Hello,
Yesterday, I configured the LDAP authentification based on Active Directory (TLS 636 TCP). I added some users from the web interface (with trial license), everything was fine until this morning, I'm getting the following message when I try to log in: Can't contact LDAP server
I already check this KB: https://support.nagios.com/kb/article/a ... n-600.html
I enabled the mode debug but I can't find the source of my problem on apache log (/var/log/http/*)
However, I'm getting this message when I try to add a new LDAP certificate from GUI: Could not write to /etc/openldap/certs
It's very strange because, I have not changed the config for yesterday and now it's not working anymore ...
Have you ever met this problem ?
Dimitri.
Can't contact LDAP server from Web App
Re: Can't contact LDAP server from Web App
In addition, the connection is allow between my server (Nagios Network Analyser) and Ldap servers on 636 TCP (LDAPS)
And this the output of
ls -lsha /etc/openldap/certs
total 128K
4.0K drwxrwxr-x. 2 apache nnacmd 4.0K Jun 19 10:20 .
4.0K drwxrwxr-x. 4 apache nnacmd 4.0K Jun 18 15:03 ..
4.0K -rw-r--r--. 1 apache apache 2.0K Jun 18 15:07 5d08e20ebcd13.crt
8.0K -rw-r--r--. 1 apache apache 7.0K Jun 18 15:07 5d08e20ebcd13.pem
4.0K -rw-r--r--. 1 apache apache 1.9K Jun 18 15:07 5d08e2190312d.crt
8.0K -rw-r--r--. 1 apache apache 6.9K Jun 18 15:07 5d08e2190312d.pem
4.0K -rw-r--r--. 1 apache apache 2.9K Jun 18 15:08 5d08e23ab429f.crt
12K -rw-r--r--. 1 apache apache 9.0K Jun 18 15:08 5d08e23ab429f.pem
4.0K -rw-r--r--. 1 apache apache 2.9K Jun 18 15:08 5d08e24e7312d.crt
12K -rw-r--r--. 1 apache apache 9.0K Jun 18 15:08 5d08e24e7312d.pem
36K -rw-r--r--. 1 root root 64K Dec 3 2018 cert8.db
12K -rw-r--r--. 1 root root 16K Dec 3 2018 key3.db
4.0K -r--------. 1 root root 45 Dec 3 2018 password
12K -rw-r--r--. 1 root root 16K Dec 3 2018 secmod.db
ls -lsha /etc/openldap/cacerts/
total 8.0K
4.0K drwxrwxr-x. 2 apache nnacmd 4.0K Jun 18 15:08 .
4.0K drwxrwxr-x. 4 apache nnacmd 4.0K Jun 18 15:03 ..
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:07 1d83b156.0 -> /etc/openldap/certs/5d08e20ebcd13.pem
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:07 3250024a.0 -> /etc/openldap/certs/5d08e2190312d.pem
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:08 efb6d6db.0 -> /etc/openldap/certs/5d08e24e7312d.pem
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:08 fc600f4b.0 -> /etc/openldap/certs/5d08e23ab429f.pem
And this the output of
ls -lsha /etc/openldap/certs
total 128K
4.0K drwxrwxr-x. 2 apache nnacmd 4.0K Jun 19 10:20 .
4.0K drwxrwxr-x. 4 apache nnacmd 4.0K Jun 18 15:03 ..
4.0K -rw-r--r--. 1 apache apache 2.0K Jun 18 15:07 5d08e20ebcd13.crt
8.0K -rw-r--r--. 1 apache apache 7.0K Jun 18 15:07 5d08e20ebcd13.pem
4.0K -rw-r--r--. 1 apache apache 1.9K Jun 18 15:07 5d08e2190312d.crt
8.0K -rw-r--r--. 1 apache apache 6.9K Jun 18 15:07 5d08e2190312d.pem
4.0K -rw-r--r--. 1 apache apache 2.9K Jun 18 15:08 5d08e23ab429f.crt
12K -rw-r--r--. 1 apache apache 9.0K Jun 18 15:08 5d08e23ab429f.pem
4.0K -rw-r--r--. 1 apache apache 2.9K Jun 18 15:08 5d08e24e7312d.crt
12K -rw-r--r--. 1 apache apache 9.0K Jun 18 15:08 5d08e24e7312d.pem
36K -rw-r--r--. 1 root root 64K Dec 3 2018 cert8.db
12K -rw-r--r--. 1 root root 16K Dec 3 2018 key3.db
4.0K -r--------. 1 root root 45 Dec 3 2018 password
12K -rw-r--r--. 1 root root 16K Dec 3 2018 secmod.db
ls -lsha /etc/openldap/cacerts/
total 8.0K
4.0K drwxrwxr-x. 2 apache nnacmd 4.0K Jun 18 15:08 .
4.0K drwxrwxr-x. 4 apache nnacmd 4.0K Jun 18 15:03 ..
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:07 1d83b156.0 -> /etc/openldap/certs/5d08e20ebcd13.pem
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:07 3250024a.0 -> /etc/openldap/certs/5d08e2190312d.pem
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:08 efb6d6db.0 -> /etc/openldap/certs/5d08e24e7312d.pem
0 lrwxrwxrwx. 1 apache apache 37 Jun 18 15:08 fc600f4b.0 -> /etc/openldap/certs/5d08e23ab429f.pem
Re: Can't contact LDAP server from Web App
Run this command on the NNA server as root to display the user accounts in the apache group.
If the nna user account is not part of the apache group, that could be the issue you are having.
To add the nna user to that group, run this as root.
See if that fixes the issue.
Code: Select all
grep apache /etc/groupTo add the nna user to that group, run this as root.
Code: Select all
usermod -a -G apache nnaBe sure to check out our Knowledgebase for helpful articles and solutions!
Re: Can't contact LDAP server from Web App
Hello,
nna is already member of apache group:
grep apache /etc/group
apache
48:nna
nnacmd1004:nna,apache
Thanks.
Dimitri.
nna is already member of apache group:
grep apache /etc/group
apache
48:nnannacmd
1004:nna,apacheThanks.
Dimitri.
Re: Can't contact LDAP server from Web App
Run this to change the permissions of the files in the certs folder.
Code: Select all
chmod ugo+rw /etc/openldap/certs/*Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Can't contact LDAP server from Web App
I found the source of my problem: SeLinux
When I update the selinux configuration to "disabled", it's works !
So, I can't stay SeLinux in this state, did you some advises about SeLinux configuration with Nagios Network Analyser and Active Directory Authentification ?
Dimitri.
When I update the selinux configuration to "disabled", it's works !
So, I can't stay SeLinux in this state, did you some advises about SeLinux configuration with Nagios Network Analyser and Active Directory Authentification ?
Dimitri.
Re: Can't contact LDAP server from Web App
Sorry, we do not have any documents on enabling selinux on a NNA server.
We recommend not running it as it causes issues.
We recommend not running it as it causes issues.
Be sure to check out our Knowledgebase for helpful articles and solutions!