Versions Compared

Old Version 38

changes.mady.by.user Krishna Devaraya

Saved on

compared with

New Version 39

changes.mady.by.user John Sinclair

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add the auth_ldap_privs items to the four ldap methods

...

KeyDescriptionExampleComment
auth_htpasswd_fileLocation of the password file
Default is /usr/local/nmis9/conf/users.dat
auth_htpasswd_encryptEnable encrypted passwords0/1

Default is 1. Plain text passwords are checked ONLY if value is 0 or 'plaintext'

ldap

The Opmantek products will use the configured LDAP server to perform authentication.

...

privs LDAP 54.85
KeyDescriptionExampleComment
auth_ldap_User's local privileges0/1By default, set to 0. To enable the feature, set the value to 1.serverauth_ldap_server LDAP Server Namehost[:port]No defaults. Entry must be created.

auth_ldap_acc

Account Name


The LDAP account name to login to search forthe Server. The entry must be created.

auth_ldap_psw

Account Password
The password associated with the above LDAP account. The entry must be created.
auth_ldap_context contextBase Contextou=people,dc=opmantek,dc=comBase context to attempt to bind to.

auth_ldap_attr

Username LDAP Attributes
The LDAPs attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 'cn')
auth_ldap_privsUse LDAP Privileges0/1Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 (disabled)

ldaps

The Opmantek products will use the configured LDAP (Secure) server to perform authentication.

...

ldapprivs 54.85
KeyDescriptionExampleComment
auth_ldaps_User's local privileges0/1By default, set to 0. To enable the feature, set the value to 1.serverLDAPS Server Namehost[:port]auth_ldaps_server LDAPS Server Namehost[:port]No defaults. Entry must be created.

auth_ldap_acc

Account Name


The LDAP account name to search forlogin to the Server. Entry must be created

auth_ldap_psw

Account Password
The password associated with the above LDAP account. The entry must be created.
auth_ldap_context contextBase Contextou=people,dc=opmantek,dc=comBase context to attempt to bind to.

auth_ldap_attr

Username LDAP Attributes
The LDAPs attribute(s) to match to username. Can be blank; if so, it defaults to ('uid', 'cn')

...

auth_ldap

...

_privsUse LDAP Privileges0/1Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 (disabled).

ms-ldap

OMK will use the configured Microsoft Active Directory LDAP server to OMK will use the configured Microsoft Active Directory LDAP server to perform authentication.

Following are the configuration items:

 
KeyDescriptionExampleComment
auth_ms_ldap_server serverMS-Microsoft LDAP Server Namehost[:port]No defaults. Entry must be created.

auth_ms_ldap_acc

Account Name


The MS-LDAP Distinguished Name (DN)/account to bind with to login to the Server.

auth_ms_ldap_psw

Account Password
The password associated with the above MS-LDAP account. The entry must be created.
auth_ms_ldap_base baseBase Contextdc=corp,dc=opmantek,dc=comBase context to search from.

auth_ms_ldap_attr

MS-Username LDAP AttributessAMAccountNameThe MS-LDAP attribute(s) to match to username. 
auth_ms_ldap_groupLDAP GroupSales, SNMPSIM, GPON

Optional. The user is only allowed to log in if they are a member of the defined group. Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local

auth_ldap_privsUse LDAP Privileges0/1Use LDAP for Privileges and Groups. See User Authorisation with Active Directory and LDAP. By default, set to 0 (disabled).
auth_ldap_serverLDAP Server Namehost[:port]No defaults. Entry must be created.

auth_ldap_acc

Account Name


The LDAP account name to login to the Server. The entry must be created.

auth_ldap_psw

Account Password
The password associated with the above LDAP account. The entry must be created.
auth_ldap_contextBase Contextou=people,dc=opmantek,dc=comBase context to attempt to bind to.
auth_ldap_groupGroup LDAP AttributememberOf

Default is memberOf. The attribute to lookup the groups the user belongs to. 

Checks if the user logging in is associated with the defined group.Sales, SNMPSIM, GPON

 Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local

ms-ldaps

The Opmantek products will use the configured Microsoft Active Directory LDAP (Secure) server to perform authentication.

...

KeyDescriptionExampleComment
auth_ms_ldaps_server serverMS-Microsoft LDAPS Server Namehost[:port]No defaults. Entry must be created.

auth_ms_ldap_acc

Account Name


The MS-LDAP Distinguished Name (DN)/account to bind withto to login to the Server.

auth_ms_ldap_psw

Account Password
The password associated with the above MS-LDAP account. The entry must be created.
auth_ms_ldap_base baseBase Contextdc=corp,dc=opmantek,dc=comBase context to search from.

auth_ms_ldap_attr

MS-Username LDAP AttributessAMAccountNameThe MS-LDAP attribute(s) to match to username. 
auth_ms_ldap_group _ldap_groupLDAP GroupChecks if the user logging in is associated with the defined group.Sales, SNMPSIM, GPON

 Must Optional. The user is only allowed to log in if they are a member of the defined group. Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local

...

Multiple Authentication Methods

You can use up to 3 Authentication Methods authentication methods for fail back. If authentication with method 1 fails, then if they are defined, the remaining methods are tried in order. Authentication fails if they all fail. For example, if you set auth_method_1 to be LDAP and auth_method_2 to be htpasswd and login with the default NMIS credentials (and you have not changed the password), the authentication for LDAP will fail, and then htpasswd authentication with the users.dat will succeed and the NMIS user will be logged in.

Here is an example of the authentication hash inside opCommon.nmis. Remember that statements preceded by the '#' sign are 'commented out' and will not be evaluated. In this example, if ms-ldap fails, it will fail back to htpasswd.

...