Ad Widget

Collapse

LDAP authentication: LDAP: cannot bind by given DN

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ReefShark
    Member
    • Dec 2005
    • 43
    #1

    LDAP authentication: LDAP: cannot bind by given DN

    I'm trying to get Zabbix to authenticate against our OpenLDAP server, but failing miserably...

    Here are my settings...

    Default authentication: LDAP
    LDAP Host: ldap://ip-of-server
    Port: 389
    Base DN: ou=people,dc=ourcompany,dc=com
    Search attribute: uid
    Bind DN*: cn=admin,ou=people
    Bind Password*: LDAP admin password
    Login: (defaults to 'admin')
    User Password: password of LDAP admin account

    The error I get:
    Code:
        * ldap_bind() [<a href='function.ldap-bind'>function.ldap-bind</a>]: Unable to bind to server: Invalid credentials[/usr/share/zabbix/include/classes/cldap.inc.php:116]
    * LDAP: cannot bind by given DN
    I've tried a few variation, but with no success. OpenLDAP does work and with very simular credentials as those stated above I got our SugarCRM install to authenticate against OpenLDAP with little effort, so I'm guessing my settings are off.

    Anyone able to help me find the proper settings?
    Tags: authentication, ldap, openldap
    • nelsonab
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Sep 2006
      • 1233
      #2
      I think you have a name space collision between your BindDN and your BaseDN.

      Try removing ou=people from your BindDN first, then alternately leave it in the BindDN and remove it from your BaseDN. Hopefully the roads will be passable and I can post back with how we have our working LDAP settings at the office.
      RHCE, author of zbxapi
      Ansible, the missing piece (Zabconf 2017): https://www.youtube.com/watch?v=R5T9NidjjDE
      Zabbix and SNMP on Linux (Zabconf 2015): https://www.youtube.com/watch?v=98PEHpLFVHM

        Comment

        • arli
          Member
          • Jan 2008
          • 71
          #3
          You can use LDAP Host without ldap:// prefix.
          Have you tried to use Bind DN attribute like [email protected]?

          Can you connect to your ldap server with some other tool? For example:
          ldapsearch -h <ldapserver> -p 389 -b "<ou=people,dc=yourcompany,dc=com>" -D "<someuser>@<yourdomain.com>" -w <someuser password> "uid=<someotheruser>"

            Comment

            • nelsonab
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Sep 2006
              • 1233
              #4
              Here's what we're doing:

              ldap host: ldaps://ldap.site.dom
              port: 389
              base DN: ou=Users,dc=site,dc=dom
              Search Attribute: uid

              Bind DN and Password are empty
              RHCE, author of zbxapi
              Ansible, the missing piece (Zabconf 2017): https://www.youtube.com/watch?v=R5T9NidjjDE
              Zabbix and SNMP on Linux (Zabconf 2015): https://www.youtube.com/watch?v=98PEHpLFVHM

                Comment

                • ReefShark
                  Member
                  • Dec 2005
                  • 43
                  #5
                  Solved

                  I tinkered a bit, BindDN isn't needed and I realised "admin" was not a user in our LDAP associated with a uid=

                  So when I changed the Zabbix admin user name to my own LDAP login, authentication test was succesfull and LDAP login works fine now.

                  Thanks everyone for the help!

                    Comment

                    Previous template Next
                    Working...