FYI, it appears the instructions for configure AD/LDAP integration using SSL is incorrect (https://assets.nagios.com/downloads/nag ... d-LDAP.pdf) for RHEL 7 (we are on 7.8). The instructions state that the certificate authority certificate should be copied to /etc/openldap/cacerts (along with several steps to get to that point). The same steps are performed if you use the Web Site (Admin -> LDAP/AD Integration - Add Certificate). However, after performing these steps and verifying the correct certificate was included, I still could not add users from Active Directory.
In order to make it work, I had to copy the CA certificate to "/etc/pki/ca-trust/source/anchors" and run the "update-ca-trust" command to update CA trust store. After performing these steps I was able to authenticate to the AD servers. Also note that "ldapsearch" would not connect to AD without this change.
RHEL 7 Active Directory/LDAP Integration
Re: RHEL 7 Active Directory/LDAP Integration
Either way should technically work. There must've been an issue if it didn't work though the standard method. We can either work through that issue or you can use it the way you currently are.
If you'd like to work through it, please attach your /etc/openldap/ldap.conf and the output of these commands:
If you'd like to work through it, please attach your /etc/openldap/ldap.conf and the output of these commands:
Code: Select all
ls -l /etc/openldap
ls -l /etc/openldap/certs
ls -l /etc/openldap/cacerts