Page 2 of 2
Re: Active directory connection not encrypted
Posted: Wed Jun 19, 2019 4:26 pm
by ssax
PHP should try to use the settings in
/etc/openldap/ldap.conf, please attach or PM one of us that file.
Please enable debug logging by following this KB article:
https://support.nagios.com/kb/article/a ... n-600.html
Then run this tail command (use this one instead of the guide and leave it running):
Code: Select all
tail -F /var/log/httpd/error_log /var/log/httpd/ssl_error_log
Then try to authenticate again and send me the entire output of the tail command above so that I can see what is occurring.
Re: Active directory connection not encrypted
Posted: Mon Jun 24, 2019 2:26 am
by sib
Hi
I sent a PM. The ldap.conf content seems pretty standard. There is no errors in the error logs even with debugging on
Code: Select all
# tail -f /var/log/httpd/error_log /var/log/httpd/ssl_error_log
==> /var/log/httpd/error_log <==
[Sun Jun 23 03:17:04.520574 2019] [auth_digest:notice] [pid 4223] AH01757: generating secret for digest authentication ...
[Sun Jun 23 03:17:04.524604 2019] [lbmethod_heartbeat:notice] [pid 4223] AH02282: No slotmem from mod_heartmonitor
[Sun Jun 23 03:17:04.609581 2019] [mpm_prefork:notice] [pid 4223] AH00163: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/5.4.16 configured -- resuming normal operations
[Sun Jun 23 03:17:04.609595 2019] [core:notice] [pid 4223] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
==> /var/log/httpd/ssl_error_log <==
Re: Active directory connection not encrypted
Posted: Mon Jun 24, 2019 4:37 pm
by ssax
Your ldap.conf looks fine, uou should have a LOT more output if you enabled debugging and tried to connect.
Please attach these files:
Code: Select all
/etc/php.ini
/etc/httpd/conf/httpd.conf
Re: Active directory connection not encrypted
Posted: Tue Jun 25, 2019 2:55 am
by sib
I still find it weird that it tries to connect to the old active directory settings even though I have removed it and added an ldaps with port 636
Capture_3.PNG
Here the other documents
php.ini
httpd.conf
Re: Active directory connection not encrypted
Posted: Tue Jun 25, 2019 4:42 pm
by ssax
I may know the issue, what is the output of this command:
Code: Select all
ls -l /usr/local/nagiosxi/html/includes/components
If you have an active_directory one AND an ldap_ad_integration one, remove the active_directory one:
Code: Select all
mv /usr/local/nagiosxi/html/includes/components/active_directory /home/nagios/
Re: Active directory connection not encrypted
Posted: Fri Jul 12, 2019 3:41 am
by sib
Hi
Sorry for the late reply but we needed some time to do proper testing. Moving the folder /usr/local/nagiosxi/html/includes/components/active_directory away has solved the problem. On 5.6.3 in our test environment this was not an issue and that folder did not exist?
best
Chris
Re: Active directory connection not encrypted
Posted: Fri Jul 12, 2019 1:07 pm
by benjaminsmith
Hi Chris,
Sorry for the late reply but we needed some time to do proper testing. Moving the folder /usr/local/nagiosxi/html/includes/components/active_directory away has solved the problem
Sounds good. We'll wait for an update after testing.
Re: Active directory connection not encrypted
Posted: Sat Jul 13, 2019 6:22 am
by sib
Hi
Testing is done. All working fine now
Thanks
Chris