Ad Widget

**fast.ryder** · 22-09-2008, 18:21

Got it solved - LDAP auth

Hello again.

I think I may have rushed to the problem: I was missing the php-ldap RPM package, from the "Updates" repository

I was getting this error:

HP Fatal error: Call to undefined function ldap_connect() in /var/www/html/zabbix/include/classes/cldap.inc.php on line 73, referer: http://10.0.0.254/zabbix/authentication.php

Solved it with:

yum install php-ldap

There´s nothing like the httpd error log file...

Anyway, Zabbix binded right out of the box, I just had to change the "Search Attribute" from uid (does not exist in Microsoft AD) to sAMAccountName.

Cheers,

Ivo Pereira
IT Consultant
Portugal

**Tristan** · 24-09-2008, 11:44

ERROR: LDAP Login was not successful

I had the same problem so i installed php-ldap.
But it looks like i don't know how to configure my ldap settings for active directory

these are my settings:
ldap host:myserver.temp.local
base dn: ou=users,dc=myserver,dc=local
search attribute: sAMAccountName
Bind dn: sAMAccountName=administrator,ou=users
bind password: blablabla

login: mytempuser
this is an active directory account.

do you have any idea?

**Tristan** · 24-09-2008, 11:55

Fixed

I have fixed. I have read a ldap tutorial and things become clear now

these are my new settings:
ldap host:myserver.temp.local
base dn: dc=temp,dc=local
search attribute: sAMAccountName
Bind dn: cn=administrator,CN=Users,DC=temp,DC=local
bind password: blablabla

Those settings works only for Active Directory. The example in the manual doens't work with AD.

**Tristan** · 28-09-2008, 21:22

Cannot login with LDAP.

With the setting i described above i can test the connection. It works perfect but when i try to login with my Active directory credentials(i used the same for the test) i cannot login.

I have tried another user account but no success. Both users are in zabbix and in active directory. When i use the test button it works perfect.

LDAP authentication is my default setting

**Tristan** · 29-09-2008, 13:24

has somebody a solution for this?

**NOB** · 30-09-2008, 14:16

Hi

No, no solution, yet, but an annoyance in the GUI:

Whenever there is a problem, e.g., a missing User Password, a warning
is shown and all the rest of the contents is deleted !

I'll try to find out, what the contents of the fields mean and test it.
Perhaps I get it to work. We want to use it with version 1.6.1 (waiting for
the real 1.6 manual, the web monitoring from Proxies, etc.).

Regards

Norbert.

**CeeEss** · 30-09-2008, 15:19

Originally posted by Tristan

has somebody a solution for this?

Strange - i was trying and failing to get LDAP working and your suggestion re:

Search attribute sAMAccountName

worked brilliantly. I am doing LDAP-based Zabbix logins now.

**NOB** · 30-09-2008, 17:10

Hi

I checked our AD using the LDP.exe from the Windows 2003 Resource tools.
Your choice of the objectname sAMAccountName seems very reasonable.
All the entries I checked in our AD did contain this field.

I think that the ZABBIX user must exactly (modulo lower/uppercase perhaps)
match the sAMAccountName in the AD.
So, did you check for lower-/uppercase account names or the real contents
of sAMAccountName ?

I am not sure who defines it but our AD shows at least these combinations
of names in this field:

firstname.lastname (all lower case)
Firstname.Lastname (just the first letter in upper case)
{FirstLetterOfFirstname}lastname (all lower case) and even
{FirstAndSecondLetterOfFirstname}lastname (all lower case)

These combinations will be a major headache for us, if we use the accounts
in our AD for authentication.
And the users are not that easy to find in the number of different usergroups, too.

It will save us from resetting password of our users, of course, and
the users don't have to remember one more password. The advantage of any SSO solution.

HTH,

Norbert.

P.S. According to CeeEss he got it to work

**Tristan** · 01-10-2008, 08:34

I kown that my input for samaccountname works because i tested with these credentials.

But when i try to login into zabbix i get a userlogon/password faillure. It looks like to me he even didn't use ldap, but i can't find a error in the zabbix logs or apache logs.

Ldap login is my default setting. gui access is system default.

**NOB** · 01-10-2008, 14:32

Originally posted by Tristan

I kown that my input for samaccountname works because i tested with these credentials.

But when i try to login into zabbix i get a userlogon/password faillure. It looks like to me he even didn't use ldap, but i can't find a error in the zabbix logs or apache logs.

Ldap login is my default setting. gui access is system default.

I have now both versions (1.4.6 and 1.6, agents and server) running on
my server (Solaris 9) with working LDAP-Authentication in 1.6 !

I installed php5_ldap (package from blastwave.org) and had to learn
something about LDAP.
Especially important is the "bind DN". I had to use the absolute
pathname to a user and, of course, the correct password.
Then I enabled LDAP authentication in the ZABBIX GUI.
I created a user group with GUI access Internal to allow login, even if LDAP (or AD)
is down. Everything seems to work fine !

All other LDAP settings modulo domain-name and suffix are the same
as in the previous posts.

I think, you'll need some ldap-client or library to really access LDAP.
This was already installed on our test system, so it wasn't needed in my case.

What is in your httpd error log file ?
Perhaps you find something in there.

HTH,

Norbert.

**Tristan** · 01-10-2008, 15:17

Hello
I'm really sure i can access ldap. WHen i configure my settings i tested ldap from zabbix with the administrator account. When i use my AD password i said:LDAP Login successful
So i'm 100% ldap lookup works

But when i use the same username (administrator) with my AD password to login to zabbix i get a username/password error.

My apache error and access logs don't have any usefull information

thnx anyway

**NOB** · 01-10-2008, 15:36

Originally posted by Tristan

Hello
I'm really sure i can access ldap. WHen i configure my settings i tested ldap from zabbix with the administrator account. When i use my AD password i said:LDAP Login successful
So i'm 100% ldap lookup works

But when i use the same username (administrator) with my AD password to login to zabbix i get a username/password error.

My apache error and access logs don't have any usefull information

thnx anyway

Simple question: did you configure a user "administrator" in the ZABBIX GUI
as a valid user, enabled LDAP-authentication (as default) and set the GUI access of the corresponding user group to "System default" ?

Not all ADS-Users are automatically allowed to use ZABBIX

Just a thought.

Norbert.

**Tristan** · 01-10-2008, 16:30

THNX

it works!!!

i never have checked ldap authentication enabled. I don't know why

I thought it was something else

many thanx!

**vinny** · 01-10-2008, 17:43

Hi all,
about this authentication,
"Bind Password" is "Password for binding to the LDAP server" but what does that mean ?
is it a password of an account ?

Can u post an exemple of working config for an AD ?
My test returns :
LDAP: cannot bind by given DN

thx,
vinny

Ad Widget

LDAP Front-end authentication

LDAP Front-end authentication

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment