Ad Widget

**rivermigue** · 02-07-2024, 16:24

Try changing this
Host : ldaps://company.com
to
Host : ldaps://company.com:636

**ZATA45** · 03-07-2024, 17:43

Hello,
I did but it's not working

Kinds regards,

**DL7BJ** · 16-07-2024, 08:54

Hello,

same here, but also ldap on Port 389.

I have tested the connections to Active Directory with ldap and ldaps, using ldapsearch and and we are using also Redmine, DokuWiki, Nextcloud with ldap (AD) auth, all without any problems. Now I installed for evaluation purposes Zabbix and can't connect to the AD. I tried it simple, without JIT provisioning, with ldap and ldaps, but no connection.

I active the debug logging, but I can't see anything about a ldap connection in the log, no hostname, ip address of ldap server. It seems, that the test button for the ldap connection has no real function.

Tom

**DL7BJ** · 17-07-2024, 08:12

I just made a test with a short Bind DN like CN=Zabbix,CN=Users,DC=example,DC=local. If I use this short Bind DN the test button works. But normally we have a extensive structure of our AD with a long Bind DN like CN=Zabbix,CN=Users_Extra_Service, OU=Users_Extra, OU=Policies,DC=example,DC=local Could this be the problem? I remember, such a problem I had have with another tool, too. So I have to move that user also, that the Bind DN is short.

**zabbixuser39393** · 18-07-2024, 08:50

Here is also long Bind DN for used account, and does not work.

**DL7BJ** · 18-07-2024, 09:54

I made a reverse test and a test with other accounts within the long Bind DN. These other accounts had all a account name with only lower case. For Zabbix I created a user with the CN Zabbix. I deleted this user and create a new account with only lower letters: z_sso. With this account I have had also no problems with the long Bind DN. It's seems, that there is a problem with lower and upper chars in sAMAccountName.

Could someone try a similiar test?

Tom

**pasta-up** · 21-08-2024, 23:27

I had issues with this also today
My config was working fine with ldap and port 389, but didn't work for ldaps/636.
While searching I found this page and noticed a few posts about people having issues with long Bind DN values in distinguished name format.

I tried switching the bind dn value from distinguished name to upn format since that was significantly shorter in my situation and it worked fine.
ex: [email protected]

Not sure why it worked with the new format.
My blind assumption is something is failing when evaluating the certificate when using DN format, but I have nothing to back up that assumption.

**ZATA45** · 18-09-2024, 16:59

Hello, my LDAPS It's working now in zabbix 7.0.3 !

Configuration :

Name : COMPANY
Host : ldaps://company.domain.com
Port : 636
Base DN : DC=domain,DC=com
Search attribute : sAMAccountName
Bind DN : CN=serviceaccount,OU=Zabbix,OU=Technique,DC=domain ,DC=com

LDAP.conf :

SASL_NOCANON on

TLS_REQCERT allow

Thank's all for your answers !
Kind regards,

Attached Files

**zabbixuser39393** · 19-09-2024, 13:52

Our ldaps in Zabbix did start work also after I removed from openldap.conf file this configuration line

TLS_CACERT /etc/openldap/certs/cacert.pem

**zabbixuser39393** · 27-02-2025, 10:46

Originally posted by zabbixuser39393

Our ldaps in Zabbix did start work also after I removed from openldap.conf file this configuration line

TLS_CACERT /etc/openldap/certs/cacert.pem

And now with new installation and same kind settings that works other zabbix, it didn't start to work. This is hard

(Red Hat 9).

Does anyone knows, which server do ldap authentication, when You have WebUI, server and database each on different servers?

**zabbixuser39393** · 27-02-2025, 15:06

Originally posted by zabbixuser39393

And now with new installation and same kind settings that works other zabbix, it didn't start to work. This is hard

(Red Hat 9).

Does anyone knows, which server do ldap authentication, when You have WebUI, server and database each on different servers?

That was SELinux restriction... Now it works again.

Ad Widget

LDAPS with Zabbix 7

LDAPS with Zabbix 7

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment