match up.
|
|
|
|
- A global guest user (which still needs to be added into MySQL:
|
|
```php
|
|
$config['http_auth_guest'] = "guest";
|
|
```
|
|
This will then assign the userlevel for guest to all authenticated users.
|
|
|
|
#### LDAP Authentication
|
|
|
|
Config option: `ldap`
|
|
|
|
This one is a little more complicated :)
|
|
|
|
```php
|
|
$config['auth_ldap_version'] = 3; # v2 or v3
|
|
$config['auth_ldap_server'] = "ldap.example.com";
|
|
$config['auth_ldap_port'] = 389;
|
|
$config['auth_ldap_prefix'] = "uid=";
|
|
$config['auth_ldap_suffix'] = ",ou=People,dc=example,dc=com";
|
|
$config['auth_ldap_group'] = "cn=groupname,ou=groups,dc=example,dc=com";
|
|
|
|
$config['auth_ldap_groupbase'] = "ou=group,dc=example,dc=com";
|
|
$config['auth_ldap_groups']['admin']['level'] = 10;
|
|
$config['auth_ldap_groups']['pfy']['level'] = 7;
|
|
$config['auth_ldap_groups']['support']['level'] = 1;
|
|
$config['auth_ldap_groupmemberattr'] = "memberUid";
|
|
```
|
|
|
|
Typically auth_ldap_suffix, auth_ldap_group, auth_ldap_groupbase, auth_ldap_groups are what's required to be configured.
|
|
|
|
An example config setup for use with Jumpcloud LDAP as a service is:
|
|
|
|
```php
|
|
$config['auth_mechanism'] = "ldap"; # default, other options: ldap, http-auth
|
|
unset($config['auth_ldap_group']);
|
|
unset($config['auth_ldap_groups']);
|
|
$config['auth_ldap_groups']['librenms']['level'] = 10;
|
|
$config['auth_ldap_version'] = 3; # v2 or v3
|
|
$config['auth_ldap_server'] = "ldap.jumpcloud.com";
|
|
$config['auth_ldap_port'] = 389;
|
|
$config['auth_ldap_prefix'] = "uid=";
|
|
$config['auth_ldap_suffix'] = ",ou=Users,o={id},dc=jumpcloud,dc=com";
|
|
$config['auth_ldap_groupbase'] = "cn=librenms,ou=Users,o={id},dc=jumpcloud,dc=com";
|
|
$config['auth_ldap_groupmemberattr'] = "memberUid";
|
|
```
|
|
|
|
Replace {id} with the unique ID provided by Jumpcloud.
|