LDAP Integration

bdouglass · Post by **bdouglass** » Tue May 22, 2012 10:02 am

I'm running an eval install of the latest version of Nagios XI (2.4) and have been trying to incorporate LDAP authentication for defined users. Unfortunately, I'm not getting very far with this.

I created a user with a specific nagios xi password. I then configured the LDAP integration screen with the appropriate information for our environment. Finally, I checked the LDAP Enabled box. When I try to log in as that user, all I get is a blank screen (no error message). When monitoring network traffic, I don't see any communication between nagios xi and the LDAP server.

Do I need to do something else to enable LDAP?

Thanks,

Bill Douglass
AISD

scottwilkerson · Post by **scottwilkerson** » Tue May 22, 2012 10:16 am

We have 2 different components for this, one is called "LDAP Authentication", the other is called "Active Directory Integration"

Which are you using? SSL or not?

bdouglass · Post by **bdouglass** » Tue May 22, 2012 10:22 am

I'm using the LDAP Authentication component. Non-SSL (port 389).

Bill Douglass
AISD

yancy · Post by **yancy** » Tue May 22, 2012 10:23 am

Are you using the LDAP Auth manager component?

assets.nagios.com/downloads/nagiosxi/components/ldapauth.zip

Be sure to define LDAP host using ldaps://

For example:

LDAP Host: ldaps://someldap.server.com

bdouglass · Post by **bdouglass** » Tue May 22, 2012 10:34 am

I updated the config so the servername reads ldaps://servername.domain.org, and applied the config. Still no luck with logging in, and I still don't see any traffic on either port 389 or 636.

Bill Douglass
AISD

scottwilkerson · Post by **scottwilkerson** » Tue May 22, 2012 11:08 am

bdouglass wrote:I'm using the LDAP Authentication component. Non-SSL (port 389).

Bill Douglass
AISD

actually if you are using Non-SSL you should just have the hostname in there.

If you are seeing NO traffic on port 389, you should look into possible firewall blocking.

Can you telnet from you XI server to the ldap server on port 389

Code: Select all

telnet servername.domain.org 389

or

Code: Select all

nc -vz servername.domain.org 389

bdouglass · Post by **bdouglass** » Tue May 22, 2012 1:41 pm

Yes, I can telnet to the host LDAP port. I'm also doing several checks on the server, so I don't think a firewall is the issue. I've tried both SSL and plain LDAP.

This is on the virtual machine image d/l from the Nagios XI site, so it's a pretty standard setup. The main change is configuring the web interface for SSL.

I've attached the system profile below.

Thanks,

Bill Douglass
AISD

scottwilkerson · Post by **scottwilkerson** » Tue May 22, 2012 2:12 pm

bdouglass wrote:all I get is a blank screen (no error message).

Can you check the httpd error_log to see if you are getting any errors there

Code: Select all

tail -f /var/log/httpd/error_log

bdouglass · Post by **bdouglass** » Tue May 22, 2012 2:27 pm

Yes, there are multiple occurrences of the following error:

PHP Fatal error: Call to undefined function ldap_connect() in /usr/local/nagiosxi/html/includes/components/ldapauth/ldapauth.inc.php on line 256, referer: https://nagiosxi.austinisd.org/nagiosxi ... php?logout

Do I need to reinstall something?

Bill Douglass
AISD

scottwilkerson · Post by **scottwilkerson** » Tue May 22, 2012 2:34 pm

Look in your /etc/php.ini and verify you have the following, and uncommented

Code: Select all

extension=php_ldap.dll

If you had to change it, you need to restart apache

Code: Select all

service httpd restart

Nagios Support Forum

LDAP Integration

LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration

Re: LDAP Integration