Nagios Support Forum

Hi dwhitfield,

It is getting really late here, thank you for your prompt support however. I will post the configuration done on LDAP client first thing in the morning and i am sure one of you could help me then.

Thanks again.

No problem. We're in US Central (America\Chicago on Linux) time in case you want to figure out the offset. Since you're in the General forum, a community member might get to it before we do tomorrow morning.

Hi everyone,

Please find the below screenshots showing ldapsearch from our Nagios server on LDAP instance. This validates that we are able to reach LDAP using port 3393.

The thing is for both the following commands,

ldapsearch -h 10.3.31.16 -p 3393 -w admin -D cn=admin,dc=TEST_SX -x -b 'dc=nagios,dc=TEST_SX' '(objectclass=*)'

and

ldapsearch -h 10.3.31.16 -p 3393 -w admin -D cn=admin,dc=TEST_SX -x -b 'dc=TEST_SX' '(objectclass=*)'

However, we are not able to login to LDAP from Nagios using base DN 'dc=TEST_SX'. Could this be an access issue? I am not sure if this is related to network.

Thanks.

rkennedy wrote: What directory service / version is running on the backend?

Could you please answer this?

Also, are you using port 3393 or 3389? You mentioned 3389, but the above commands look to reference 3393.

This will help us to get a bit more information as well. Please turn on debugging for the LDAP component by using the following command -

sed -i 's/\/\/ Otherwise check authentication/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Then, run a tail on your HTTP log files -

tail -f /var/log/httpd/*error_log

Now, try to submit the information once again to authenticate. Send over the information that the tail ends up spitting out.

To turn off the debugging, run the following -

sed -i 's/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/\/\/ Otherwise check authentication/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php

Hi Rkennedy,

We are running LDAP version 3. I hope this is what you meant by your query.

Apologies for the wrong information on port given earlier. We are using 3393 for test environment and 3392 for prod LDAP instance.

I have attached two outputs from HTTP log files. One is when we are trying to login with BASE DN 'dc=nagios,dc=TEST_SX' and the other with BASE DN 'dc=TEST_SX'.

It is to note that we are getting authentication error only while logging in using 'dc=nagios,dc=TEST_SX'. However, while logging in with 'dc=TEST_SX' is successful, it is not listing users which ldapsearch is returning. So, for clarity purposes, we are dealing with two issues here.

Thanks.

Can you send a screenshot of your LDAP setup in the XI WebUI?

dwhitfield wrote:Can you send a screenshot of your LDAP setup in the XI WebUI?

Hi dwhitfield,

I hope you mean screenshot of configuration of LDAP on Nagios XI GUI. I had attached the same in the first post of this thread. I am reattaching here for your reference.

Also, i have another query, our trial license is about to expire. So, will all the configuration i.e. Services , hosts and commands be lost? It might be some time before we secure a license.

We need this resolved as soon as possible.
Thanks.

I sent you a PM a few hours ago with instructions to email [email protected]. I notice that you haven't seen that yet, so I thought perhaps PMs didn't notify you via email like the board does. I wanted to make sure you got that information before the weekend.

Can you post the output of nmap 192.168.5.12 -p 3393 --reason? That port didn't show up in your original nmap, but you are album to run ldapsearch against it, so I want a little more information.

Hi dwhitfield,

Please find the result.

Thanks,
Piyus Sinha