AD auth for nagiosxi using SSL/Secure AD port
Posted: Tue Sep 25, 2012 11:18 am
I would like to add our CA authority to our nagiosxi installs so i can run nagiosxi against our Active Directory servers on a secure port.
i went over this:
http://assets.nagios.com/downloads/nagi ... ponent.pdf
and after reading it added our CA cert exported from the signing auth server in pem format (x509) to the /etc/openldap/cacerts.pem file
edited the /etc/openldap/ldap.conf file to include
TLS_CACERT /etc/openldap/cacerts.pem
noting in the source document: http://www.vitki.net/book/page/how-acce ... -php-linux
Now tell OpenLDAP about your certificate verification means. Edit the /etc/openldap/ldap.conf file and add lines like these:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts.pem
You are not required to use both bundle file and hashed directory at the same time, either method is sufficient.
however, once httpd was restarted, i received this error:
PHP Notice: Undefined variable: port in /usr/local/nagiosfusion/html/includes/components/active_directory/active_directory.inc.php on line 252
and i noticed the input line on line 252 was commented out.
so i uncommented it, and restarted, and on the manage components, Active Directory Integration, settings page i now had a field to type in the port. i have tried both 636 and 3269, both of which are listening.
openssl s_client -connect myadserver.com:3269 -CAfile /etc/openldap/cacerts.pem
and
openssl s_client -connect myadserver.com:636 -CAfile /etc/openldap/cacerts.pem
return with:
Verify return code: 0 (ok)
what else needs to be done for this to work?
(i have tried putting the cert in the certdir as well; same result.)
i went over this:
http://assets.nagios.com/downloads/nagi ... ponent.pdf
and after reading it added our CA cert exported from the signing auth server in pem format (x509) to the /etc/openldap/cacerts.pem file
edited the /etc/openldap/ldap.conf file to include
TLS_CACERT /etc/openldap/cacerts.pem
noting in the source document: http://www.vitki.net/book/page/how-acce ... -php-linux
Now tell OpenLDAP about your certificate verification means. Edit the /etc/openldap/ldap.conf file and add lines like these:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_CACERT /etc/openldap/cacerts.pem
You are not required to use both bundle file and hashed directory at the same time, either method is sufficient.
however, once httpd was restarted, i received this error:
PHP Notice: Undefined variable: port in /usr/local/nagiosfusion/html/includes/components/active_directory/active_directory.inc.php on line 252
and i noticed the input line on line 252 was commented out.
so i uncommented it, and restarted, and on the manage components, Active Directory Integration, settings page i now had a field to type in the port. i have tried both 636 and 3269, both of which are listening.
openssl s_client -connect myadserver.com:3269 -CAfile /etc/openldap/cacerts.pem
and
openssl s_client -connect myadserver.com:636 -CAfile /etc/openldap/cacerts.pem
return with:
Verify return code: 0 (ok)
what else needs to be done for this to work?
(i have tried putting the cert in the certdir as well; same result.)