Ad Widget

**Aly** · 29-10-2008, 10:55

Originally posted by alfiere

Hi all,
The error I have back is:
ERROR: LDAP Login was not successful

Screenshot?!

**alfiere** · 29-10-2008, 15:55

Attached u can find the screenshot requested.

Cheers,
Alfredo

Attached Files

**alfiere** · 31-10-2008, 14:02

Any tips?

Cheers,
Alf

**Aly** · 05-11-2008, 14:29

Open error details. You have incorrect url to ldap!

**cbidwell** · 06-11-2008, 01:25

Hi! I have a similar situation, however, for me, our ldap servers require ldaps to authenticate which means we need to use a certificate file.

Is there a way to implement secure ldap authentication?

**alfiere** · 06-11-2008, 09:44

"Open error details. You have incorrect url to ldap!:

I don't understand your suggestion.
ldap url is ok, I tried with just the IP too. Without success of course...

"Open error detail" what do u mean? Is it a file?
As I told zabbix_server.log (DEBUG 4) doesn't show a single line.

Thanks a lot
Cheers,
Alf

**Aly** · 06-11-2008, 11:03

See the screen shot.

Attached Files

**KitWalker** · 06-11-2008, 18:58

Ldaps

Originally posted by cbidwell

Hi! I have a similar situation, however, for me, our ldap servers require ldaps to authenticate which means we need to use a certificate file.

Is there a way to implement secure ldap authentication?

Yes, there is. You'll have to compile openldap with opensll, though.

Considering you already have LDAP working correctly in Zabbix, here are simple steps to have LDAPS working (I'm assuming you're using Active Directory):

Extract your Root CA certificate from Active Directory. You can do this in Internet Explorer. Go to Tools > Internet Options > Content > Certificates > Trusted Root Certification Authorities. Find your company's Root certificate. Export it as Base-64 encoded X.509. Select a filename (I for instance use company.pem).

Upload the certificate to your Linux server. Place the extracted CAcert into the certs folder for openssl. I think the correct folder is /usr/local/ssl/certs or /usr/share/ssl/certs/. I'm using RHEL4, so, you may have to find this place for your distro.

Now, setup the hashed symlinks with the command:
/usr/bin/c_rehash

Add the following lines to your ldap.conf file:

Code:

ssl yes
pam_password md5
	
TLS_REQCERT never

TLS_CACERT /usr/ssl/certs/[I]company[/I].pem
TLS_CACERTDIR /usr/ssl/certs

I think that's pretty much it.

**cbidwell** · 06-11-2008, 19:21

Thank you so much. I'm a major greenhorn when it comes to doing anything with LDAP.

Does this look accurate to you? Assuming that the cert and all the backend configuration is correct, is this the proper settings in the GUI?

Attached Files

**KitWalker** · 06-11-2008, 19:43

The LDAP host and port are correct!

**cbidwell** · 06-11-2008, 20:21

Okay great. Thanks. Another dumb question: Does apache have to be compiled with ldap as well or just php and zabbix? I keep getting 500 Server Errors when trying to test and I'm trying to determine what's causing it.

**alfiere** · 10-11-2008, 18:00

Ok, after a quite long troubleshooting I'm able now to login through my openLDAP server.

Anyway, If I well understood, every single user must exist in Zabbix as well.
I use my LDAP server to match the user and to retrieve the relative password.

Is it right?

If I say it right, can u suggest me a simple way to import a list of 50 users?
It's very bored to use the frontend for a such number of users.

Thanks,
cheers,
Alfredo

**alfiere** · 14-11-2008, 11:41

Up!

Alf

**Aly** · 14-11-2008, 12:15

Direct insert to DB

Ad Widget

Ldap problem

Ldap problem

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment