Nagios Support Forum

I'm testing Nagios XI 5R1.0 prior to updating our production sites.
I upgraded my dev server successfully (on 2nd try) and all *seems* well.

But, we are using the AD Integration component (0.4) and I see the Admin page
contains an LDAP/AD Integration page.

What is the procedure to move from the component to the new feature? (if any)

I tried configuring the settings to the same values as our component, but I get
authentication failures for my login. I tried adding certs for the AD servers but
no joy. Then I tried removing the component. Still no joy (I'd configured a local
admin account before testing so I was able to login using that account.)

I'm hesitant to try to import users from AD since I don't know if it will try to
import ALL users or if it will give me a choice. (Importing all users would probably
crash the server.)

I don't see any usable on-screen help (I assume my browser settings are blocking the videos
since none of them will play) so I'm not sure how to proceed.

I can confirm on my dev system the 'AD Username' field does not save,
nor does the 'Allow local login if auth server login fails' checkbox.

These fields also don't seem to save for LDAP after hitting 'Update User' then re-editing the user:
'Users's Full DN' field
'Allow local login if auth server login fails' checkbox

I have the same issue where the AD Username & Allow Local Login aren't saved when I complete the user account update.
The difference between me & the OP is that I wasn't using the AD authentication before .
However , I am using AD authentication successfuly on NNA , so I have copied across all the AD settings - so I know they are correct.

Additionally , aftyer I chnaged the user to AD Authentication, the " Auth Type "field on the Manage Users screen remained blank. I tried updating the user account again and saw that the AD username was blank, I filled it in again and saved it. It now shows Auth Type "Active Directory" but the AD username remains blank whenever I edit it. Also tried logging in as that user in caase it was just a display problem - but login is not allowed.

BTW - I also have an Active Directory Integration Component installed (v.04) as well as the new LDAP/Active Directory Integration Core Component (v1.0.0)

regards.... Fred

I already reported the bug https://support.nagios.com/forum/viewto ... 70#p154928

I still need to know how we are supposed to migrate.
Do we keep the AD component, or delete it and use whatever version 5R1.0 uses?

Please see the following screenshot: The above screenshot is from our latest XI version - the only component that is available is the new active directory component. Clicking the 'settings' button leads to the same page that the navbar link does. What does yours look like?

As far as the AD/LDAP bugs that have been discussed above, the fixes are in place and will be available via a minor release this week.

On our production host (2014R2.7), we have:
---
Active Directory Integration
Uses Active Directory as a user authentication source.
Version: 0.4 Author: Nagios Enterprises, LLC User Edit Download Delete 0.4 Up to date
---
as well as:
--
LDAP Authentication
Provides LDAP authentication for Nagios XI. Experimental.
Version: 0.3 Author: Nagios Enterprises, LLC User Edit Download Delete 0.3
---
though we only use the AD component. (The LDAP component still has the default config settings.)



Our dev/test host was the same when I updated to 5R1.0, but since then I've removed the Active Directory Integration
component while troubleshooting the new AD configuration settings. I wasn't sure if the component was preventing the new
features from working. Now that I know there are problems in the new version, my question is: once the problems are fixed,
what is the procedure to migrate to the new features. Do we leave the components installed, or should we remove them prior
to configuring AD/LDAP on the Admin page under Users?

Theres is a new "check for update" feature in XI5 components. All you have to do is check for updates and install them. I imagine removing the component would not let it check for updates, so best practice would be to leave it.

So if I currently have AD integration component v0.3 will my AD stop working for my existing 100 or so users if we upgrade now? Just curious because if users can't login that qualifies as a "I can't upgrade until it's fixed" kind of issue.

'check for updates'
That's a joke, right?