Using OpenLDAP with LibreNMS

Learn how to integrate OpenLDAP with LibreNMS for centralized user authentication and improve network monitoring efficiency.

Updated at July 11th, 2025

+ More

Table of Contents

Essential auth_ldap_uid_attribute auth_ldap_groupmemberattr auth_ldap_groups auth_ldap_starttls auth_ldap_server auth_ldap_port auth_ldap_suffix auth_ldap_groupbase auth_mechanism auth_ldap_require_groupmembership Testing Setting variables Web UI Command line Pre load configuration for Docker Issue with current LibreNMS

LibreNMS is a fully-featured, open-source network monitoring system written in PHP. It utilizes SNMP to automatically discover and monitor various network devices and services, including routers, switches, servers, and more. LibreNMS offers features like customizable dashboards, alerting, and a comprehensive API for management and data retrieval.

You can either configure LibreNMS from the web user interface or from the command line. This is a list of the variables that you should set.

Essential

auth_ldap_uid_attribute

uid

This sets ‘uid’ as the unique ldap attribute for users.

auth_ldap_groupmemberattr

member

auth_ldap_groups

{"nms_admin": {"level": 10}}'

auth_ldap_groups.nms_admin.level: 10

These two examples produce the same results. Both examples set the group ‘nms_admin’ as Admin (level 10.) Set others to match more groups at different levels.

auth_ldap_starttls

false

auth_ldap_server

[ldap server ip]

auth_ldap_port

auth_ldap_suffix

,ou=people,dc=example,dc=com

Not sure if the case of people actually matters. Make sure you keep the initial comma.

auth_ldap_groupbase

ou=groups,dc=example,dc=com

auth_mechanism

ldap

Be careful with this as you will lock yourself out if ldap does not work correctly. Set back to ‘mysql’ to turn ldap off.

auth_ldap_require_groupmembership

false

Testing

Use the test script to make sure it works:

./script/auth_test.php -u <user>

Make sure the level is correctly populated. It should look like this:

librenms:/opt/librenms# ./scripts/auth_test.php -uadmin
Authentication Method: ldap
Password:
Authenticate user admin:
AUTH SUCCESS

User (admin):
  username => admin
  realname => Administrator
  user_id => admin
  email => admin@example.com
  level => 10
Groups: cn=nms_admin,ou=groups,dc=example,dc=com

Setting variables

Web UI

You can set all the variables in the web UI in: Settings -> Authentication -> LDAP Settings.

Command line

You can use the lnms command to get config options like this:

lnms config:get auth_ldap_uid_attribute

You can use the lnms command to set config options like this:

lnms config:set auth_ldap_uid_attribute uid

You can read more here.

Pre load configuration for Docker

You can create a file named: /data/config/ldap.yaml and place your variables in there.

librenms:/opt/librenms# cat /data/config/auth.yaml
auth_mechanism: ldap

auth_ldap_server: 172.17.0.1
auth_ldap_port: 389
auth_ldap_version: 3
auth_ldap_suffix: ,ou=people,dc=example,dc=com
auth_ldap_groupbase: ou=groups,dc=example,dc=com

auth_ldap_prefix: uid=
auth_ldap_starttls: False
auth_ldap_attr: {"uid": "uid"}
auth_ldap_uid_attribute: uid
auth_ldap_groups: {"nms_admin": {"level": 10}}
auth_ldap_groupmemberattr: member
auth_ldap_require_groupmembership: False
auth_ldap_debug: False

auth_ldap_group: cn=groupname,ou=groups,dc=example,dc=com
auth_ldap_groupmembertype: username
auth_ldap_timeout: 5
auth_ldap_emailattr: mail
auth_ldap_userdn: True
auth_ldap_userlist_filter:
auth_ldap_wildcard_ou: False