Table Of Contents
LDAP¶
This guide aims to describe how the LDAP authentication works on Centreon.
LDAP configuration¶
It is possible to have multiple LDAP configurations, each user will be bound to a single configuration. Let’s have a look into the configuration page.
First of all, add a new configuration:
Enter the general information regarding the configuration:
| Parameter | Description |
|---|---|
| Configuration name | Name used for identifying the configuration |
| Description | Short description regarding the configuration |
| Enable LDAP authentification | Whether this configuration is enabled for LDAP authentication |
| Store LDAP password | Whether or not user passwords will be stored in database when they log in. This could act as a fallback system if necessary |
| Auto import users | Whether the users will be automatically imported into the Centreon database on connection. When enabled, users do not need to be imported before manually before logging in. |
| LDAP search size limit | Maximum number of entries that Centreon will retrieve on lookup For better performances, it is best to keep this number as low as possible. This option is used in Import users manually |
| LDAP search timeout | Timeout on LDAP search (in seconds) |
| Contact template | Imported users will be tied to this contact template. This template is used only to extend Monitoring engine contact for notification. |
| Use service DNS | When enabled, Centreon will look for LDAP servers based on DNS. In order to see the list of servers that are registed in DNS, the command: dig _ldap._tcp.<domain.tld> SRV
|
Information regarding the LDAP server(s):
Click on the Add a new LDAP server link to declare a new LDAP server.
| Parameter | Description |
|---|---|
| Host name | Host address of the LDAP server, it can be a hostname or an IP address. |
| Port | Port used by LDAP |
| SSL | Whether SSL is enabled |
| TLS | Whether TLS is enabled |
| Order | Priority order, used in case of failover (requires two or more LDAP servers) |
Note
Failover works only if the LDAP servers have the same tree structure
Information regarding the structure of the LDAP server(s):
This part is specific to your LDAP server, contact your LDAP administrator for more information.
LDAP user import¶
It is possible to manually import users from LDAP servers.
Click on the Import users manually button from the LDAP configuration form, you will be redirected to the import page.
Select the LDAP server to scan and hit the Search button. The search should return results:
Note
When looking for a specific user, it is best to edit the search filter
Select the user(s) to import and hit the Import button. You should now see the new users in the contact list:
LDAP virtual contact groups¶
When LDAP is enabled in Centreon, you will see new contact groups appear in the form of ACL access group. These contact groups are the same as the ones that are found during the LDAP search. Linking these groups to the ACL access groups will apply global ACL rules on the freshly imported users, based on their LDAP groups.
For more information regarding the ACL mechanism of Centreon, refer to this section.
These groups are availabled in Notification contact group as well.
These options are availabled in:
- Host
- Host template
- Service by host
- Services by host group
- Service template
- Escalations options