Monitoring LDAP - Could not bind to LDAP server

[rferebee]

Hello,

We are currently monitoring LDAP connections using the 'LDAP Server' service check (check_xi_service_ldap) built into XI.

A couple of the domain controllers we are monitoring recently had Secure Signing enabled and that has caused the service checks to stop functioning. See command and response below:

Code: Select all

/usr/local/nagios/libexec/check_ldap -H 10.x.x.x -b "OU=Service Accounts,DC=STATE,DC=STATE,DC=US" -D "CN=NagiosXI LDAP Check,OU=Service Accounts,DC=STATE,DC=STATE,DC=US" -P "ANYPASSWORD" -2 -p 3268
Could not bind to the LDAP server

That is the check we were originally using. It stopped working, so we tried changing the port to 3269 (Global Catalog check using SSL) but that doesn't work either. We know that authentication is working properly, so it's just the Nagios checks that need to be modified.

Are you aware of a way to monitor LDAP on a server that has Secure Signing enabled?

Thank you.

[rferebee]

You know what, I'm sorry. I should have taken a little more time to do some research. I found the solution.

https://docs.microsoft.com/en-us/previo ... and-ldap-3

We had to switch the service checks from using LDAP version 2 to version 3. The port can remain the same. Once I made this change the checks started working immediately.

Hopefully this helps someone in the future.

Thank you!

[Box293]

OK great, thanks for posting the solution.