LDAPS Active Directory Integration on CentOS 8

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
dfaenza
Posts: 32
Joined: Thu Nov 16, 2017 3:06 pm

LDAPS Active Directory Integration on CentOS 8

Post by dfaenza »

I am having some trouble with configuration of AD Integration using SSL/TLS on CentOS 8. We are currently running Nagios XI 5.7.5 on CentOS 8 (CentOS Linux release 8.2.2004 (Core)). I have followed the instructions on https://assets.nagios.com/downloads/nag ... ponent.pdf as well as tried moving the certs to /etc/pki/ca-trust/source/anchors and doing an update-ca-trust. There have not been any indications of errors and all seems to accepted, however when I try to log in to Nagios XI after updating the security dropdown in the LDAP/Active Directory integration I receive an invalid username or password message.

This process worked great on all our other Nagios XI instances which currently reside on CentOS 7 installations, however on our new installations on CentOS 8 I am receiving this error. Are there additional steps that need taken with CentOS 8 to configure the TLS/SSL security with Active Directory?
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: LDAPS Active Directory Integration on CentOS 8

Post by ssax »

Please PM me the full output of this command:
- Change X.X.X.X to what you have set for the AD server in Admin > LDAP/AD Integration

Code: Select all

openssl s_client -showcerts -connect X.X.X.X:636 </dev/null
Send the output of these commands as well:

Code: Select all

ls -ld /etc/openldap
ls -l /etc/openldap
ls -l /etc/openldap/certs
ls -l /etc/openldap/cacerts
cat /etc/openldap/ldap.conf
Top
dfaenza
Posts: 32
Joined: Thu Nov 16, 2017 3:06 pm

Re: LDAPS Active Directory Integration on CentOS 8

Post by dfaenza »

@ssax I sent a PM with the details. I would like to confirm you received it. It seemed to sit in my outbox for a while before actually going out
Top
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: LDAPS Active Directory Integration on CentOS 8

Post by ssax »

I sent you a PM, please read it.

Add those three certs to /etc/pki/ca-trust/source/anchors and then run:

Code: Select all

update-ca-trust extract
If you already add all three of those no need to do it again.

Then edit your /etc/openldap/ldap.conf and add this:

Code: Select all

TLS_CACERT /etc/pki/tls/certs/ca-bundle.crt
Then restart both httpd and php-fpm:

Code: Select all

systemctl restart httpd php-fpm
Now test again and let me know the results.
Top
dfaenza
Posts: 32
Joined: Thu Nov 16, 2017 3:06 pm

Re: LDAPS Active Directory Integration on CentOS 8

Post by dfaenza »

Worked like a charm! Thank you 1000x. You may mark this as resolved.
Top
benjaminsmith
Posts: 5324
Joined: Wed Aug 22, 2018 4:39 pm
Location: saint paul

Re: LDAPS Active Directory Integration on CentOS 8

Post by benjaminsmith »

Worked like a charm! Thank you 1000x. You may mark this as resolved.
Great!

Closing this out.

Thank you for using Nagios.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
Top
Locked

Return to “Nagios XI”