Page 1 of 1
LDAP / Active Directory Import Users fail
Posted: Wed Nov 14, 2018 1:28 pm
by vmesquita
Hello,
I am getting this error message when I try to import new users from LDAP. Also the LDAP users imported before doesn't login anymore:
Unable to authenticate: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)
Any ideas?
Re: LDAP / Active Directory Import Users fail
Posted: Wed Nov 14, 2018 4:51 pm
by ssax
unable to get local issuer certificate
This indicates that the XI server was unable to get the local issuer certificate for validation of the remote SSL certificate.
First things first, is this an LDAP server or is it a domain controller (meaning active directory)? If it's a domain controller make sure to set it as Active Directory. Knowing this info will help us guide you in the right direction.
Please follow this guide and post the debug output:
https://support.nagios.com/kb/article/a ... n-600.html
Please PM me a screenshot of your authentication server settings in
Admin > LDAP/AD Integration. (make sure to click the edit button next to the auth server so that I can see all the settings, also include the certificates that you have imported in the screenshot (they are on the right hand side if you've done this).
Please PM me your
/etc/openldap/ldap.conf as well as the ENTIRE output of these commands:
Code: Select all
echo "DONE" | openssl s_client -showcerts -connect YOURLDAPORDOMAINCONTROLLER:636
ls -ld /etc/openldap
ls -l /etc/openldap
ls -l /etc/openldap/certs
ls -l /etc/openldap/cacerts
Thank you
Re: LDAP / Active Directory Import Users fail
Posted: Fri Nov 16, 2018 9:37 am
by vmesquita
Thanks ssax!
I sent all the info requested by email.
Re: LDAP / Active Directory Import Users fail
Posted: Fri Nov 16, 2018 3:20 pm
by ssax
Received, replying with another command through PM because it contains sensitive information.