LDAP Certificate Installation

[hoegh]

Hi Team,

I've .der Certificate file which is needed to bind LDAP server with Nagios.
Please guide me to installation process.

Thanks
VipiN

[mbellerue]

Hi hoegh,

Have you read through this document yet? We can definitely help if you're stuck at a specific point.

https://assets.nagios.com/downloads/nag ... ponent.pdf

[hoegh]

Hi @mbellerue,

I've followed the steps given in doc. But it's still not able to verify the certificate.

Still getting same error.

Code: Select all

ldap_bind: Can't contact LDAP server (-1)
        additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
Could not bind to the LDAP server

I followed steps given on page number 8 in below document
https://assets.nagios.com/downloads/nag ... ponent.pdf

Also what is the location where i can find the certificate file after uploading it in Nagios?

I'm using
CentOS release 6.8 (Final)
Nagios 5.6.1

Thanks
Vipin
Hoegh

[mbellerue]

Can you verify that the certificate you're adding is a CA certificate, and not just a server certificate?

Also, are there any proxy servers between the Nagios server and the LDAP server, or CA server (if it's a separate server)?

When uploading the certificate to Nagios XI, it gets placed in /etc/openldap/certs/

[hoegh]

Ok. Let me confirm the details from LDAP team.

[mbellerue]

Okay, we'll be here when you hear back from them.

[hoegh]

Hi @ mbellerue,

Actually it was eDirectory issue, which requires certificate installation.

For now i've followed below link & issue got resolved.
https://sites.google.com/a/geekmungus.c ... ldapserver

but i want to install certificate on client demand.
So below is my ldap.conf file:

Code: Select all

[root@OSLMSnagios openldap]# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE   dc=example,dc=com
#URI    ldap://ldap.example.com ldap://ldap-master.example.com:666

#SIZELIMIT      12
#TIMELIMIT      15
#DEREF          never

#TLS_CACERTDIR  /etc/openldap/certs
TLS_CACERTDIR /cacerts
TLS_CACERT /etc/openldap/certs/ldapsCert.cer
TLS_REQCERT allow

in ldap.conf file, TLS_CACERT /etc/openldap/certs/ldapsCert.cer where ldapCert.cer is the certificate file being used for another server.
So how i can add file location of second certificate to ldap.conf?

Thanks
VipiN
HOegh

[mbellerue]

I am a little confused on what you are trying to do here. Are you trying to add multiple LDAP servers, each of which has its own TLS certificate?

[hoegh]

Let me confirm this with team. I'll be back soon.

[mbellerue]

Alright, we will keep this thread open and wait to hear back.