AD Integration with SSL / TLS security

[[email protected]]

I have AD Integration working with security set to NONE
I have the Nagiosxi web site working with our internal AD Cert authority via SSL
I added the SSL certificates from our DCs and the internal AD cert authority to the AD Integration module.
I am unable to validate against the AD Domain with security set to either SSL or TLS
I used the document titled "Authenticating-and-Importing-Users-with-Active-Directory-in-Nagios-XI.pdf"
Is there a doc on troubleshooting this available?
Where should I look for a log on this?

[ssax]

First, delete any CA certs that you imported from Admin > LDAP / AD Integration.

Then run these commands:

Code: Select all

mkdir /etc/openldap/cacerts
chown apache.nagios /etc/openldap /etc/openldap/cacerts /etc/openldap/certs
chmod 664 /etc/openldap/ldap.conf
chmod 775 /etc/openldap /etc/openldap/certs /etc/openldap/cacerts
sed -i 's/TLS_CACERTDIR/#TLS_CACERTDIR/g' /etc/openldap/ldap.conf
echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/openldap/ldap.conf
service httpd restart

Then add the CA certificates back in the web interface.

Run this command to enable debugging:

Code: Select all

sed -i 's/\/\/ Otherwise check authentication/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Then run this tail command, replicate the SSL/TLS connect issue a couple times, and then send me the entire output from the tail command:

Code: Select all

tail -f /var/log/httpd/*error_log

When you are done, revert the changes with this command:

Code: Select all

sed -i 's/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/\/\/ Otherwise check authentication/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Also, please run this command and send me the full output:
- Change X.X.X.X to your domain controller

Code: Select all

openssl s_client -showcerts -connect X.X.X.X:636 </dev/null