import of users from ldap hangs

[fe9817]

Im trying to import users from ldap, but nagios hangs when trying to run the import and I need to restart httpd in order to access nagiosxi again in the same browser.
NagiosXI version 5.2.9
LDAP / Active Directory Integration: 1.0.5
License: Currently trial enterprise license. Waiting for the license file.
FreeIPA version: 4.2.0
The setup is running SSL and I have been looking at this doc https://assets.nagios.com/downloads/nag ... ponent.pdf and it matches with what the ipa installation has done. In the gui I have configured the server as

Code: Select all

Connection Method: 	LDAP
Use either LDAP or Active Directory settings to connect.
Base DN: 	dc=example,dc=com
LDAP Host: ipa.example.com
LDAP Port: 636	
Security: SSL

I have tried with only username and with uid=username,cn=example... None works. Logs from httpd

Code: Select all

[root@nagiosxi ]# tail -f /var/log/httpd/error_log /var/log/httpd/ssl_error_log -n0
==> /var/log/httpd/error_log <==

==> /var/log/httpd/ssl_error_log <==
[Tue Jul 26 12:39:42.816456 2016] [:error] [pid 3908] [client 10.235.2.65:36778] PHP Notice:  Undefined offset: 1000 in /usr/local/nagiosxi/html/includes/components/helpsystem/helpsystem.inc.php on line 252, referer: https://nagios.example.com/nagiosxi/includes/components/ldap_ad_integration/index.php

[tgriep]

Can you enable the debug log by following the following proceedure
Edit /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php
Around line 36 of that file add the 'ldap_set_option', like the example below:

Code: Select all

protected function connect()
    {
        ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
        if ($this->security == "ssl") {

Then run the following as root on the XI server:

Code: Select all

tail -fn0 /var/log/httpd/*error_log

Then try the import again and post the output from the tail command so we can view it.

[fe9817]

Output is:

Code: Select all

==> /var/log/httpd/error_log <==

==> /var/log/httpd/ssl_error_log <==

==> /var/log/httpd/error_log <==
ldap_url_parse_ext(ldap://localhost/)
ldap_init: trying /etc/openldap/ldap.conf
ldap_init: using /etc/openldap/ldap.conf
ldap_url_parse_ext(ldaps://ipa.example.com)
ldap_init: HOME env is NULL
ldap_init: LDAPCONF env is NULL
ldap_init: LDAPRC env is NULL
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ipa.example.com:636
ldap_new_socket: 22
ldap_prepare_socket: 22
ldap_connect_to_host: Trying xxx.xxx.xxx.xxx:636
ldap_pvt_connect: fd: 22 tm: -1 async: 0
attempting to connect: 
connect success
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f6a65bbae40 msgid 1
wait4msg ld 0x7f6a65bbae40 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f6a65bbae40 msgid 1 all 1
** ld 0x7f6a65bbae40 Connections:
* host: ipa.example.com  port: 636  (default)
  refcnt: 2  status: Connected
  last used: Tue Aug 23 13:57:59 2016


** ld 0x7f6a65bbae40 Outstanding Requests:
 * msgid 1,  origid 1, status InProgress
   outstanding referrals 0, parent count 0
  ld 0x7f6a65bbae40 request count 1 (abandoned 0)
** ld 0x7f6a65bbae40 Response Queue:
   Empty
  ld 0x7f6a65bbae40 response count 0
ldap_chkResponseList ld 0x7f6a65bbae40 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f6a65bbae40 NULL
ldap_int_select

[tgriep]

I just found out that there is a known bug with the XI AD/LDAP component and FreeIPA servers that hasn't been fixed yet so when it get fixed, there may be a patch available or it will be in the next release of Nagios XI.

[fe9817]

Thanks for the reply, do you have any idea on when it will fixed and is there a bug id I can use for reference?

[tgriep]

If looks like the issue is the same for Nagios Logserver and FreeIPA servers and the task ID for that is 7217.

[tgriep]

I found the task number for Nagios XI and FreeIPA ldap issue, it is 7552.

[fe9817]

Thanks.

This topic can be closed.