I found a bug in LDAP/AD integration after upgrading from Nagios XI 5.5.1 to XI 5.6.7.
When I try to add a new LDAP user logged from an LDAP user nothing is displayed. And apache error_log has new entries:
Code: Select all
[Thu Nov 07 11:29:29.682046 2019] [:error] [pid 118035] [client 10.0.82.225:57907] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /drbd/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://10.100.8.115/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Nov 07 11:29:29.682283 2019] [:error] [pid 118035] [client 10.0.82.225:57907] PHP Notice: Trying to get property of non-object in /drbd/nagiosxi/html/includes/components/ldap_ad_integration/index.php on line 470, referer: http://10.100.8.115/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Nov 07 11:29:29.682311 2019] [:error] [pid 118035] [client 10.0.82.225:57907] PHP Fatal error: Call to a member function folder_listing() on a non-object in /drbd/nagiosxi/html/includes/components/ldap_ad_integration/index.php on line 473, referer: http://10.100.8.115/nagiosxi/includes/components/ldap_ad_integration/index.php
I tried the same on XI 5.5.1 and it works from both local and LDAP/AD user.
I compared both files adLDAP.php (in XI 5.5.1 and 5.6.7) and are identical.
I added a log line before and after line 714 to know why ldap_bind() is failing.
Code: Select all
file_put_contents("/tmp/ldap.log", date("Y-m-d H:i:s "). "ldap_bind(".$this->ldapConnection.", $username . ".$this->accountSuffix.", $password);\n", FILE_APPEND);
$this->ldapBind = ldap_bind($this->ldapConnection, $username . $this->accountSuffix, $password);
file_put_contents("/tmp/ldap.log", date("Y-m-d H:i:s "). print_r($this->ldapBind, true)."\n", FILE_APPEND);
Logged with user u62545 in Nagios XI 5.6.7, action: refresh frame /nagiosxi/includes/components/ldap_ad_integration/index.php
Code: Select all
[root@prod-nagioscl01 systemd-private-b416762366a041318f552f38882ccfc2-httpd.service-YUhNA2]# tail -f tmp/ldap.log
2019-11-07 11:53:08 ldap_bind(Resource id #215, nagiosldap . @domain.net, PASS_FOR_nagiosldap);
2019-11-07 11:53:08 1
2019-11-07 11:53:08 ldap_bind(Resource id #212, u62545 . @domain.net, PASS_FOR_nagiosldap); !!! <- This is not the password of user u62545 and I don't know if it is normal behaviour to see this user change
2019-11-07 11:53:09
Code: Select all
[root@lab-nagios src]# tail -f /tmp/systemd-private-58bc5f139f304bb8852a981cd5987da0-httpd.service-E0eIPR/tmp/ldap.log
2019-11-07 11:56:42 ldap_bind(Resource id #209, nagiosldap . @domain.net, PASS_FOR_nagiosldap);
2019-11-07 11:56:42 1
2019-11-07 11:56:43 ldap_bind(Resource id #206, nagiosldap . @domain.net, PASS_FOR_nagiosldap);
2019-11-07 11:56:43 1
2019-11-07 11:56:43 ldap_bind(Resource id #206, nagiosldap . @domain.net, PASS_FOR_nagiosldap);
...
Environment information:
1) lab-nagios:
-- XI 5.5.1
-- LDAP / Active Directory Integration version 1.1.0
2) prod-nagioscl01:
- XI 5.6.7
-- LDAP / Active Directory Integration version 1.1.1