"Select users to import from LDAP/AD" returns nothing?

stevet · Post by **stevet** » Fri May 19, 2017 8:43 am

Looks like seven OUs and more than 500 users (LDAP limit is set to 500 max query). The post here https://support.nagios.com/forum/viewto ... 90#p221477 shows the actual results of LDAP queries from the command line on my Nagios XI vm.

That screenshot of the LDAP server setup page *is* the actual settings page on my server however security policies where I work require I redact any unique identifiers specific to our infrastructure - so, "dc=example,dc=com" is a generic replacement for the actual DN. Not just a "sample" setup page.

I've turned up the debugging on the ldap server. When I authenticate using "cn=admin..." this is what ends up in /var/log/debug (Ubuntu 14.04). The next thing that happens after that is the "system" OU is displayed as in my previous screenshot. When I click the system OU, Nagios reports "No users or computers found in this object" (as in my previous, previous screenshot) and /var/log/debug outputs the second block of output below:

...Authenticate as "cn=admin..."

Code: Select all

May 19 07:59:46 ldap1 slapd[9230]: conn=1089 op=2 ENTRY dn=""
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=2 ENTRY dn=""
May 19 07:59:46 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=system,dc=example,dc=com"
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=accounting,dc=example,dc=com"
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=external,dc=example,dc=com"
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=groups,dc=example,dc=com"
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=sales,dc=example,dc=com"
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=hr,dc=example,dc=com"
May 19 07:59:46 ldap1 slapd[9230]: conn=1090 op=3 ENTRY dn="ou=cservice,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=2 ENTRY dn=""
May 19 07:59:47 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=system,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=accounting,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=external,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=groups,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=sales,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=hr,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1091 op=3 ENTRY dn="ou=cservice,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=2 ENTRY dn=""
May 19 07:59:47 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=system,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=accounting,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=external,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=groups,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=sales,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=hr,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1092 op=3 ENTRY dn="ou=cservice,dc=example,dc=com"
May 19 07:59:47 ldap1 slapd[9230]: conn=1093 op=2 ENTRY dn=""

...then click the system OU...

Code: Select all

May 19 07:59:53 ldap1 slapd[9230]: conn=1094 op=2 ENTRY dn=""
May 19 07:59:53 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:53 ldap1 slapd[9230]: conn=1094 op=3 ENTRY dn="uid=jexxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1094 op=3 ENTRY dn="uid=ebxxxxxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1094 op=3 ENTRY dn="uid=mjxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1095 op=2 ENTRY dn=""
May 19 07:59:53 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:53 ldap1 slapd[9230]: conn=1095 op=3 ENTRY dn="uid=jexxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1095 op=3 ENTRY dn="uid=ebxxxxxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1095 op=3 ENTRY dn="uid=mjxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1096 op=2 ENTRY dn=""
May 19 07:59:53 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:53 ldap1 slapd[9230]: conn=1096 op=3 ENTRY dn="uid=jexxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1096 op=3 ENTRY dn="uid=ebxxxxxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1096 op=3 ENTRY dn="uid=mjxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:53 ldap1 slapd[9230]: conn=1097 op=2 ENTRY dn=""
May 19 07:59:54 ldap1 slapd[9230]: conn=1098 op=2 ENTRY dn=""
May 19 07:59:54 ldap1 slapd[9230]: <= bdb_equality_candidates: (objectClass) not indexed
May 19 07:59:54 ldap1 slapd[9230]: conn=1098 op=3 ENTRY dn="uid=jexxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:54 ldap1 slapd[9230]: conn=1098 op=3 ENTRY dn="uid=ebxxxxxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:54 ldap1 slapd[9230]: conn=1098 op=3 ENTRY dn="uid=mjxxxxxxxxx,ou=system,dc=example,dc=com"
May 19 07:59:54 ldap1 slapd[9230]: conn=1099 op=2 ENTRY dn=""

Post by **tgriep** » Fri May 19, 2017 10:40 am

I think the 500 query limit is causing the issue. I think when importing the users, the Nagios server needs to query all of the users and then build the list so it can be displayed in the GUI and used to select the users.
Can you increase the limit on your LDAP server and see if you can import the users after the change?

stevet · Post by **stevet** » Wed May 24, 2017 8:15 am

I'll try it. It will take a config change on the LDAP server so may take a few days to schedule/test it.

Post by **tgriep** » Wed May 24, 2017 12:08 pm

OK, let us know how it works out.

Nagios Support Forum

"Select users to import from LDAP/AD" returns nothing?

Re: "Select users to import from LDAP/AD" returns nothing?

Re: "Select users to import from LDAP/AD" returns nothing?

Re: "Select users to import from LDAP/AD" returns nothing?

Re: "Select users to import from LDAP/AD" returns nothing?