Hi Nicolas, You’re right that Icinga Web 2 fetches all users found in the defined DN. We’re struggling a bit w/ server side sorting and pagination at the moment. You’re chance to limit the list of users is to define a base_dn in the authentication.ini pointing to the DN where users are found. Further you may define a filter like "!(objectClass=computer)“ for ignoring computer accounts or limiting users which are member of specific groups. Hope this helps.
Best, Eric > Am 13.08.2015 um 14:41 schrieb Nicolas Odermatt <[email protected]>: > > Does anyone have experience in configuring Icingaweb2 for LDAP authentication? > > I'm struggling with the issue described below and it's a blocked for our > go-live to customers. I'm sure there's an obvious explanation to how the > display name can be changed but I'm out of ideas. Grateful for any sort of > hints. > > Thanks a lot in advance. > Nicolas > > On 11 August 2015 at 10:40, Nicolas Odermatt <[email protected]> wrote: > Hi guys, > > Last week I finished the configuration to allow LDAP login on the icingaweb2 > frontend on my monitoring instance. I was able to log-in with my credentials > successfully and so were my colleagues as well. When I wanted to modify the > roles and role membership though I noticed that the request to load the page > (/icingaweb2/user/list) took oddly long. In the end, I would see an error > message from PHP saying that it tried to allocate more memory than configured > [0]. > > I've got the feeling that Icinga tries to fetch a list of all users which are > in the defined DN but it might just be required to allocate more memory to > the process. Upon changing the root dn to include the "users" folder I get > displayed a list of accounts but their sorted by some sort of ID (see > screenshot). I guess I'm using a wrong setting in the authentication.ini but > am not sure which. I'd rather not just tinker around so I'd be grateful for > some thoughts from a different perspective. > > Thanks in advance! > > Nicolas > > > [0] Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to > allocate 32 bytes) in /usr/share/php/Icinga/Protocol/Ldap/Connection.php on > line 491 > > [1]authentication.ini > [auth_ldap] > backend = "ldap" > resource = "AD" > user_class = "user" > user_name_attribute = "sAMAccountName" > > [2]resources.ini > [AD] > type = "ldap" > hostname = "ldaps://globalad.corp.contoso.com" > port = "636" > root_dn = "DC=contosonet,DC=global,DC=contoso,DC=com" > bind_dn = > "CN=ldapbind,CN=users,DC=contosonet,DC=global,DC=contoso,DC=com" > bind_pw = "password" > > -- > Freundliche Grüsse, > Nicolas Odermatt > > > > > -- > Freundliche Grüsse, > Nicolas Odermatt > > _______________________________________________ > icinga-users mailing list > [email protected] > https://lists.icinga.org/mailman/listinfo/icinga-users -- Eric Lippmann Application Developer NETWAYS GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 GF: Julian Hein, Bernd Erk | AG Nuernberg HRB18461 http://www.netways.de | [email protected] ** OSBConf 2015 - September - osbconf.org ** ** OSMC 2015 - November - netways.de/osmc ** _______________________________________________ icinga-users mailing list [email protected] https://lists.icinga.org/mailman/listinfo/icinga-users
