Created
October 16, 2014 07:55
-
-
Save shaneramey/8a70c3b0c325fe7664d9 to your computer and use it in GitHub Desktop.
Configuring Cacti to use Active Directory LDAP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I recently had the opportunity to configure Cacti (0.8.7e) to use LDAP authentication in order to provide network logins for people who might want to view the Cacti graphs. We use this in conjunction with the thold plugin to generate threshold notifications in case disks fill up or other thresholds are met, and email the administrator responsible for managing that machine. These instructions are for Cacti running on a Debian 5.0 box with the PHP LDAP module enabled (by "apt-get install php5-ldap"; other distributions might make you configure an extension=ldap.so .ini file in the /etc/php directory). This queries a Windows Server 2003 Active Directory Domain Controller. | |
General | |
Authentication Method: LDAP Authentication | |
Special Users | |
Guest User: guest | |
User Template: guest | |
LDAP General Settings | |
Server: servername.domain.com | |
Port Standard: 389 | |
Port SSL: 636 | |
Protocol Version: Version 3 | |
Encryption: None (if you know how to enable encryption, please leave a comment below) | |
Referrals: Disabled | |
Mode: Specific Searching | |
Distinguished Name (DN): blank | |
Require Group Membership: Checked | |
LDAP Group Settings | |
Group Distinguished Name (DN): CN=Group You Are A Member Of,OU=Whatever the OU of that Group is*,DC=domain,DC=com | |
(*If you need to know the full DN try using a free LDAP browser like JXplorer) | |
Group Member Attribute: member | |
Group Member Type: Distinguished Name | |
LDAP Specific Search Settings | |
Search Base: DC=domain,DC=com | |
Search Filter: cn=LDAPUser,OU=Service Accounts,DC=domain,dc=com | |
Search Password: password | |
(this is the username and password Cacti uses to check your login credentials at its login screen) |
Encryption: None (if you know how to enable encryption, please leave a comment below)
You must have a self-signed certificate generated by your AD server, add it in /etc/ssl/certs/ca-certificates.crt for Ubuntu or /etc/ssl/certs/ca-bundle.crt CentOS.
In Authentication Settings
Server: ad.yourdomain.com (DNS of your AD server the same that is in the certificate)
SSL port: 636
Encryption: SSL
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
to enable ldaps you will need to make configuration changes to your windows domain controllers.
I haven't done this myself but I believe you would need to do something like this:
https://www.petri.com/enable-secure-ldap-windows-server-2008-2012-dc