Nagios Support Forum

G 'Day Nagios XI Support,

I have an issue and was hoping your developer team might be able to provide a solution. Seems like when you utilize the "LDAP / Active Directory Import Users" utility if there are tons of objects you are limited to a specific subset...for example in my case I have tons of users and unfortunately the UserGroups OU lives under the UserAccounts OU...thus because the ordering of what is returned when you select the UserAccounts OU you cannot reach the UserGroups OU and therefore have no way to import the users with the utility. What I was hoping is for the developers to add a "Filter" field that could be used to reduce the number of returned values.

So in my case I never get past the users that begin with the letter A...bummer dude!

My guess if you had a filter that could either reduce the number of users based on beginning letter or when you highlight the UserAccounts OU it would display any other OU's below it in the Navigator side to allow for selecting them...

Anyway the fact that I cannot at least filter by alphabetized start of word or a pagination feature limits the tool's ability to be helpful in large environments or where someone embeds groups under users...geeeezzzzz.

Anyway let me know and thanks,
Danny

It looks like the files in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/adLDAP/src/classes/ are what _could_ be edited but we'll have to look into it exactly how.

It sounds like the component may be running into the object limit that AD can return. The limit can be increased but in this case it sounds like it would need to be increased astronomically and probably not the way to go. https://blogs.technet.microsoft.com/qza ... r-2008-r2/ though in case you're interested in checking this out.

Another option would be to just create the user under Admin > Users > Manage Users and just select "Active Directory" from the Auth Type drop down and filling in the AD Username field. As long as the proper Base DN was used when setting up the AD integration, then there shouldn't be a problem for the user logging in.

Yes I can add users one at a time but when dealing with hundreds of people this can become unsustainable. The real issue here is not the actual tool itself but rather how a particular Active Directory administrator builds his AD tree. Placing the UserGroups OU under the UserAccounts OU places a burden on the extraction because as you stated the Limit on returned objects is a side effect of not being able to filter the query to obtain for example the alphabetized letter in UserGroups. I believe a development effort to allow for a filtered query would be a beneficial enhancement.

Thanks,
Danny

Completely agree, just throwing out some possible work arounds in case others come across the same problem : ) I've filed feature request task id # 12469 to get some more eyes on this.

Thank you and have a great weekend...

Regards,
Danny