Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

FreeIPA Authentication change search

https://support.nagios.com/forum/viewtopic.php?t=62075

Page 1 of 2

FreeIPA Authentication change search

Posted: Wed Mar 24, 2021 11:47 am
by jm_mcg
Nagios XI 5.8.2
FreeIPA 4.6.8

I configured my FreeIPA server as an authentication source for Nagios XI. The parameters are given below though the domain is fictitious. When I attempt to import users, it fails with the message "Unable to authenticate: Could not connect to the LDAP server selected." I did a packet capture and found that it was trying to search for the username in the cn attribute while FreeIPA is putting the username in the UID attribute.

How can I change Nagios XI to look for the username in UID?

Configuration:
Connection Method: LDAP
Base DN: cn=users,cn=accounts,dc=my,dc=domain
LDAP Host: auth1.my.domain
LDAP Port: 389
Security: None

Re: FreeIPA Authentication change search

Posted: Wed Mar 24, 2021 6:39 pm
by ssax
When typing in your credentials during the import, make sure to use the full DN of your user:

Code: Select all

uid=username,cn=users,cn=accounts,dc=my,dc=domain
Does DNS work to translate the name to IP?

Code: Select all

ping auth1.my.domain
See here as well for additional troubleshooting steps:
- Follow the Enable Debug Logging and attach (or PM) the debug output

https://support.nagios.com/kb/article/a ... n-600.html

Re: FreeIPA Authentication change search

Posted: Tue Mar 30, 2021 10:05 am
by jm_mcg
My apologies for the slow response: I did not get a notification that a reply had been posted.

I tried using the full credentials. It connects, but then it presents an object called "profile." Clicking on profile yields the message "No users or computers found in this object."

I tried changing the base DN to no avail.

Is it expecting users to fall under a certain OU or have a certain class?

Re: FreeIPA Authentication change search

Posted: Wed Mar 31, 2021 11:17 am
by benjaminsmith
Hi jm_mcg,

Can you verify that the required object classes and attributes are present, see the end of the following document for details.

Nagios XI How to Authenticate and Import Users with Active Directory or LDAP

Also, please turn on debugging in the troubleshooting guide, tail the log, and post the output to the thread. Thanks, Benjamin

Active Directory / LDAP - Troubleshooting Authentication Integration

Re: FreeIPA Authentication change search

Posted: Wed Mar 31, 2021 12:02 pm
by jm_mcg
Hello,

All attributes listed in the document are present on users in our directory. Below is the output generated by click once on "Next" in the LDAP/Active Directory Import Users screen.

ldap_create
ldap_create
ldap_bind_s
ldap_simple_bind_s
ldap_sasl_bind_s
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP auth1.my.domain:389
ldap_new_socket: 19
ldap_prepare_socket: 19
ldap_connect_to_host: Trying 10.50.0.85:389
ldap_pvt_connect: fd: 19 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x5571067cccf0 msgid 1
wait4msg ld 0x5571067cccf0 msgid 1 (infinite timeout)
wait4msg continue ld 0x5571067cccf0 msgid 1 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
Empty
ld 0x5571067cccf0 response count 0
ldap_chkResponseList ld 0x5571067cccf0 msgid 1 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 1 all 1
read1msg: ld 0x5571067cccf0 msgid 1 message type bind
read1msg: ld 0x5571067cccf0 0 new referrals
read1msg: mark request completed, ld 0x5571067cccf0 msgid 1
request done: ld 0x5571067cccf0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_search
put_filter: "objectClass=*"
put_filter: default
put_simple_filter: "objectClass=*"
ldap_build_search_req ATTRS: namingcontexts
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x5571067cccf0 msgid 2
wait4msg ld 0x5571067cccf0 msgid 2 (infinite timeout)
wait4msg continue ld 0x5571067cccf0 msgid 2 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
Empty
ld 0x5571067cccf0 response count 0
ldap_chkResponseList ld 0x5571067cccf0 msgid 2 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 2 all 1
read1msg: ld 0x5571067cccf0 msgid 2 message type search-entry
wait4msg continue ld 0x5571067cccf0 msgid 2 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 2, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 2 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 2 all 1
read1msg: ld 0x5571067cccf0 msgid 2 message type search-result
read1msg: ld 0x5571067cccf0 0 new referrals
read1msg: mark request completed, ld 0x5571067cccf0 msgid 2
request done: ld 0x5571067cccf0 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
adding response ld 0x5571067cccf0 msgid 2 type 101:
ldap_parse_result
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_msgfree
ldap_search
put_filter: "(&(objectClass=*)(!(distinguishedname=dc=my,dc=domain)))"
put_filter: AND
put_filter_list "(objectClass=*)(!(distinguishedname=dc=my,dc=domain))"
put_filter: "(objectClass=*)"
put_filter: simple
put_simple_filter: "objectClass=*"
put_filter: "(!(distinguishedname=dc=my,dc=domain))"
put_filter: NOT
put_filter_list "(distinguishedname=dc=my,dc=domain)"
put_filter: "(distinguishedname=dc=my,dc=domain)"
put_filter: simple
put_simple_filter: "distinguishedname=dc=my,dc=domain"
ldap_build_search_req ATTRS: *
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x5571067cccf0 msgid 3
wait4msg ld 0x5571067cccf0 msgid 3 (infinite timeout)
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
Empty
ld 0x5571067cccf0 response count 0
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-entry
adding response ld 0x5571067cccf0 msgid 3 type 100:
wait4msg continue ld 0x5571067cccf0 msgid 3 all 1
** ld 0x5571067cccf0 Connections:
* host: auth1.my.domain port: 389 (default)
refcnt: 2 status: Connected
last used: Wed Mar 31 11:55:16 2021


** ld 0x5571067cccf0 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x5571067cccf0 request count 1 (abandoned 0)
** ld 0x5571067cccf0 Response Queue:
* msgid 3, type 100
chained responses:
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
* msgid 3, type 100
ld 0x5571067cccf0 response count 1
ldap_chkResponseList ld 0x5571067cccf0 msgid 3 all 1
ldap_chkResponseList returns ld 0x5571067cccf0 NULL
ldap_int_select
read1msg: ld 0x5571067cccf0 msgid 3 all 1
read1msg: ld 0x5571067cccf0 msgid 3 message type search-result
read1msg: ld 0x5571067cccf0 0 new referrals
read1msg: mark request completed, ld 0x5571067cccf0 msgid 3
request done: ld 0x5571067cccf0 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
adding response ld 0x5571067cccf0 msgid 3 type 101:
ldap_parse_result
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_first_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_values_len
ldap_next_attribute
ldap_get_dn
ldap_msgfree
ldap_free_connection 1 1
ldap_send_unbind
ldap_free_connection: actually freed

Re: FreeIPA Authentication change search

Posted: Thu Apr 01, 2021 11:25 am
by ssax
Please try changing your XI Base DN to be up a level, so from this:

Code: Select all

Base DN: cn=users,cn=accounts,dc=my,dc=domain
To this:

Code: Select all

Base DN: cn=accounts,dc=my,dc=domain
See if that show them.

If not, it's likely directly related to the objectclass that it is getting for the users/containers/OUs, can you grab ALL the objectclasses that one of your users has from the IPA server so that I can review them?

Re: FreeIPA Authentication change search

Posted: Thu Apr 01, 2021 1:19 pm
by jm_mcg
The base dn was already set to cn=accounts,dc=my,dc=domain. I did try reducing it to dc=my,dc=domain but the result was unchanged.

Here are the classes associated with my users:
inetorgperson
inetuser
ipaobject
ipaSshGroupOfPubKeys
ipasshuser
krbprincipalaux
krbticketpolicyaux
mepOriginEntry
organizationalperson
person
posixaccount
top

Re: FreeIPA Authentication change search

Posted: Fri Apr 02, 2021 1:48 pm
by ssax
Edit this file:

Code: Select all

/usr/local/nagiosxi/html/includes/components/ldap_ad_integration/index.php
Change this line (around line 511) from:

Code: Select all

        $types = array('inetorgperson', 'account', 'person', 'organizationalperson', 'shadowaccount', 'posixaccount', 'inetuser', 'ipaobject', 'ipasshuser', 'top');
To:

Code: Select all

        $types = array('inetorgperson', 'account', 'person', 'organizationalperson', 'shadowaccount', 'posixaccount', 'inetuser', 'ipaobject', 'ipasshuser', 'top');
Change this line (around line 783) from:

Code: Select all

                    $units = array('person', 'account', 'inetorgperson', 'organizationalperson', 'shadowaccount', 'posixaccount', 'inetuser', 'ipaobject', 'ipasshuser', 'top');
To:

Code: Select all

                    $units = array('person', 'account', 'inetorgperson', 'organizationalperson', 'shadowaccount', 'posixaccount', 'inetuser', 'ipaobject', 'ipasshuser', 'top');
Then try it again and see if that shows them now.

If it doesn't edit them again and add these to those lines to see which it's picking up:

Code: Select all

ipaSshGroupOfPubKeys
krbprincipalaux
krbticketpolicyaux
mepOriginEntry
If that doesn't show them, try changing your Base DN to:

Code: Select all

dc=my,dc=domain
Then click through the accounts users section and see if that helps.

Let us know the results.

Re: FreeIPA Authentication change search

Posted: Mon Apr 05, 2021 9:12 am
by jm_mcg
Hello,

I am a little confused. The file /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/index.php does not exist on my server. This is a Nagios NA server only, if that makes any difference.

Re: FreeIPA Authentication change search

Posted: Mon Apr 05, 2021 11:27 am
by ssax
You posted this in the Nagios XI section of the forums and your first post says:

Code: Select all

Nagios XI 5.8.2
If this is regarding NNA then we'll need to move it to the NNA forum section.

This is the file on NNA:

Code: Select all

/var/www/html/nagiosna/application/helpers/ldap_ad_helper.php
These are the line numbers you would need to add those to:

Code: Select all

224
377
See the No Users Returned section of this doc:

https://support.nagios.com/kb/article/a ... n-600.html
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited