[cacti-user] LDAP Error: Insuffient access

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,
      I am in the process of installing cacti 0.8.7a and using LDAP 
authentication. I get the following message when I try:
LDAP Error: Insuffient access

However I get nothing in the cacti logs even with loglevel set to debug 
and a running log of my ldap server does not show any ldap queries 
hitting it that seem like cacti queries.

Running an ldapsearch manually from the cacti machine using the 
following command works correctly:
ldapsearch -h addressbook.xxx.xxx.xxx -D 
"cn=xxxx-proxy,ou=proxy-users,dc=xxx,dc=xxx" -b 
"ou=people,dc=xxx,dc=xxx" -p 3890 cn=myusername -x -W

Can anyone please provide some insight as to why this may not be working?

My settings are as follows:

Authentication Method

    /None/ - No authentication will be used, all users will have full
    access.

    /Builtin Authentication/ - Cacti handles user authentication, which
    allows you to create users and give them rights to different areas
    within Cacti.

    /Web Basic Authentication/ - Authentication is handled by the web
    server. Users can be added or created automatically on first login
    if the Template User is defined, otherwise the defined guest
    permissions will be used.

    /LDAP Authentication/ - Allows for authentication against a LDAP
    server. Users will be created automatically on first login if the
    Template User is defined, otherwise the defined guest permissions
    will be used. If PHP's LDAP module is not enabled, LDAP
    Authentication will not appear as a selectable option.

Guest User
The name of the guest user for viewing graphs; is "No User" by default. 	
User Template
The name of the user that cacti will use as a template for new Web Basic 
and LDAP users; is "guest" by default. 	
LDAP Settings
Server
The dns hostname or ip address of the server. 	
Port Standard
TCP/UDP port for Non SSL comminications. 	
Port SSL
TCP/UDP port for SSL comminications. 	
Protocol Version
Protocol Version that the server supports. 	
Encryption
Encryption that the server supports. TLS is only supported by Protocol 
Version 3. 	
Referrals
Enable or Disable LDAP referrals. If disabled, it may increase the speed 
of searches. 	
Mode
Mode which cacti will attempt to authenicate against the LDAP server.

    /No Searching/ - No Distinguished Name (DN) searching occurs, just
    attempt to bind with the provided Distinguished Name (DN) format.

    /Anonymous Searching/ - Attempts to search for username against LDAP
    directory via anonymous binding to locate the users Distinguished
    Name (DN).

    /Specific Searching/ - Attempts search for username against LDAP
    directory via Specific Distinguished Name (DN) and Specific Password
    for binding to locate the users Distinguished Name (DN).

Distinguished Name (DN)
Distinguished Name syntax, such as for windows: 
/"<username>@win2kdomain.local"/ or for OpenLDAP: 
/"uid=<username>,ou=people,dc=domain,dc=local"/. "<username>" is 
replaced with the username that was supplied at the login prompt. This 
is only used when in "No Searching" mode. 	
Search Base
Search base for searching the LDAP directory, such as 
/"dc=win2kdomain,dc=local"/ or /"ou=people,dc=domain,dc=local"/. 	
Search Filter
Search filter to use to locate the user in the LDAP directory, such as 
for windows: 
/"(&(objectclass=user)(objectcategory=user)(userPrincipalName=<username>*))"/ 
or for OpenLDAP: /"(&(objectClass=account)(uid=<username>))"/. 
"<username>" is replaced with the username that was supplied at the 
login prompt. 	
Search Distingished Name (DN)
Distinguished Name for Specific Searching binding to the LDAP directory. 	
Search Password
Password for Specific Searching binding to the LDAP directory. 	

Any help is appreciated.

Edson Manners
University Computing Services
Florida State University