diff --git a/LibreNMS/Authentication/LdapAuthorizer.php b/LibreNMS/Authentication/LdapAuthorizer.php index 1373cf2ba2b1..08d61c6e9626 100644 --- a/LibreNMS/Authentication/LdapAuthorizer.php +++ b/LibreNMS/Authentication/LdapAuthorizer.php @@ -29,6 +29,12 @@ public function authenticate($credentials) if ((Config::has('auth_ldap_binduser') || Config::has('auth_ldap_binddn')) && Config::has('auth_ldap_bindpassword')) { $this->bind(); } + + if (Config::get('auth_ldap_require_groupmembership') === false) { + // skip group check if the server does not support ldap_compare (hint: google gsuite ldap) + return true; + } + $ldap_groups = $this->getGroupList(); if (empty($ldap_groups)) { // no groups, don't check membership diff --git a/misc/config_definitions.json b/misc/config_definitions.json index 7e8444d8cc8b..bf0e730e7c30 100644 --- a/misc/config_definitions.json +++ b/misc/config_definitions.json @@ -578,6 +578,13 @@ "order": 0, "type": "text" }, + "auth_ldap_require_groupmembership": { + "default": true, + "group": "auth", + "section": "ldap", + "order": 4, + "type": "boolean" + }, "auth_ldap_starttls": { "default": "disabled", "group": "auth", diff --git a/resources/lang/en/settings.php b/resources/lang/en/settings.php index 4750d1955375..1732965aa841 100644 --- a/resources/lang/en/settings.php +++ b/resources/lang/en/settings.php @@ -365,6 +365,10 @@ 'description' => 'Group access', 'help' => 'Define groups that have access and level', ], + 'auth_ldap_require_groupmembership' => [ + 'description' => 'LDAP Group membership verification', + 'help' => 'Perform (or skip) ldap_compare when the provider allows (or does not) for the Compare action.', + ], 'auth_ldap_port' => [ 'description' => 'LDAP port', 'help' => 'Port to connect to servers on. For LDAP it should be 389, for LDAPS it should be 636',