Purge AD users after x days
lnms config:set active_directory.users_purge 30The following groups are available for use:
| Level | Account Type | Description |
|---|---|---|
| 1 | Normal User | You will need to assign device / port permissions for users at this level. |
| 5 | Global Read | Read only Administrator. |
| 10 | Administrator | This is a global read/write admin account. |
| 11 | Demo Account | Provides full read/write with certain restrictions (i.e can't delete devices). |
Show AD auth groups
lnms config:get auth_ad_groupsDefine a group's privilege level
lnms config:set auth_ad_groups.LNMS_ADMIN.level 10
The following config method is depreciated. the lnms CLI utility should be used.
In config.php
#-----------------------#
# AD Auth Configuration #
#-----------------------#
$config['auth_mechanism'] = 'active_directory';
$config['auth_ad_url'] = 'ldaps://dc1.int.mydomain.net ldaps://dc2.int.mydomain.net'; // Set server(s), space separated. Prefix with ldaps:// for ssl
$config['auth_ad_domain'] = 'int.mydomain.net';
$config['auth_ad_base_dn'] = 'CN=Users,DC=int,DC=mydomain,DC=net'; // groups and users must be under this dn
$config['auth_ad_check_certificates'] = true; // require a valid ssl certificate
$config['auth_ad_binduser'] = 'bind.user'; // bind user (non-admin)
$config['auth_ad_bindpassword'] = '************'; // bind password
$config['auth_ad_timeout'] = 5; // time to wait before giving up (or trying the next server)
$config['auth_ad_debug'] = false; // enable for verbose debug messages
$config['active_directory']['users_purge'] = 30; // purge users who haven't logged in for 30 days.
$config['auth_ad_require_groupmembership'] = true; // false: allow all users to auth level 0
$config['auth_ad_groups']['LNMS_Admin']['level'] = 10; // set the "AD AdminGroup" group to admin level
$config['auth_ad_groups']['LNMS_RO']['level'] = 5; // set the "AD UserGroup" group to global read only level
$config['auth_ad_user_filter'] = "(objectclass=user)";
$config['auth_ad_group_filter'] = "(objectclass=group)";