Nagios Support Forum

Posted: **Fri Aug 28, 2015 11:11 am**

I've modified the code to use ad_username and ad_password (I tried both DN notation and just using the username) but I still receive the same error in the Apache log:

res_errno: 49, res_error: <80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1>, res_matched: <>

The browser also now displays the following after attempting to login with an AD user (sanitized):

exception 'adLDAPException' with message 'Bind to Active Directory failed. Either the LDAPs connection failed or the login credentials are incorrect. AD said: Invalid credentials' in /usr/local/nagiosxi/html/includes/components/active_directory/adLDAP/adLDAP.php:415 Stack trace: #0 /usr/local/nagiosxi/html/includes/components/active_directory/adLDAP/adLDAP.php(370): adLDAP->connect() #1 /usr/local/nagiosxi/html/includes/components/active_directory/active_directory.inc.php(402): adLDAP->__construct(Array) #2 /usr/local/nagiosxi/html/login.php(366): active_directory_component_check_authentication('process_auth_in...', Array) #3 /usr/local/nagiosxi/html/login.php(427): check_login_credentials('TESTEDADUSERNAME', 'TESTEDADPASSWORD, Array, Array) #4 /usr/local/nagiosxi/html/login.php(59): do_login() #5 /usr/local/nagiosxi/html/login.php(27): route_request() #6 /usr/local/nagiosxi/html/login.php(2): sg_load('100590ECE1845C2...') #7 {main}

Posted: **Fri Aug 28, 2015 1:57 pm**

How are you having it connect that it doesn't connect to the RootDSE which should allow anonymous?

Posted: **Mon Aug 31, 2015 10:41 am**

None of our AD servers allow anonymous bind through LDAP. We connect several other applications using authenticated bind without issue. Is anonymous bind a requirement for this implementation? This will be problematic for us.

Posted: **Mon Aug 31, 2015 4:35 pm**

The reason why I ask is because I'm not sure if it'll work and I would like to test it and try to help you get it working but everything I've read says you can't force auth on the rootDSE per LDAP spec so I'm asking how you have it configured so that I can lab it up here.

Posted: **Mon Oct 05, 2015 11:43 am**

I can confirm that I am unable to make anonymous binds against our AD via LDAPS. Queries only succeed with authenticated queries.

Posted: **Tue Oct 06, 2015 11:07 am**

I think at this point we need to let the developers do their thing. We can make minor edits here and there, but this is turning out to be more than just a one- or two-line fix. There is a feature request in place, and XI has been under heavy development recently since we just released XI 5. We are also releasing a new AD/LDAP component some time this week, so we'll see if the changes get added.

Posted: **Wed Jan 06, 2016 12:39 pm**

Just to close this out, Nagios XI 5 resolved all of our AD binding issues. Thanks.

Posted: **Wed Jan 06, 2016 12:40 pm**

Glad to hear it. I'll go ahead and close this one.

Nagios Support Forum

Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding

Re: Active Directory Authentication and LDAP binding