I’m in process of restoring icingaweb2. Initially I was able to login using database authentication with user icinga_admin. Now the ldap authentication is working and can’t use the same account to login. I can log in with ldap but don’t have access to many features as restoration is still on going. From this link I remember that I didn’t generate a new icingaweb2 token. Please advise.
did you assign permissions/roles to the ldap users/groups in
/etc/icingaweb2/roles.ini? Something like this may work:
[icinga-admins] groups = "admins" users = "userA, userB" permissions = "*"
[icingaweb2] backend = "db" resource = "icingaweb_db" [kenindia_AD_AUTH] resource = "abc_AD" filter = "!(objectClass=computer)" backend = "msldap" domain = "abc.com" base_dn = "OU=IT,OU=abc_Users,DC=ad,DC=abc,DC=com" ~
You’re showing us the content of authentication.ini file, but as @ritzgu wrote, you need to add permissions in roles.ini file.
Thanks. Sent details of wrong file. Below is content of roles.ini
[Administrators] users = "icinga_admin" permissions = "*" groups = "Administrators" [IT Admin] groups = "IT_Users" permissions = "application/log,module/director,director/*,director/audit,director/showconfig,director/deploy,director/hosts,director/users,director/notifications,director/monitoring/services-ro,module/doc,doc/*,module/monitoring,monitoring/command/*,monitoring/command/schedule-check,monitoring/command/schedule-check/active-only,monitoring/command/acknowledge-problem,monitoring/command/remove-acknowledgement,monitoring/command/comment/*,monitoring/command/comment/add,monitoring/command/comment/delete,monitoring/command/downtime/schedule,monitoring/command/feature/instance,monitoring/command/feature/object/*,monitoring/command/send-custom-notification,module/x509"
I guess those are the users/groups that you used for database authentication? Can you add your ldap user to the file and try to connect again?
Maybe like this:
[ldap-icinga-admins] users = "ldap_user_name" permissions = "*"
I’m able to log in using LDAP however there are no modules enabled for my account.
This is why I’m trying to find away to login using the icinga_admin account which uses databases authentication.I thought I could user the username “.icinaga_admin” like in windows.
So did you try to assign the permissions in
roles.ini to this user?
[admins] users = "firstname.lastname@example.org" # or "username" depending on configuration permissions = "*"
Did you also restore the icingaweb database? I just tested it and can use ldap and db authentication at the same time.
Another way could be to reenable the setup module with
icingacli module enable setup
and restart the setup (https://host_name/icingaweb2/setup). Generate a new token with
icingacli setup token create.
Be careful that this will probably overwrite your existing icingaweb2 configuration, so running a backup/snapshot is recommended.