Cmk 1.6.0p17 managed edition: multisite and user pwd change


We have a distributed setup with 12 remote sites at customer locations with the cmk managed edition.
On the remote sites wato is disabled, but the customer users log in at their site for viewing.

So the cmk users for “customer1” are only allowed to login on their remote site, where wato is disabled.
To change the user password they should/have to log in on the master cmk server where wato is enabled, but this is not allowed because the user has “customer1” configured which is handled on his remote site.

The user setting “Authorized sites” is set to “All sites”.
These are all local users (not ldap users).

My question:
How could the customer cmk users change their cmk password, if wato on their site is disabled, and the configured customer setting of the user is not set to “Provider” or “Global”?


He cannot, I had a similar problem and the only practical solution was to bind the customer sites to the respective LDAP’s there.

ok, thx for this clarification.

Hi Andreas, this is not concerning the initial question but I want to make sure I am not completely off track. When you say:

do you mean you only bind that very site to LDAP? Because as far as I know you can only bind a site to LDAP if the master can reach that LDAP servers too. Or did you use some workaround?

Yes, you can bind a different LDAP to every site. Only this site will the send queries to the configured LDAP server.

There is only one drawback, on the remote site the LDAP users are recreated from time to time. This means all the user settings are remove and the user is there again with empty settings. Thats very bad as you cannot create bookmarks and so on, as a remote site LDAP user.
I have not tested this with 2.0 as my MSE installation is running 1.6 at the moment. 1