Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Unable to get LDAP integration to work. The page just hangs

https://support.nagios.com/forum/viewtopic.php?t=46559

Page 1 of 1

Unable to get LDAP integration to work. The page just hangs

Posted: Thu Nov 30, 2017 1:11 pm
by harshalx
Hello,
I'm trying to integrate corp LDAP with Nagios XI. I have configured my LDAP server as shown below.

Image

The credentials that I am entering to my LDAP server work perfectly fine as shown below:

Code: Select all

ldapsearch -x -v -h ds01.mon.eng.sjc01.qualys.com uid=hvaidya -W
ldap_initialize( ldap://ds01.mon.eng.sjc01.qualys.com )
Enter LDAP Password:
filter: uid=hvaidya
requesting: All userApplication attributes
# extended LDIF
#
# LDAPv3
# base <dc=corp,dc=qualys,dc=com> (default) with scope subtree
# filter: uid=hvaidya
# requesting: ALL
#

# hvaidya, DevOps, India, Asia, CorpUsers, corp.qualys.com
dn: uid=hvaidya,ou=DevOps,ou=India,ou=Asia,ou=CorpUsers,dc=corp,dc=qualys,dc=c
 om
ntUserLastLogon: 131558001256626377
memberOf: cn=sec-build,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=com
memberOf: cn=sec-development,ou=opsgroups,dc=corp,dc=qualys,dc=com
memberOf: cn=vpn-devops,ou=vpn,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=
 com
memberOf: cn=vpn-ops,ou=vpn,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=com
memberOf: cn=sec-concur,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=com
memberOf: cn=sec-development,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=co
 m
memberOf: cn=sec-devops-mon,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=com
memberOf: cn=sec-devops,ou=security,ou=corpgroups,dc=corp,dc=qualys,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: ntUser
objectClass: posixAccount
objectClass: inetUser
loginShell: /bin/bash
homeDirectory: /home/hvaidya
gidNumber: 3571
uidNumber: 3571
l: Pune
ntUserDeleteAccount: true
uid: hvaidya
sn: Vaidya
title: Senior Manager, DevOps
description: Senior Manager, DevOps
physicalDeliveryOfficeName: Pune
givenName: Harshal
cn: Harshal Vaidya
ntUserCodePage: 0
ntUserAcctExpires: 9223372036854775807
ntUserDomainId: hvaidya
mail: [email protected]
manager: uid=psingh,ou=Dev,ou=HQ,ou=US,ou=NorthAmerica,ou=CorpUsers,dc=corp,dc
 =qualys,dc=com
ntUniqueId: 8d9a3050270b7542bf0b0e39b283247a

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
When I enter the exact same credentials when I want to import users from LDAP into XI, the page just hangs and never returns back.
Image

Please give me some pointers on where to look for as to what is going wring. Logs for httpd, nagios core and XI are looking clean. Neither does the UI give any error which can be investigated.

Re: Unable to get LDAP integration to work. The page just ha

Posted: Thu Nov 30, 2017 3:21 pm
by dwhitfield
I know you said the apache logs look clean, but we see a lot of LDAP issues with /etc/php.ini. In that file, please change the following to the listed numbers (unless the numbers are higher than these):

max_execution_time = 60
max_input_time = 120
memory_limit = 256M

Also, please add the following line:
max_input_vars = 10000

After making these changes you'll need to restart the httpd service:

# service httpd restart

Additionally, can you PM me your Profile? You can download it by going to Admin > System Config > System Profile and click the ***Download Profile*** button towards the top. If for whatever reason you *cannot* download the profile, please put the output of View System Info (5.3.4+, Show Profile if older) in the thread (that will at least get us some info). This will give us access to many of the logs we would otherwise ask for individually. If security is a concern, you can unzip the profile take out what you like, and then zip it up again. We may end up needing something you remove, but we can ask for that specifically.

You can also generate a profile manually using the script at /usr/local/nagiosxi/html/includes/components/profile/getprofile.sh

That should generate a profile in /usr/local/nagiosxi/var/components/ which you can get off the server with an application such as FileZilla.

After you PM the profile, please update this thread. Updating this thread is the only way for it to show back up on our dashboard.

If you get an error that PROFILE BUILD FAILED, please see https://support.nagios.com/kb/article.p ... ategory=44
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited