Nagios hitting LDAP server for local logins

[btk]

Hello,

We're running on 5.11.3 and are in the process of retiring our current LDAP server. While sifting through firewall logs to find out which systems were still hitting that LDAP server, I noticed our Nagios VM in the list.

Our Nagios users all use local authentication. To test, I added an iptables rule blocking connections to the LDAP server. While that rule was in place, authenticating to the Nagios web interface would hang. As soon as I removed the rule, I was then able to authenticate.

Under Admin -> LDAP/AD Integration: I get the message: "There are currently no LDAP or AD servers to authenticate against."
Under Admin -> Manage Users: All users have an "Auth Type" of "Local"

I've grepped through config at the CLI and I'm coming up blank. Where else could an LDAP connection be defined?

[jmichaelson]

A couple of questions for you. Had you enabled LDAP integration at some point in the past? And are there by chance any sessions on Admin->User sessions that might be LDAP enabled?

[btk]

It's possible it was enabled at one point, but it hasn't been for at least 4 years since I took over the installation.

There are only two sessions listed under Active Sessions right now and both users are shown as "Local" authentication in the user list.

[btk]

To continue troubleshooting, I created a new admin user that has never before existed on this server. Its Auth Type is "Local (Default)". When logging in with this new account, I was able to change my password in Nagios successfully and log in with the new password.

When logging in, tcpdump shows a brief flurry of activity on tcp/636 towards our LDAP server. Again, if I block outbound LDAPS, the login attempt hangs. As soon as I unblock it again, login succeeds.

[jmichaelson]

This is most unusual. I'd like you to go into the user edit page (the pencil icon next to the user name) on the manage users admin page. Down at the bottom there's an Auth type link. In turn, select LDAP and AD in the list and see if the fields that show up are populated. If they aren't, you may have to open up a full on support ticket for help with this.

Either way, I'd also recommend upgrading to the latest Nagios XI version as well. 5.11.3 is several months out of date now.

[btk]

Upgrading is on our to-do list once our busy season is over later this month.

Switching my user to LDAP or AD auth did not populate any of the new fields.

What additional diagnostic information would be helpful with the support ticket?

[btk]

Case 00009996.

[sgardil]

Case 00009996.

You can send them a link of this forum post as a refrence. They also may ask for a system profile if you want to pre-emptively get them that information.