Hello Guest

Author Topic: LDAP integration with Searching User  (Read 5370 times)

0 Members and 1 Guest are viewing this topic.

Offline Thiago Lima

  • Jr. Member
  • **
  • Posts: 23
  • Karma: 1
    • View Profile
LDAP integration with Searching User
« on: January 19, 2015, 01:19:39 PM »
Hi, Pandora FMS Team

I'm using the Pandora FMS for a week now and I'm very satisfied regarding its features, the ease of use and the intuitive web interface. Everything seems to work as close as what I have with the combination of a Nagios and a Cacti implementation, but glued on the same tool. Awesome!

The LDAP integration is working flawlessly as well and the settings are as trivial as other PHP based applications. The same challenges faced here was already overcome in another implementations (e.g. Cacti). I'm even using the LDAPS feature with self signed certificates and I don't think it would be a big deal to change it to signed ones.

But as far as I'm using the Pandora FMS, I wasn't able to get the Searching User working. Since there's no way to set this on the web interface, I assume that it's not possible to be done and the authentication used by Pandora FMS is performed by binding the inserted user directly on the LDAP server.

So, have you considered put the Searching User option in order to make the bind from this user and then get the login information?


Regards,
Thiago Lima

Offline ivo_yordanov

  • Smart member
  • *****
  • Posts: 404
  • Karma: 2
    • View Profile
Re: LDAP integration with Searching User
« Reply #1 on: March 18, 2015, 07:02:14 AM »
Hello

Do you mean the option to look up users on the pandora fms console or are you refering to something else?

Regards
Ivo

Offline Thiago Lima

  • Jr. Member
  • **
  • Posts: 23
  • Karma: 1
    • View Profile
Re: LDAP integration with Searching User
« Reply #2 on: March 18, 2015, 07:17:36 AM »
Hi ivo_yordanov,

Thanks for your reply. If by "look up users" we are talking about the creation of new users based on LDAP data, so yes, I'm talking about it. I've noticed that the Pandora behavior regarding LDAP is to bind on the server one single time to gather user data such as username and password and then the user is created locally.

I'm interested on a complete integration where the Pandora FMS doesn't have the user itself but instead performs a bind to the server every time a user wants to sign in.

There's two ways for that to be done:
  • The Pandora FMS binds the LDAP server with the same username and password put on the login page;
  • The Pandora FMS binds the LDAP server with its own username and password asking the required information about the login data put on the login page.

The better way for that to be done, for me, is the number 2. But that would be very good for Pandora FMS to have both.

I'm not sure how exactly I could be useful and help on this implementation since I'm more like a sysadmin than a developer. But I make myself available for helping! :D


Regards,
Thiago Lima