AD auth for nagiosxi using SSL/Secure AD port

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
kubben
Posts: 19
Joined: Thu Jun 21, 2012 3:15 pm

AD auth for nagiosxi using SSL/Secure AD port

Post by kubben »

I would like to add our CA authority to our nagiosxi installs so i can run nagiosxi against our Active Directory servers on a secure port.

i went over this:

http://assets.nagios.com/downloads/nagi ... ponent.pdf

and after reading it added our CA cert exported from the signing auth server in pem format (x509) to the /etc/openldap/cacerts.pem file
edited the /etc/openldap/ldap.conf file to include

TLS_CACERT /etc/openldap/cacerts.pem

noting in the source document: http://www.vitki.net/book/page/how-acce ... -php-linux

Now tell OpenLDAP about your certificate verification means. Edit the /etc/openldap/ldap.conf file and add lines like these:

TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts.pem
You are not required to use both bundle file and hashed directory at the same time, either method is sufficient.

however, once httpd was restarted, i received this error:

PHP Notice: Undefined variable: port in /usr/local/nagiosfusion/html/includes/components/active_directory/active_directory.inc.php on line 252

and i noticed the input line on line 252 was commented out.

so i uncommented it, and restarted, and on the manage components, Active Directory Integration, settings page i now had a field to type in the port. i have tried both 636 and 3269, both of which are listening.

openssl s_client -connect myadserver.com:3269 -CAfile /etc/openldap/cacerts.pem

and

openssl s_client -connect myadserver.com:636 -CAfile /etc/openldap/cacerts.pem

return with:

Verify return code: 0 (ok)

what else needs to be done for this to work?

(i have tried putting the cert in the certdir as well; same result.)
Top
kubben
Posts: 19
Joined: Thu Jun 21, 2012 3:15 pm

Re: AD auth for nagiosxi using SSL/Secure AD port

Post by kubben »

ah. we've been using round robin DNS with each AD server having specific SSL certs per server. while some applications will ignore the ssl cert not matching, apparently xi does not. using a specific server, SSL enabled LDAP access to AD works.

this is likely more a architecture issue on our end. anyone feel free to suggest alternative ways to accomplish this without tying to a specific AD server.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: AD auth for nagiosxi using SSL/Secure AD port

Post by scottwilkerson »

I havent tested this but you may be able to get around it using the Answer here
http://stackoverflow.com/questions/3866 ... -using-php
Former Nagios employee
Creator:
Human Design Website
Get Your Human Design Chart
Top
kubben
Posts: 19
Joined: Thu Jun 21, 2012 3:15 pm

Re: AD auth for nagiosxi using SSL/Secure AD port

Post by kubben »

ah, thanks scott.
Top
Locked

Return to “Nagios XI”