Nagios Support Forum

Dear Experts,

We are trying to integrate Nagios XI with LDAP. We have created a authentication server in Nagios. However, when we try to import users, we are getting below message after entering username and password to authenticate.

In general this message points to invalid credentials. But we are able to authenticate using these credentials in other systems. We also run "ldapsearch" Nagios server command line using same credentials. The ldapsearch connects without any errors and provides the results.

We enabled debugging but when the error is thrown no entries are updated in the log file. Can you please advise.

You need to use the ldap string/path rather than an @ uname. I forget what it's called. Yes it's a bit odd.

@ kg2857,

Thank you for the help. I tried different formats as below but it still fails with the same error. Do you have an working example.

I am trying like below:

LDAP://domain/cn=abc,ou=bcd,ou=cbd,ou=deg,dc=abc,dc=com

Base DN is configured as dc=abc,dc=com

This works in ldapsearch but not in nagios.

Yes, the DN.
Take away the LDAP:// bit.
It's a pain to get it what they want.

@kg2857,

Thanks a lot it helped. I could have never guessed that it needed this format. The below format worked.

cn=abc,ou=def,ou=ghi,dc=abc,dc=com

The authentication is successful. BUT, now I have a new issue. After authentication it returns a blank user list. The user I am using has the rights to query. I can get the users using ldapsearch.

The www.error-log shows below errors. Any idea what it is about.
PHP Notice: Undefined offset: 5 in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 101
PHP Notice: Undefined offset: 5 in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 101
PHP Warning: ldap_list(): Search: Operations error in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 155
PHP Warning: ldap_get_entries() expects parameter 2 to be resource, boolean given in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 156
PHP Notice: Undefined offset: 5 in /usr/local/nagiosxi/html/includes/components/ldap_ad_integration/basicLDAP.php on line 101

Can anyone help with this. We are still facing this issue

Just a guess but I'd guess the string (DN?) cn=abc,ou=def,ou=ghi,dc=abc,dc=com is somehow incorrect. Normally you'd see a tree in the left pane of your pic that you can click through til you see a list of users to select.

From my notes:
If the number of users in ldap gets larger than ~50, LDAP stops working in Nagios. Update values as shown and restart httpd.

# egrep '^max_execution_time|^max_input_time|^memory_limit|^max_input_vars' /etc/php.ini
max_execution_time = 30
max_input_time = 60
max_input_vars = 1000

Double the above from the defaults.
##########
The login username and password are the DN of the ldap admin user. For example: uid=admin,cn=users,cn=accounts,dc=iotsc,dc=cdsapps,dc=com

Base DN is the domain name:
dc=iotsc,dc=cdsapps,dc=com

Username:
uid=admin,cn=users,cn=accounts,dc=iotsc,dc=cdsapps,dc=com

Hi,

Thank you for your reply. The values are already more than what you are suggesting.

max_execution_time = 600
max_input_time = 1200
max_input_vars = 90000
memory_limit = 1024M

I am able to connect using the same user using ldapsearch from command line. ldapsearch connects and I can get a list of all the users.
Do we need any specific privileges to this user?

Maybe believing the ldapsearch syntax is correct isn't. When what you're doing doesn't work, maybe try something else, rather than saying the same thing over and over.

kg2857 wrote: ↑Mon Aug 07, 2023 5:24 am Maybe believing the ldapsearch syntax is correct isn't. When what you're doing doesn't work, maybe try something else, rather than saying the same thing over and over.

Not believing anything. Just trying to highlight that the user does not seem to have any issue. Just randomly trying different things without actually knowing what is happening did not seem to work till now. I was looking for help on the errors available on the log file as nothing else shows signs of any problems.