Empty User List When Importing Users LDAP

[nxcc]

Hi,

We are able pass the authentication screen, but user list in "Select Users to Import from LDAP/AD" is empty. I think this related to our users base is in a different OU from our authentication account.

The DN we have setup is: "OU=Service,OU=Accounts,DC=XXXXX,DC=XXXXXXX,DC=com", but the users are in "OU=User,OU=Accounts,DC=XXXXX,DC=XXXXXXX,DC=com"


Does the user import web utility do a full subtree search?

Thanks,
Nick

[ssax]

What LDAP server software are you using?

Please try changing your Base DN to DC=XXXXX,DC=XXXXXXX,DC=com and try it again. If it gives you authentication issues on the user/pass screen try using the full DN of you user in the username box (UID=myuser,OU=User,OU=Accounts,DC=XXXXX,DC=XXXXXXX,DC=com OR CN=myuser,OU=User,OU=Accounts,DC=XXXXX,DC=XXXXXXX,DC=com depending on what you use).

Let us know the results.

Thank you

[nxcc]

Hi,

We could not get it to work with the 2 DNs that were specified. It did not even pass authentication, it did before with the old DN.

Is there a command line utlities/scripts we can check on the Nagios XI box itself.

The LDAP server is just our domain controller. We have not installed any LDAP related software on our Nagios XI (an OVA installation).

Thanks,
Nick

[tmcdonald]

Pop open this file in an editor:

/usr/local/nagiosxi/html/includes/components/ldap_ad_integration/index.php

and add the following line:

file_put_contents('/tmp/ldap.debug', print_r($stype, TRUE), FILE_APPEND);

under these, around line 691:

$type = grab_type($obj);
$stype = strtolower($type);

then save, and re-run through the process of trying to import users and browsing around the directories (use the old DN if you must).

Once you have done this, post the contents of the /tmp/ldap.debug file here.

[nxcc]

Hi,

Sorry for the late response. I like to come back to this issue as the problem still persist.

I made the change in file /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/index.php. Like the following (including line number):

677 foreach ($array_to_enum as $obj)
678 {
679 if (is_array($obj)) {
680
681 $type = grab_type($obj);
682 $stype = strtolower($type);
683 file_put_contents('/tmp/ldap.debug', print_r($stype, TRUE), FILE_APPEND);
684 if ($type == "person" || $type == "inetOrgPerson") {
685 $username = grab_user_name($type, $obj);
686 $dn = grab_full_dn($obj);
687

There is no file called in ldap.debug created in /tmp. See below:

[root@nagios01ecpa tmp]# ls -lrt
total 5988
-rw-------. 1 root root 0 Apr 5 2013 yum.log
drwxrwxrwx 5 root root 4096 Oct 12 2015 nsis
-rw-r--r-- 1 root root 6124270 Oct 12 2015 nsis_0_1_1.tar.gz
-rw------- 1 root root 0 Apr 29 10:05 ntpzzcljJ
[root@nagios01ecpa tmp]# pwd
/tmp

Is there is something I missed?

[rkennedy]

Just to make sure, after making the change, did you try to run through the process of importing on the XI interface? This would be what creates the file to debug with. If you did, it might be permissions at this point so I would try doing the following -

Code: Select all

touch /tmp/ldap.debug
chmod 777 /tmp/ldap.debug

Then, try to run through it once again. This will provide us the debugging information as you try to import through the web gui.

[nxcc]

Hi,

Yes, we did ran the processes after the code changes. The processes were tried with several DN combinations, all failed or with empty user list.

As recommended, we touched and chmod the ldap.debug file, however the file is empty after several import failures with different DN combinations:

[root@nagios01ecpa ~]# touch /tmp/ldap.debug
[root@nagios01ecpa ~]# chmod 777 /tmp/ldap.debug

[root@nagios01ecpa ~]# cd /tmp
[root@nagios01ecpa tmp]# ls -al
total 6000
drwxrwxrwt. 4 root root 4096 Sep 28 10:29 .
dr-xr-xr-x. 24 root root 4096 May 6 15:04 ..
drwxrwxrwt 2 root root 4096 May 6 15:04 .ICE-unix
-rwxrwxrwx 1 root root 0 Sep 28 10:29 ldap.debug
drwxrwxrwx 5 root root 4096 Oct 12 2015 nsis
-rw-r--r-- 1 root root 6124270 Oct 12 2015 nsis_0_1_1.tar.gz
-rw------- 1 root root 0 Apr 29 10:05 ntpzzcljJ
-rw-------. 1 root root 0 Apr 5 2013 yum.log

Thanks,
Nick

[tmcdonald]

Just for clarification, can you please let me know your XI version and the version of the LDAP component? The XI version is in the lower left of the web interface, and the component version is under Admin -> Manage Components.

[nxcc]

Hi,

The XI version is Nagios XI 5.2.7

LDAP / Active Directory Integration version is 1.0.4

I also attached a screenshot, Capture.PNG.

Thanks,
Nick

[tmcdonald]

Would an upgrade be possible? The latest version of XI is 5.2.9 and the latest LDAP component is 1.0.6