IBM Support

Enable LDAP authentication in RTM

Question & Answer


Question

How to enable LDAP authentication in RTM ?

Answer


1. Login to RTM server with admin username and password via Web GUI.


2. Go to config > Cacti Configuration > Cacti Settings > Authentication

Select "LDAP Authentication" under Authentication Method.



3. Fill in the LDAP General Settings info


Then based on the mode, fill in appropriate info
case 1: If Mode = No Searching, fill in Distinguished Name (DN) only, <username> will be replaced by real username during login to get the user Distinguished Name


case 2: If Mode = Anonymous search (ldap search does not require credentials), fill in Search Base and Search filter. RTM will perform anonymous search to find the Distinguished Name of the login user.


case 3: If Mode = Specific search (ldap search requires credentials), fill in all fields under LDAP Specific Search Settings. RTM will use Search Distinguished Name (DN) and Search Password as the credential for ldap search.


Optional, if the LDAP user should belong to a certain group (user not in the group cannot login), then check "Require Group Membership" box and fill in LDAP Group Settings accordingly.


You may contact network administrator of the organization for info about the required fields.


4. If everything goes well, logout. Select LDAP option and login using LDAP account.



If RTM still can't reach LDAP server, follow the below troubleshooting steps :
1. Check ldap.conf for proper information :

# cat /etc/openldap/ldap.conf
LS_CACERTDIR /etc/openldap/cacerts
URI ldap://server1.lab.xyz.com/ ldap://server2.lab.xyz.com/
BASE dc=lab,dc=xyz,dc=com

2. Clean browser cache and restart the browser.

3. Check if the LDAP TCP/UDP port, 389 is open through firewall

4. Check LDAP connectivity via command line, if the host is able to reach LDAP server. If it runs, compare the content of the file with the settings in the GUI.

# ldapsearch -h server1.lab.xyz.com -p 389 -x -b "dc=lab,dc=xyz,dc=com"
where server1.lab.xyz.com is the ldap server

5. While LDAP users having problem trying to login and the following error message is encountered:
"Error: Access Denied, please contact you Cacti Administrator."
The User Template should be set for the new users (guest by default). It should not be set to "No User".



Restart the browser and try to log-in again.

6. Check the cacti logs for hints

[{"Product":{"code":"SSKU4M","label":"Platform RTM Data Collectors for LSF"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.0.8","Edition":"Standard","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
19 August 2022

UID

isg3T1023022

Page Feedback