LDAP bind options?
Posted: Mon Oct 19, 2015 2:09 pm
I just upgraded to the latest version 5.2.0 and I'm having some trouble with the new LDAP authentication mechanism.
Previously we've been using the Active Directory Integration component (v 0.3) without issue to authenticate through an LDAP server. After I create a user account in Nagios that matches the LDAP account name, the user can log in.
I'm trying to match that configuration in the new LDAP/AD Integration screen, but I'm running into some issues.
I've created an entry for a new auth server. Type is LDAP, same base DN and LDAP host as I had with the old AD component, port 389, no security (for now).
When I try to import users using that server (with valid credentials), I get an "Unable to authenticate" warning.
I started up Wireshark to see what's happening, and it seems to be binding to the LDAP server as "CN=my_username,o=my_org", and getting a noSuchObject response.
The AD component works because it's binding as "uid=my_username,o=my_org".
Can we have an option to pick between CN or uid for the bind?
I found the bind command in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 60:
$dn = 'CN='.$dn.','.$this->baseDn;
If I change CN to uid, the bind works. Zero results returned, but I'm only worrying about one thing at a time...
Previously we've been using the Active Directory Integration component (v 0.3) without issue to authenticate through an LDAP server. After I create a user account in Nagios that matches the LDAP account name, the user can log in.
I'm trying to match that configuration in the new LDAP/AD Integration screen, but I'm running into some issues.
I've created an entry for a new auth server. Type is LDAP, same base DN and LDAP host as I had with the old AD component, port 389, no security (for now).
When I try to import users using that server (with valid credentials), I get an "Unable to authenticate" warning.
I started up Wireshark to see what's happening, and it seems to be binding to the LDAP server as "CN=my_username,o=my_org", and getting a noSuchObject response.
The AD component works because it's binding as "uid=my_username,o=my_org".
Can we have an option to pick between CN or uid for the bind?
I found the bind command in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 60:
$dn = 'CN='.$dn.','.$this->baseDn;
If I change CN to uid, the bind works. Zero results returned, but I'm only worrying about one thing at a time...