LDAP / Active Directory Integration Configuration

[karthikeyaece]

MOD NOTE: Split from https://support.nagios.com/forum/viewto ... 5&start=10

Hi ,

I am having issue on importing active directory users into nagios .I am able to add AD but nothing happens when i entered credential and click next on import user using Active Directory admin privilege. What could be the cause of an issue.


Regards,
Karthikeyan

[ssax]

Run this command:

Code: Select all

sed -i 's/\/\/ Otherwise check authentication/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Then run this tail command, replicate the issue a couple times, and then send me the entire output from the tail command:

Code: Select all

tail -f /var/log/httpd/*error_log

When you are done, revert the change with this command:

Code: Select all

sed -i 's/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/\/\/ Otherwise check authentication/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Thank you

[rkennedy]

On top of what @ssax mentioned, a few questions for you -
1. What sort of server are you attempting to authenticate against?
2. Are there any special characters in the password?

[karthikeyaece]

1.What sort of server are you attempting to authenticate against?--------Active directory
2. Are there any special characters in the password?----No

Please find the below tail outpurt,

==> /var/log/httpd/error_log <==
[Mon Apr 03 23:52:51.375373 2017] [:error] [pid 23184] [client 10.21.93.21:64682] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://10.21.93.11/nagiosxi/includes/co ... /index.php
[Mon Apr 03 23:55:42.509415 2017] [:error] [pid 4550] [client 10.21.93.21:64928] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://10.21.93.11/nagiosxi/includes/co ... /index.php
[Tue Apr 04 03:19:47.116327 2017] [:error] [pid 22852] [client 10.21.93.21:56905] PHP Warning: ldap_bind(): Unable to bind to server: Invalid credentials in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:20:57.953523 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:21:00.170109 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:21:01.615400 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:21:03.408284 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:21:04.657520 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:21:05.838556 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
[Tue Apr 04 03:21:07.442693 2017] [:error] [pid 27290] [client 10.21.93.21:56985] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php

==> /var/log/httpd/ssl_error_log <==
[Sun Apr 02 09:11:04.927748 2017] [ssl:warn] [pid 983] AH01909: RSA certificate configured for prod-nag01.puretec.purestorage.com:443 does NOT include an ID which matches the server name
[Mon Apr 03 01:46:15.646824 2017] [ssl:warn] [pid 978] AH01909: RSA certificate configured for prod-nag01.puretec.purestorage.com:443 does NOT include an ID which matches the server name
[Mon Apr 03 01:46:15.675829 2017] [ssl:warn] [pid 978] AH01909: RSA certificate configured for prod-nag01.puretec.purestorage.com:443 does NOT include an ID which matches the server name
[Mon Apr 03 05:16:49.039265 2017] [ssl:warn] [pid 28820] AH01909: RSA certificate configured for prod-nag01.puretec.purestorage.com:443 does NOT include an ID which matches the server name
[Mon Apr 03 05:16:49.062469 2017] [ssl:warn] [pid 28820] AH01909: RSA certificate configured for prod-nag01.puretec.purestorage.com:443 does NOT include an ID which matches the server name

==> /var/log/httpd/error_log <==
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP prd_ad1.puretec.purestorage.com:389
ldap_new_socket: 22
ldap_prepare_socket: 22
ldap_connect_to_host: Trying 10.21.93.18:389
ldap_pvt_connect: fd: 22 tm: -1 async: 0
attempting to connect:
connect errno: 113
ldap_close_socket: 22
ldap_err2string
[Tue Apr 04 03:23:38.221178 2017] [:error] [pid 9796] [client 10.21.93.21:57178] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP prd_ad1.puretec.purestorage.com:389
ldap_new_socket: 22
ldap_prepare_socket: 22
ldap_connect_to_host: Trying 10.21.93.18:389
ldap_pvt_connect: fd: 22 tm: -1 async: 0
attempting to connect:
connect errno: 113
ldap_close_socket: 22
ldap_err2string
[Tue Apr 04 03:23:41.987217 2017] [:error] [pid 9796] [client 10.21.93.21:57178] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP prd_ad1.puretec.purestorage.com:389
ldap_new_socket: 22
ldap_prepare_socket: 22
ldap_connect_to_host: Trying 10.21.93.18:389
ldap_pvt_connect: fd: 22 tm: -1 async: 0
attempting to connect:
connect errno: 113
ldap_close_socket: 22
ldap_err2string
[Tue Apr 04 03:23:43.487886 2017] [:error] [pid 9796] [client 10.21.93.21:57178] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP prd_ad1.puretec.purestorage.com:389
ldap_new_socket: 22
ldap_prepare_socket: 22
ldap_connect_to_host: Trying 10.21.93.18:389
ldap_pvt_connect: fd: 22 tm: -1 async: 0
attempting to connect:
connect errno: 113
ldap_close_socket: 22
ldap_err2string
[Tue Apr 04 03:23:44.839811 2017] [:error] [pid 2518] [client 10.21.93.21:57190] PHP Warning: ldap_bind(): Unable to bind to server: Can't contact LDAP server in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/adLDAP.php on line 714, referer: http://prod-nag01.puretec.purestorage.c ... /index.php


Thanks
Karthi

[cdienger]

Hi Karthi,

I recently ran into a similar problem and updated https://assets.nagios.com/downloads/nag ... ios-XI.pdf as a result. Did you recently edit /etc/resolv.conf? If so, you'll need to restart the web service with "service httpd restart"

[karthikeyaece]

Hi cdienger,

I have tried your steps and finally getting to page user selection but there is no user displayed.Please find the result below.

Output page:
LDAP / Active Directory Import Users
Select the users you would like to give access to Nagios XI via LDAP/AD authentication. You will be able to set user-specific permissions on the next page.
Select Users to Import from LDAP/AD
0 users selected for import
No users or computers found in this object.

Thanks,
karthi

[Box293]

1.What sort of server are you attempting to authenticate against?--------Active directory

What version of Windows / Active Directory is this? Is it server 2016 for example?

[karthikeyaece]

Hi All,

The is fixed now , seems AD base DN was not correct

Thanks,
Karthi

[cdienger]

Thanks for the update. Is this thread ready to be closed?