Page 1 of 2

Unable to scroll beyond a letter in AD/LDAP

Posted: Mon Nov 15, 2021 8:54 am
by apteancloud
Hello,

I have been playing around with Nagios Fusion free version and was trying to setup AD/LDAP to import users, however, I cant scroll beyond N-letter. There are no further scroll down or 'Next' option to select the next set of users. I have tried multiple browsers, still the same. However, the functionality seems to work smoothly for our production NagiosXI where I can see upto Z-letter users from AD/LDAP.
Fusion.JPG
I am not sure what is the issue here.

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Mon Nov 15, 2021 4:28 pm
by ssax
Is it a Windows domain controller or a LDAP server?

Are both XI systems using the same domain controller/LDAP server?

Make sure your /etc/php.ini has these set (or higher):

Code: Select all

max_execution_time = 300
max_input_vars = 50000
memory_limit = 1024M
Then restart httpd:

Code: Select all

systemctl restart httpd

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Mon Nov 15, 2021 11:34 pm
by apteancloud
Is it a Windows domain controller or a LDAP server?
- Windows AD
Are both XI systems using the same domain controller/LDAP server?
- Yes
Make sure your /etc/php.ini has these set (or higher)
- Set the values and restarted httpd, still same issue

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Tue Nov 16, 2021 3:24 pm
by ssax
If you run this command as root or sudo on your Fusion server and leave it running:

Code: Select all

tail -Fn0 /var/log/httpd/error_log /var/log/httpd/ssl_error_log
Then replicate the issue in the Fusion interface again, do you see any errors output? If so, please post them.

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Tue Nov 23, 2021 6:49 am
by apteancloud
Output

Code: Select all

[nagiosadmin@dnagfs01 ~]$ sudo tail -Fn0 /var/log/httpd/error_log /var/log/httpd/ssl_error_log
==> /var/log/httpd/error_log <==

==> /var/log/httpd/ssl_error_log <==
[Tue Nov 23 11:46:45.187575 2021] [:error] [pid 1467] [client XX.XX.XX.XX:22093] PHP Warning:  ldap_list(): Partial search results returned: Sizelimit exceeded in /usr/local/nagiosfusion/html/includes/components/ldap_ad_integration/adLDAP/src/classes/adLDAPFolders.php on line 139, referer: https://MYURL/nagiosfusion/includes/components/ldap_ad_integration/
[Tue Nov 23 11:46:45.908800 2021] [:error] [pid 1467] [client XX.XX.XX.XX:22093] PHP Warning:  ldap_list(): Partial search results returned: Sizelimit exceeded in /usr/local/nagiosfusion/html/includes/components/ldap_ad_integration/adLDAP/src/classes/adLDAPFolders.php on line 139, referer: https://MYURL/nagiosfusion/includes/components/ldap_ad_integration/
I have replaced the URL and IP Address.

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Tue Nov 23, 2021 5:48 pm
by benjaminsmith
Hi apteancloud,

Based on the error output, I believe you are hitting the limits imposed by the AD/LDAP server on the number of objects that can be returned.
PHP Warning: ldap_list(): Partial search results returned: Sizelimit exceeded in /usr/local/nagiosfusion/html/includes/components/ldap_ad_integration/adLDAP/src/classes/adLDAPFolders.php on line 139, referer: https://MYURL/nagiosfusion/includes/com ... tegration/
Let us know how many users are you trying to return from this query? Also, please attach or PM the php.ini file, so we can review the settings there as well.

Thanks,
Benjamin

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Wed Nov 24, 2021 11:52 am
by apteancloud
The same option works fine on our NagiosXI Server (v5.8.6) and you can see I can scroll till 'Z'
NagiosXI.JPG
This is from NagiosFusion Server (v4.1.9)
NagFS.JPG
You can observe from above screenshots, the search bar on NagiosFusion Server isnt present as is the case with NagiosXI, so that I can easily search a user with his/her name if needed. And ofcourse, it wont let me scroll till the end.

I will PM you the php.ini and the user count.

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Wed Nov 24, 2021 4:40 pm
by benjaminsmith
Hi,

Thanks for sending that over. Normally AD has a limit of 1000 users but if both these systems are polling the same AD/LDAP server, that doesn't look like the issue here.

The bottom of the the knowledgebase article below covers this type of error and there is another adjustment that can be made to the php.ini file.

Open the php.ini file in vi and make the change:

Code: Select all

suhosin.post.max_vars = 5000
suhosin.request.max_vars = 5000
Then restart the Apache server.

See: Active Directory / LDAP - Troubleshooting Authentication Integration, Section: Not All Active Directory Users Are Listed

Let me know if that resolves this issue.

--Benjamin

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Thu Nov 25, 2021 9:01 am
by apteancloud
Hi,

It is still the same.
I added the section as asked and restarted httpd. Logged to Fusion and tried to scroll till the last, I cant see beyond 'M'. And there are no search option unlike in NagiosXI (please refer to my previous reply screenshot), which would allow me to search users irrespective of what GUI shows.

Re: Unable to scroll beyond a letter in AD/LDAP

Posted: Mon Nov 29, 2021 11:17 am
by benjaminsmith
Hi,

Thanks for testing that out. I've reached out to the other teams here, and based on the error output, we still feel this is an issue with either the PHP settings or the remote AD/LDAP server settings.

It wouldn't hurt to double the recommendations on the PHP settings to rule that out.

Then, let's move this over to a support ticket. We'll likely need to set up a live debugging session to troubleshoot this further.

To open a support ticket, please go to:

https://support.nagios.com/tickets/

.. and reference this forum post in the ticket.

Regards,
Benjamin