LDAP auth error

[mon-team]

Hi,
I got the following error when i applied ldap authentication settings "LDAP libraries not installed! To install them, log into the server, and run 'yum install php-ldap'."
php-ldap have already been installed
[root@nagiosxi]# rpm -aq | grep php-ldap
php-ldap-5.3.3-26.el6.x86_64

Looking into http error.log --> [Thu Dec 05 08:05:47 2013] [error] [client ] PHP Notice: Undefined offset: 1 in /usr/local/nagiosxi/html/admin/components.php on line 292, referer: http://nagiosxi/nagiosxi/admin/

Could you help me resolve this issue?

I have Nagios XI 2012R2.2 on a CentOS release 6.3

BRegards

[abrist]

Have you restarted apache recently? You may have to do so for the ldap libraries to load:

Code: Select all

service httpd restart 

[mon-team]

OK, the restart of apache has fixed the issue.

Let me ask you another question.
my ldap authentication settings should look like this:
--------------------------------------------------------------------------------------------
Enabled -- checked
LDAP Host – ip_main,ip_backup
Base DN -- dc=y,dc=x
User DN -- uid=[USERNAME],ou=USER_GROUP,dc=y,dc=x
--------------------------------------------------------------------------------------------

We have 2 ldap servers (main and backup). Is it possible to set both the ip in order to guarantee users authentication in case of failure of the main node?
I can't set the user DN(fully distinguished name) because “ou=USER_GROUP” has different values according to the group the user belongs to. Any idea?

Thank for your help

[sreinhardt]

At this point, neither AD nor ldap components really allow for secondary domain controllers. You might be able to do this with some dns trickery to your nagios server, but that is a less than ideal solution. Otherwise we would love it if you could put in a feature request for multi server authentication with ldap on tracker.nagios.com!

[mon-team]

Any idea about my second question?

my ldap authentication settings should look like this:
--------------------------------------------------------------------------------------------
Enabled -- checked
LDAP Host – ip_main,ip_backup
Base DN -- dc=y,dc=x
User DN -- uid=[USERNAME],ou=USER_GROUP,dc=y,dc=x
--------------------------------------------------------------------------------------------

I can't set the user DN(fully distinguished name) because “ou=USER_GROUP” has different values according to the group the user belongs to. Any idea?

BR

[sreinhardt]

So are you needing to pull different users from different groups into xi with ldap? Is it possible to create a nagios or nagios_admins group to add them to, and have nagios specifically reference that? Sorry if I'm missing what your asking here.

[mon-team]

You are right.
This is the user fully distinguished name (DN) as defined in our ldap "uid=[USERNAME],ou=USER_GROUP,dc=y,dc=x", where USER_GROUP identifies the group the user belongs to.
Is there any solution that avoids changing on LDAP configuration?

So are you needing to pull different users from different groups into xi with ldap? Is it possible to create a nagios or nagios_admins group to add them to, and have nagios specifically reference that? Sorry if I'm missing what your asking here.

[sreinhardt]

Short of using a group that all your users, that need to access nagios, belong to not really. We understand this is an issue for some people, but have not had a good suggestion on what people would like to see in place of the current options. If you would, putting a bug\feature request into tracker.nagios.com and suggesting the ldap integration be able to search through multiple groups in order, would be a welcome option! The more detail you can give us on how you would expect it to work, and what would suite your needs, the better!

edit: just realized I suggested a feature request before, but it really is the only way to get things like this rolling on our end. I can suggest it all day long, but if no customers want it too, it will never happen.