ldap integration problem

[benhank]

hey guys, Im trying to setup ldap in N5.
Following the instructions from the pdf,

Code: Select all

Using_SSL_with_XI_Active_Directory_Component

it says

Code: Select all

cd /etc/openldap/cacerts
openssl s_client -showcerts -connect XXX.XXX.XXX.XXX:636 > ldapsrv1.crt

I dont have that directory. What do I have to do to prep my server for the ldap integration?


Also when I go to admin/manage components, there is a active directory component listed there (it's up to date), do I need to do anything with that?
Whats the difference between the two?

[ssax]

Delete your CA certs in the web interface then run these commands:

Code: Select all

mkdir /etc/openldap/cacerts
chown apache.nagios /etc/openldap /etc/openldap/cacerts /etc/openldap/certs
chmod 664 /etc/openldap/ldap.conf
chmod 775 /etc/openldap /etc/openldap/certs /etc/openldap/cacerts
sed -i 's/TLS_CACERTDIR/#TLS_CACERTDIR/g' /etc/openldap/ldap.conf
echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/openldap/ldap.conf
service httpd restart

Then add the CA certificates back in the web interface and try it again.

That should fix it for you.

[ssax]

Also, you can delete that component if you don't use it at all, it was left in for compatibility.

[benhank]

I dont know what Im doing wrong but I cant get this to work.

[ssax]

Are you authenticating against an AD server or an LDAP server? If you're using AD make sure to select that in the settings. You are using the CA's certificate not the domain controller's/ldap server's certificate, right?

[benhank]

I think its all ldap

Capture.PNG

[ssax]

Run this command:

Code: Select all

sed -i 's/\/\/ Otherwise check authentication/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Then run this tail command, try to import/authenticate, and then send me the entire output from the tail command:

Code: Select all

tail -f /var/log/httpd/*error_log

When you are done, revert the change with this command:

Code: Select all

sed -i 's/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/\/\/ Otherwise check authentication/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Thank you

[benhank]

ok will do!

[benhank]

Code: Select all

ldap_free_connection: actually freed
[Thu Jul 21 13:08:29 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:29 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/utils-status.inc.php on line 103, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/utils-status.inc.php on line 103, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning:  strftime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/utilsl.inc.php on line 571, referer: http://lkendrwatsonp01/nagiosxi/admin/

==> /var/log/httpd/ssl_error_log <==
[Wed Jul 20 15:07:26 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 20 15:07:27 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 20 15:09:44 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 20 15:09:44 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:20:21 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:20:21 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:30:14 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:30:14 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:44:32 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:44:32 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)

==> /var/log/httpd/error_log <==
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/pageparts.inc.php on line 99, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Notice:  Undefined offset: 1000 in /usr/local/nagiosxi/html/includes/components/helpsystem/helpsystem.inc.php on line 252, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldaps.atriushealth.org:636
ldap_new_socket: 20
ldap_prepare_socket: 20
ldap_connect_to_host: Trying 172.22.192.141:636
ldap_pvt_connect: fd: 20 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f6147908ba0 msgid 1
wait4msg ld 0x7f6147908ba0 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f6147908ba0 msgid 1 all 1
** ld 0x7f6147908ba0 Connections:
* host: ldaps.atriushealth.org  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Thu Jul 21 13:08:40 2016


** ld 0x7f6147908ba0 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f6147908ba0 request count 1 (abandoned 0)
** ld 0x7f6147908ba0 Response Queue:
   Empty
  ld 0x7f6147908ba0 response count 0
ldap_chkResponseList ld 0x7f6147908ba0 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f6147908ba0 NULL
ldap_int_select
read1msg: ld 0x7f6147908ba0 msgid 1 all 1
ldap_err2string
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
[Thu Jul 21 13:08:41 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:41 2016] [error] [client 172.26.70.106] PHP Warning:  date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php

[ssax]

Does it give you an error in the interface? If so, what does it say exactly? If your DN uses uid (uid=benhank,ou=blah,dc=blah,dc=blah), please try typing in your whole user DN (uid=benhank,ou=blah,dc=blah,dc=blah) in the username box.

Also, which LDAP server software are you using?