Prune’s Blog

Cacti is one of the best opensource project. Its goal is to collect and aggregate data using SNMP or scripts and give you a graphical result : a graph !
Although Cacti support LDAP users natively, it lacks an important feature : authenticated search.
Many people thinks LDAP is good for authentication. You connect to it, search for the DN of your user and bind against it. Even if it is a good solution, this means anyone on your lan, or any application on your server, can connect and search for any user on your whole tree.

This is not a good solution for me. I work with LDAP for 7 years now, and I will never allow to search anonymously inside my ldap server, even for auth. (This is wrong as I now have a search function for addressbook…)

Whatever, I wanted to have Cacti do it the right way :

- login with a special account
- search for the DN of the user
- bind the DN againt the password
- allow or disallow access

I slightly changed the Cacti 0.8.6j source to achieve that.
You only have to change 2 files. One for the login, one for the setup. You just have to add the DN of the admin user and its password. You can also set up a role (ldap roles are included in Sun’s Directory Server) and your user will only be granted access if he is a member of the role.

You will end with a Setup -> Authentication page like this :

You can download the patch Here. It apply to a Cacti 0.8.6j PATCHED with the Cacti Plugin Architecture v1.1.