Page 1 of 2
ldap integration problem
Posted: Wed Jul 13, 2016 3:33 pm
by benhank
hey guys, Im trying to setup ldap in N5.
Following the instructions from the pdf,
Code: Select all
Using_SSL_with_XI_Active_Directory_Component
it says
Code: Select all
cd /etc/openldap/cacerts
openssl s_client -showcerts -connect XXX.XXX.XXX.XXX:636 > ldapsrv1.crt
I dont have that directory. What do I have to do to prep my server for the ldap integration?
Also when I go to admin/manage components, there is a active directory component listed there (it's up to date), do I need to do anything with that?
Whats the difference between the two?
Re: ldap integration problem
Posted: Wed Jul 13, 2016 3:38 pm
by ssax
Delete your CA certs in the web interface then run these commands:
Code: Select all
mkdir /etc/openldap/cacerts
chown apache.nagios /etc/openldap /etc/openldap/cacerts /etc/openldap/certs
chmod 664 /etc/openldap/ldap.conf
chmod 775 /etc/openldap /etc/openldap/certs /etc/openldap/cacerts
sed -i 's/TLS_CACERTDIR/#TLS_CACERTDIR/g' /etc/openldap/ldap.conf
echo "TLS_CACERTDIR /etc/openldap/cacerts" >> /etc/openldap/ldap.conf
service httpd restart
Then add the CA certificates back in the web interface and try it again.
That should fix it for you.
Re: ldap integration problem
Posted: Wed Jul 13, 2016 3:41 pm
by ssax
Also, you can delete that component if you don't use it at all, it was left in for compatibility.
Re: ldap integration problem
Posted: Thu Jul 21, 2016 10:39 am
by benhank
I dont know what Im doing wrong but I cant get this to work.
Re: ldap integration problem
Posted: Thu Jul 21, 2016 10:55 am
by ssax
Are you authenticating against an AD server or an LDAP server? If you're using AD make sure to select that in the settings. You are using the CA's certificate not the domain controller's/ldap server's certificate, right?
Re: ldap integration problem
Posted: Thu Jul 21, 2016 11:20 am
by benhank
I think its all ldap
Capture.PNG
Re: ldap integration problem
Posted: Thu Jul 21, 2016 11:32 am
by ssax
Run this command:
Code: Select all
sed -i 's/\/\/ Otherwise check authentication/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php
Then run this tail command, try to import/authenticate, and then send me the entire output from the tail command:
When you are done, revert the change with this command:
Code: Select all
sed -i 's/ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);/\/\/ Otherwise check authentication/g' /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/ldap_ad_integration.inc.php
Thank you
Re: ldap integration problem
Posted: Thu Jul 21, 2016 12:03 pm
by benhank
ok will do!
Re: ldap integration problem
Posted: Thu Jul 21, 2016 12:09 pm
by benhank
Code: Select all
ldap_free_connection: actually freed
[Thu Jul 21 13:08:29 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:29 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/utils-status.inc.php on line 103, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: strtotime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/utils-status.inc.php on line 103, referer: http://lkendrwatsonp01/nagiosxi/admin/
[Thu Jul 21 13:08:30 2016] [error] [client 172.26.70.106] PHP Warning: strftime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/utilsl.inc.php on line 571, referer: http://lkendrwatsonp01/nagiosxi/admin/
==> /var/log/httpd/ssl_error_log <==
[Wed Jul 20 15:07:26 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 20 15:07:27 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 20 15:09:44 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed Jul 20 15:09:44 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:20:21 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:20:21 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:30:14 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:30:14 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:44:32 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Thu Jul 21 11:44:32 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
==> /var/log/httpd/error_log <==
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/pageparts.inc.php on line 99, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:40 2016] [error] [client 172.26.70.106] PHP Notice: Undefined offset: 1000 in /usr/local/nagiosxi/html/includes/components/helpsystem/helpsystem.inc.php on line 252, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldaps.atriushealth.org:636
ldap_new_socket: 20
ldap_prepare_socket: 20
ldap_connect_to_host: Trying 172.22.192.141:636
ldap_pvt_connect: fd: 20 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f6147908ba0 msgid 1
wait4msg ld 0x7f6147908ba0 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f6147908ba0 msgid 1 all 1
** ld 0x7f6147908ba0 Connections:
* host: ldaps.atriushealth.org port: 636 (default)
refcnt: 2 status: Connected
last used: Thu Jul 21 13:08:40 2016
** ld 0x7f6147908ba0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f6147908ba0 request count 1 (abandoned 0)
** ld 0x7f6147908ba0 Response Queue:
Empty
ld 0x7f6147908ba0 response count 0
ldap_chkResponseList ld 0x7f6147908ba0 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f6147908ba0 NULL
ldap_int_select
read1msg: ld 0x7f6147908ba0 msgid 1 all 1
ldap_err2string
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
[Thu Jul 21 13:08:41 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internethealthreport/internethealthreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
[Thu Jul 21 13:08:41 2016] [error] [client 172.26.70.106] PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead in /usr/local/nagiosxi/html/includes/dashlets/internettrafficreport/internettrafficreport.inc.php on line 22, referer: http://lkendrwatsonp01/nagiosxi/includes/components/ldap_ad_integration/index.php
Re: ldap integration problem
Posted: Thu Jul 21, 2016 12:18 pm
by ssax
Does it give you an error in the interface? If so, what does it say exactly? If your DN uses uid (uid=benhank,ou=blah,dc=blah,dc=blah), please try typing in your whole user DN (uid=benhank,ou=blah,dc=blah,dc=blah) in the username box.
Also, which LDAP server software are you using?