Page 1 of 2
LDAP integration
Posted: Thu Jul 21, 2016 2:51 pm
by Linuxlogger
I have a couple of questions about NLS and LDAP integration.
1. How do you set NLS up with an LDAP server that does not anonymous user to query the users
2. Does NLS import the user database then allow assignment of rights or do you have to login with a privileged account each time you want to add a user?
3. Can you import multiple user accounts at the same time.
Dave
Re: LDAP integration
Posted: Thu Jul 21, 2016 3:01 pm
by hsmith
Linuxlogger wrote:1. How do you set NLS up with an LDAP server that does not anonymous user to query the users
Can you please expand upon this one a bit more?
Linuxlogger wrote:2. Does NLS import the user database then allow assignment of rights or do you have to login with a privileged account each time you want to add a user?
You need to log in each time you want to add a user.
Linuxlogger wrote:3. Can you import multiple user accounts at the same time.
You can select multiple users using the checkboxes.
Re: LDAP integration
Posted: Tue Aug 02, 2016 10:41 am
by Linuxlogger
How do you set NLS up with an LDAP server that does NOT ALLOW anonymous user to query the users.
I believe that our last attempt was successful as we were able to login to the LDAP using the ldapbind user, but it returned no user list to select from.
It might be that there are some settings on our side.
Re: LDAP integration
Posted: Tue Aug 02, 2016 11:23 am
by Linuxlogger
Ok, Let me try and make this a little clearer. We have set up the BaseDN with the following cn=users,o=ops,dc=mycompany,dc=com with this configuration, when I click "Add LDAP/AD user" I am prompted for valid admin level ldap credentials. I log in with my ldapadmin user, everything is good so far. The problem is that I can't see any of the users in ldap to add them to NLS.
linuxlogger
LDAP users not displayed in Add LDAP/AD users
Posted: Tue Aug 02, 2016 12:54 pm
by Linuxlogger
We have set up the LDAP server with the correct address, and the Base DN with the following cn=users,o=ops,dc=mycompany,dc=com with this configuration, when I click "Add LDAP/AD user" I am prompted for valid admin level ldap credentials. I log in with my ldapadmin user, everything is good so far. The problem is that I can't see any of the users in ldap to add them to NLS. Is there something I am missing?
LinuxLogger
Re: LDAP integration
Posted: Tue Aug 02, 2016 3:49 pm
by ssax
I have merged your two topics together, please do not create multiple topics for the same issue.
I understand what the issue is, can you get a list of what objectClasses your LDAP users have defined on them (like person, inetOrgPerson, posixAccount, shadowAccount, organizationalPerson)?
- Note: They are case-sensitive, so please make sure they are correct so that I can look at the code and see where the problem is.
Also, what LDAP server software are you using?
Thank you
Re: LDAP integration
Posted: Fri Aug 05, 2016 9:04 am
by Linuxlogger
We use inetOrgPerson and the LDAP server in IBM Security Directory server.
Does the user need to be a full LDAP administrator to add users or will an enumerator account work?
Re: LDAP integration
Posted: Fri Aug 05, 2016 9:53 am
by ssax
I believe you need to use the LDAP administrator account, please try it with one of those accounts to validate if it's working that way, it is not doing an anonymous bind if you type in your username/password.
One thing to try is to go up a level with the Base DN, so try
o=ops,dc=mycompany,dc=com (also try just
dc=mycompany,dc=com) instead of
cn=users,o=ops,dc=mycompany,dc=com.
Also, please edit this file:
Code: Select all
/usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php
Around line 84 change this code:
Code: Select all
public function findBaseDn()
{
$namingContext = $this->getRootDse(array('namingcontexts'));
return $namingContext[0]['namingcontexts'][0];
}
To this:
Code: Select all
public function findBaseDn()
{
$namingContext = $this->getRootDse(array('namingcontexts'));
var_dump($namingContext);
return $namingContext[0]['namingcontexts'][0];
}
Re-login to the interface and it will print out a long string of text in the browser, please copy all of it and PM or post it here.
Thank you
Re: LDAP integration
Posted: Fri Aug 05, 2016 12:38 pm
by Linuxlogger
Can you please recheck that path. On my server I don't have /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php. I have a /usr/local/nagioslogserver/ path but don't see a basicLDAP.php anywhere in the file system.
Re: LDAP integration
Posted: Fri Aug 05, 2016 2:02 pm
by ssax
Sorry..
Code: Select all
/var/www/html/nagioslogserver/application/libraries/BasicLDAP.php