Nagios Giving 500 Server error after ldap integration

[csayre]

Hello,

I am having an issue authenticating with Nagios after setting up ldap. I was hoping that some one could help me out.

/etc/httpd/conf.d/nagios

Code: Select all

# SAMPLE CONFIG SNIPPETS FOR APACHE WEB SERVER
#
# This file contains examples of entries that need
# to be incorporated into your Apache web server
# configuration file.  Customize the paths, etc. as
# needed to fit your system.

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
   SSLRequireSSL
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
#   AuthName "Nagios Access"
#   AuthType Basic
#   AuthUserFile /usr/local/nagios/etc/htpasswd.users
  Options FollowSymLinks
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "Active Directory Login"
  AuthLDAPURL "ldap://10.2.70.10:3268/DC=dc,DC=Internal?sAMAccountName?sub" NONE
  AuthLDAPBindDN "[email protected]"
  AuthLDAPBindPassword pass
   Require valid-user
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
   SSLRequireSSL
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
#  Order deny,allow
#  Deny from all
#  Allow from 127.0.0.1
#   AuthName "Nagios Access"
#   AuthType Basic
#   AuthUserFile /usr/local/nagios/etc/htpasswd.users
  Options FollowSymLinks
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "Active Directory Login"
  AuthLDAPURL "ldap://10.2.70.10:3268/DC=dc,DC=Internal?sAMAccountName?sub" NONE
  AuthLDAPBindDN "[email protected]"
  AuthLDAPBindPassword pass
  Require valid-user
</Directory>

I do have ssl enabled on this server.

Please let me know if you need anything else.

Thanks for your help.

[rkennedy]

What version of Core are you running? Also, what distro / version of linux?

What instructions did you follow to set up LDAP with Core?

[csayre]

Latest version of core 4.1.1 and centos7.

[csayre]

http://wellsie.net/p/380/ instructions for ldap, I did have to remove this line: AuthzLDAPAuthoritative off

It was creating errors when starting httpd.

[scottwilkerson]

Do you have mod_ldap installed?

Code: Select all

yum -y install mod_ldap
service httpd restart

What errors are you getting in the apache error log?

[csayre]

Package mod_ldap-2.4.6-40.el7.centos.x86_64 already installed and latest version


/var/log/error_log

Code: Select all

AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message
[Mon Jan 04 14:52:54.388917 2016] [auth_digest:notice] [pid 8492] AH01757: generating secret for digest authentication ...
[Mon Jan 04 14:52:54.389489 2016] [lbmethod_heartbeat:notice] [pid 8492] AH02282: No slotmem from mod_heartmonitor
[Mon Jan 04 14:52:54.390240 2016] [ssl:warn] [pid 8492] AH01909: RSA certificate configured for IYS-ROA-Nagios01:443 does NOT include an ID which matches the server name
[Mon Jan 04 14:52:54.390311 2016] [ssl:warn] [pid 8492] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Mon Jan 04 14:52:54.403387 2016] [mpm_prefork:notice] [pid 8492] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16 configured -- resuming normal operations
[Mon Jan 04 14:52:54.403409 2016] [core:notice] [pid 8492] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'

I do get prompted for username and password after I enter that I get the 500 error page.

[rkennedy]

There may be more information in your ssl_error_log as you mentioned a SSL setup. Can you attempt to login, and then post the output to these 4 commands?

Code: Select all

tail -n50 /var/log/httpd/ssl_error_log
tail -n50 /var/log/httpd/ssl_access_log
tail -n50 /var/log/httpd/error_log
tail -n50 /var/log/httpd/access_log

Was SSL working fine prior to this?