Librenms使用ldap认证用户

2023-12-13 1 分钟阅读

我们openldap中用户和组的设置

1用户
2ou=People,dc=ddky,dc=com
3#uid;#givenName;#sn;#uidNumber;#gidNumber
4
5
6ou=group,dc=ddky,dc=com
7#cn;#gidNumber;#memberUID;#description

到librenms中, 172.18.31.10

 1cd /opt/librenms
 2vi config.php
 3$config['auth_mechanism'] = 'ldap';
 4$config['auth_ldap_server'] = '172.18.31.27';
 5$config['auth_ldap_port'] = 389;
 6$config['auth_ldap_starttls'] = False;               // Disable TLS on port 389
 7$config['auth_ldap_binddn'] = 'cn=admin,dc=ddky,dc=com'; // overrides binduser
 8$config['auth_ldap_bindpassword'] = 'nishiwode';
 9$config['auth_ldap_prefix'] = 'cn=';
10$config['auth_ldap_suffix'] = ',ou=People,dc=ddky,dc=com';   // appended to usernames
11$config['auth_ldap_groupbase'] = 'ou=group,dc=ddky,dc=com'; // all groups must be inside this
12$config['auth_ldap_groups']['admins']['level'] = 10;             // set admins group to admin level
13$config['auth_ldap_groups']['pfy']['level'] = 5;                // set pfy group to global read only level
14$config['auth_ldap_groups']['support']['level'] = 1;            // set support group as a normal user
15$config['auth_ldap_debug'] = false;                 // enable for verbose debug messages

说明: 我们的openldap因为是内部使用,所以无法设置证书,TLS是被禁止的。 openldap是禁止anonymous用户查询的,所以需要设置binddn和bindpassword 实际用户是cn=zhangranrui,ou=People,dc=ddky,dc=com,所以要设prefix librenms缺省用户有三个级别,10 5 1,对应的用户组是admins pfy support

如果要对接其他系统,也许都需要如法炮制

Librenms集成进prometheus
Shell中变量、字符串、数组、参数的技巧

相关文章

comments powered by Disqus