LDAP Import Problems
Posted: Thu Dec 20, 2018 11:45 am
We're having some difficulties getting LDAP/AD Integration working with NagiosXI, so let me try and describe what we're experiencing:
We have 3 different LDAP environments to potentially authenticate against (don't ask): 2 are openldap, 1 is Active Directory (again, don't ask).
I have attempted to get all 3 up and working, but the problem with all of them seems to be basically the same:
I have verified all connection info with respect to baseDN/security type/certificates.
I can successfully use this information to run ldapsearch on the command line to walk the OU and get results, as well as in Apache Directory Studio.
I can use samesaid privileged user account credentials to auth against the LDAP server.
After authenticating, when you are on the Select Users to Import page, I can only see a few OUs in the entire tree, I cannot select any of them, and they aren't any of the OUs where users are located.
All of the LDAP/AD systems have well over 1000 users, which at a guess is what is the problem here. (one of these is a legacy system with over 35k users).
It is extremely unlikely that I will be able to convince corp to increase the MaxPageSize setting beyond the 1000 default. If there is an OpenLDAP equivalent to this it is also unlikely that will be changed, because $REASONS.
I've enclosed logs/information for only 1 ldap instance, as it is the most likely server we will be importing against.
Help me Obi-Wan, you're my only hope.
We have 3 different LDAP environments to potentially authenticate against (don't ask): 2 are openldap, 1 is Active Directory (again, don't ask).
I have attempted to get all 3 up and working, but the problem with all of them seems to be basically the same:
I have verified all connection info with respect to baseDN/security type/certificates.
I can successfully use this information to run ldapsearch on the command line to walk the OU and get results, as well as in Apache Directory Studio.
I can use samesaid privileged user account credentials to auth against the LDAP server.
After authenticating, when you are on the Select Users to Import page, I can only see a few OUs in the entire tree, I cannot select any of them, and they aren't any of the OUs where users are located.
All of the LDAP/AD systems have well over 1000 users, which at a guess is what is the problem here. (one of these is a legacy system with over 35k users).
It is extremely unlikely that I will be able to convince corp to increase the MaxPageSize setting beyond the 1000 default. If there is an OpenLDAP equivalent to this it is also unlikely that will be changed, because $REASONS.
I've enclosed logs/information for only 1 ldap instance, as it is the most likely server we will be importing against.
Help me Obi-Wan, you're my only hope.