Ad Widget

Collapse

using ldaps with zabbix

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • heba
    Member
    • Jan 2020
    • 40
    #1

    using ldaps with zabbix

    Dear All,

    Is it possible to use ldaps for zabbix authentication ?

    If yes, how to import certificate of the active directory to zabbix ?

    Thanks
    Heba
    Tags: None
    • halldorg
      Junior Member
      • Sep 2020
      • 5
      #2
      What I needed to do was to get the certificate via openssl s_client -connect dc.example.com:636 -showcerts
      then check /etc/ldap/ldap.conf for where the certificates are stored
      Then add the certficates from the DC to that file.
      After that I could successfully use ldaps://dc.example.com:636 as ldap server and port as 636

        Comment

        • heba
          Member
          • Jan 2020
          • 40
          #3
          Many Thanks Halldrog.

          Can you please paste example contents from your /etc/ldap/ldap.conf

          Thanks
          Heba

            Comment

            • srb
              Junior Member
              • Sep 2020
              • 10
              #4
              Depending on your version of Zabbix, we simply did the following:
              • Browsed to "Administration, Authentication"
              • Configured LDAPS settings in the tab "LDAP Settings"
              • Configured "Authentication" to use LDAP
              • Created a new user account without a password
              • On CentOs 7 we imported the Root CA certificate (PEM format if I recall correctly) into the ca-bundle by placing the Root cert in the "/etc/pki/ca-trust/source/anchors/" directory and ran the command "update-ca-trust enable"
              Can't recall if those were all the steps, but should help you get closer

                Comment

                • halldorg
                  Junior Member
                  • Sep 2020
                  • 5
                  #5
                  TLS_CACERT /etc/ssl/certs/ca-certificates.crt
                  TLS_REQCERT never


                  Then the file /etc/ssl/certs/ca-certificates.crt will contain the certificates

                    Comment

                    • LenR
                      Senior Member
                      • Sep 2009
                      • 1005
                      #6
                      It seems to be magical to include the port number in the ldaps url as above. I've had problems if that is left off, it doesn't seem to honor the port field.

                        Comment

                        • heba
                          Member
                          • Jan 2020
                          • 40
                          #7
                          Many Thanks Halldrog. it works

                            Comment

                            • Liroys27
                              Junior Member
                              • Sep 2022
                              • 1
                              #8
                              Hi, we are using k8s deployment with zabbix-server and zabbix-web pods inside using the latest image of:
                              zabbix server:
                              zabbix/zabbix-server-mysql:ubuntu-6.2.2

                              zabbix web:
                              zabbix/zabbix-web-nginx-mysql:ubuntu-6.2.2

                              I tried to go through the pod and look for /etc/ldap/ldap.conf but I don't see anything there. is there another path using this pod for importing root.ca for our domain?

                                Comment

                                Previous template Next
                                Working...