I have a couple of questions about NLS and LDAP integration.
1. How do you set NLS up with an LDAP server that does not anonymous user to query the users
2. Does NLS import the user database then allow assignment of rights or do you have to login with a privileged account each time you want to add a user?
3. Can you import multiple user accounts at the same time.
Dave
LDAP integration
Re: LDAP integration
Can you please expand upon this one a bit more?Linuxlogger wrote:1. How do you set NLS up with an LDAP server that does not anonymous user to query the users
You need to log in each time you want to add a user.Linuxlogger wrote:2. Does NLS import the user database then allow assignment of rights or do you have to login with a privileged account each time you want to add a user?
You can select multiple users using the checkboxes.Linuxlogger wrote:3. Can you import multiple user accounts at the same time.
Former Nagios Employee.
me.
me.
-
Linuxlogger
- Posts: 32
- Joined: Thu Jun 23, 2016 4:33 pm
Re: LDAP integration
How do you set NLS up with an LDAP server that does NOT ALLOW anonymous user to query the users.
I believe that our last attempt was successful as we were able to login to the LDAP using the ldapbind user, but it returned no user list to select from.
It might be that there are some settings on our side.
I believe that our last attempt was successful as we were able to login to the LDAP using the ldapbind user, but it returned no user list to select from.
It might be that there are some settings on our side.
-
Linuxlogger
- Posts: 32
- Joined: Thu Jun 23, 2016 4:33 pm
Re: LDAP integration
Ok, Let me try and make this a little clearer. We have set up the BaseDN with the following cn=users,o=ops,dc=mycompany,dc=com with this configuration, when I click "Add LDAP/AD user" I am prompted for valid admin level ldap credentials. I log in with my ldapadmin user, everything is good so far. The problem is that I can't see any of the users in ldap to add them to NLS.
linuxlogger
linuxlogger
-
Linuxlogger
- Posts: 32
- Joined: Thu Jun 23, 2016 4:33 pm
LDAP users not displayed in Add LDAP/AD users
We have set up the LDAP server with the correct address, and the Base DN with the following cn=users,o=ops,dc=mycompany,dc=com with this configuration, when I click "Add LDAP/AD user" I am prompted for valid admin level ldap credentials. I log in with my ldapadmin user, everything is good so far. The problem is that I can't see any of the users in ldap to add them to NLS. Is there something I am missing?
LinuxLogger
LinuxLogger
Re: LDAP integration
I have merged your two topics together, please do not create multiple topics for the same issue.
I understand what the issue is, can you get a list of what objectClasses your LDAP users have defined on them (like person, inetOrgPerson, posixAccount, shadowAccount, organizationalPerson)?
- Note: They are case-sensitive, so please make sure they are correct so that I can look at the code and see where the problem is.
Also, what LDAP server software are you using?
Thank you
I understand what the issue is, can you get a list of what objectClasses your LDAP users have defined on them (like person, inetOrgPerson, posixAccount, shadowAccount, organizationalPerson)?
- Note: They are case-sensitive, so please make sure they are correct so that I can look at the code and see where the problem is.
Also, what LDAP server software are you using?
Thank you
-
Linuxlogger
- Posts: 32
- Joined: Thu Jun 23, 2016 4:33 pm
Re: LDAP integration
We use inetOrgPerson and the LDAP server in IBM Security Directory server.
Does the user need to be a full LDAP administrator to add users or will an enumerator account work?
Does the user need to be a full LDAP administrator to add users or will an enumerator account work?
Re: LDAP integration
I believe you need to use the LDAP administrator account, please try it with one of those accounts to validate if it's working that way, it is not doing an anonymous bind if you type in your username/password.
One thing to try is to go up a level with the Base DN, so try o=ops,dc=mycompany,dc=com (also try just dc=mycompany,dc=com) instead of cn=users,o=ops,dc=mycompany,dc=com.
Also, please edit this file:
Around line 84 change this code:
To this:
Re-login to the interface and it will print out a long string of text in the browser, please copy all of it and PM or post it here.
Thank you
One thing to try is to go up a level with the Base DN, so try o=ops,dc=mycompany,dc=com (also try just dc=mycompany,dc=com) instead of cn=users,o=ops,dc=mycompany,dc=com.
Also, please edit this file:
Code: Select all
/usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.phpCode: Select all
public function findBaseDn()
{
$namingContext = $this->getRootDse(array('namingcontexts'));
return $namingContext[0]['namingcontexts'][0];
}Code: Select all
public function findBaseDn()
{
$namingContext = $this->getRootDse(array('namingcontexts'));
var_dump($namingContext);
return $namingContext[0]['namingcontexts'][0];
}Thank you
-
Linuxlogger
- Posts: 32
- Joined: Thu Jun 23, 2016 4:33 pm
Re: LDAP integration
Can you please recheck that path. On my server I don't have /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php. I have a /usr/local/nagioslogserver/ path but don't see a basicLDAP.php anywhere in the file system.
