Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Monitoring LDAP - Could not bind to LDAP server

https://support.nagios.com/forum/viewtopic.php?t=57760

Page 1 of 1

Monitoring LDAP - Could not bind to LDAP server

Posted: Thu Mar 05, 2020 2:14 pm
by rferebee
Hello,

We are currently monitoring LDAP connections using the 'LDAP Server' service check (check_xi_service_ldap) built into XI.

A couple of the domain controllers we are monitoring recently had Secure Signing enabled and that has caused the service checks to stop functioning. See command and response below:

Code: Select all

/usr/local/nagios/libexec/check_ldap -H 10.x.x.x -b "OU=Service Accounts,DC=STATE,DC=STATE,DC=US" -D "CN=NagiosXI LDAP Check,OU=Service Accounts,DC=STATE,DC=STATE,DC=US" -P "ANYPASSWORD" -2 -p 3268
Could not bind to the LDAP server
That is the check we were originally using. It stopped working, so we tried changing the port to 3269 (Global Catalog check using SSL) but that doesn't work either. We know that authentication is working properly, so it's just the Nagios checks that need to be modified.

Are you aware of a way to monitor LDAP on a server that has Secure Signing enabled?

Thank you.

Re: Monitoring LDAP - Could not bind to LDAP server

Posted: Thu Mar 05, 2020 2:22 pm
by rferebee
You know what, I'm sorry. I should have taken a little more time to do some research. I found the solution.

https://docs.microsoft.com/en-us/previo ... and-ldap-3

We had to switch the service checks from using LDAP version 2 to version 3. The port can remain the same. Once I made this change the checks started working immediately.

Hopefully this helps someone in the future.

Thank you!

Re: Monitoring LDAP - Could not bind to LDAP server

Posted: Thu Mar 05, 2020 8:08 pm
by Box293
OK great, thanks for posting the solution.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited