The responses:
verify error:num=20:unable to get local issuer certificate
Verify return code: 21 (unable to verify the first certificate)
Usually mean that the CA that signed the certificate used by LDAP isn't imported. Make sure that it is imported under Admin > Users > LDAP/AD Integration > Certificate Authority Management. Sometimes it helps to delete and then import the CA - https://support.nagios.com/kb/article.p ... ategory=38.
5.6.7 Not listing LDAP Users for Import
Re: 5.6.7 Not listing LDAP Users for Import
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
optionstechnology
- Posts: 234
- Joined: Thu Nov 17, 2016 11:26 am
Re: 5.6.7 Not listing LDAP Users for Import
This hasn't fixed anything unfortunately. Is there anything else we can try here? Some of our clients are beginning to flag this as an issue as they can't log on so we're getting quite a lot of backlash from it.
All was working fine until we upgraded to 5.6.8. The 5.6.9 release notes list the below, could this be related?
All was working fine until we upgraded to 5.6.8. The 5.6.9 release notes list the below, could this be related?
Fixed issue in AD/LDAP certificate management where certificates with binary data couldn't be added [TPS#14690] -JO
Re: 5.6.7 Not listing LDAP Users for Import
14690 addressed an issue that prevented the CA from being loaded under Admin > Users > LDAP/AD Integration on systems using PHP 7+. I don't think this is related to the issue you're seeing, but do either of these apply to your system?
Run the following to gather a packet capture while you try to import users from ldap:
Let this run just long enough to reproduce the problem and use CTRL+C to stop it. Please PM me the output.pcap(zip it first).
Run the following to gather a packet capture while you try to import users from ldap:
Code: Select all
yum -y install tcpdump
tcpdump -s 0 -i any -w ouptput.pcap
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
optionstechnology
- Posts: 234
- Joined: Thu Nov 17, 2016 11:26 am
Re: 5.6.7 Not listing LDAP Users for Import
I've PM'd the zip file to you.
FYI this isn't just affecting importing users. It means users can't log in (or have to try numerous times to get logged in). As previously mentioned, it fails then occasionally works.
I've experienced this myself on every Nagios instance we have that's been upgraded as of recently.
FYI this isn't just affecting importing users. It means users can't log in (or have to try numerous times to get logged in). As previously mentioned, it fails then occasionally works.
I've experienced this myself on every Nagios instance we have that's been upgraded as of recently.
Re: 5.6.7 Not listing LDAP Users for Import
The certificate that dc2 is responding with appears to have expired. Please see PM highlighting the issue.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
optionstechnology
- Posts: 234
- Joined: Thu Nov 17, 2016 11:26 am
Re: 5.6.7 Not listing LDAP Users for Import
Great thanks! Working to get this rectified now. Will post an update shortly
Re: 5.6.7 Not listing LDAP Users for Import
Sounds good. Keep us posted!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
-
optionstechnology
- Posts: 234
- Joined: Thu Nov 17, 2016 11:26 am
Re: 5.6.7 Not listing LDAP Users for Import
You can close this baby up - cert has been renewed on our DC and has fixed the issue.
I appreciate the help!
I appreciate the help!
Re: 5.6.7 Not listing LDAP Users for Import
Glad to hear!
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.