我们openldap中用户和组的设置
用户:
ou=People,dc=ddky,dc=com
#uid;#givenName;#sn;#uidNumber;#gidNumber
组:
ou=group,dc=ddky,dc=com
#cn;#gidNumber;#memberUID;#description
到librenms中, 172.18.31.10
cd /opt/librenms
vi config.php
$config['auth_mechanism'] = 'ldap';
$config['auth_ldap_server'] = '172.18.31.27';
$config['auth_ldap_port'] = 389;
$config['auth_ldap_starttls'] = False; // Disable TLS on port 389
$config['auth_ldap_binddn'] = 'cn=admin,dc=ddky,dc=com'; // overrides binduser
$config['auth_ldap_bindpassword'] = 'nishiwode';
$config['auth_ldap_prefix'] = 'cn=';
$config['auth_ldap_suffix'] = ',ou=People,dc=ddky,dc=com'; // appended to usernames
$config['auth_ldap_groupbase'] = 'ou=group,dc=ddky,dc=com'; // all groups must be inside this
$config['auth_ldap_groups']['admins']['level'] = 10; // set admins group to admin level
$config['auth_ldap_groups']['pfy']['level'] = 5; // set pfy group to global read only level
$config['auth_ldap_groups']['support']['level'] = 1; // set support group as a normal user
$config['auth_ldap_debug'] = false; // enable for verbose debug messages
说明: 我们的openldap因为是内部使用,所以无法设置证书,TLS是被禁止的。 openldap是禁止anonymous用户查询的,所以需要设置binddn和bindpassword 实际用户是cn=zhangranrui,ou=People,dc=ddky,dc=com,所以要设prefix librenms缺省用户有三个级别,10 5 1,对应的用户组是admins pfy support
如果要对接其他系统,也许都需要如法炮制