Dear Community,
I am currently working on setting up LDAP Auth for a new domain and run into some strage behaviour of zabbix.
I'd like to enable the LDAP Auth and have configured my frontend as follows:
------------------------------------------------------------------------------------------------
LDAP Host = ldaps://dnsfordc.mycompany.com
Port = 636
BasDN = DC=mycompany,DC=com
searchAttribute = sAMAccountName
BindDN = CN=myuser,OU=SystemUser,OU=Tier1,OU=ADMIN
case sensitive login = unchecked
Bind Password = pwd
-----------------------------------------------------------------------------------------------
Zabbix Server Version = 4.0.14
OS = CentOS 7
already tried LDAP Host with IP; ldap://IP; and ldap://dnsfordc.mycompany.com - none of them worked
my ldap.conf looks like
-----------------------------------------------------------------------------------------------
BASE dc=mycompany,dc=com
URI ldaps://dnsfordc.mycompany.com
TLS_REQCERT never
TLS_CACERT /etc/openldap/certs/rootcacert.pem
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
----------------------------------------------------------------------------------------------
already tried TLS_REQCERT allow (as it was recommended by the zabbix doc and several forums)
The rootCA cert is provided what seems to be the right format and seems legit on manual recheck
funny enough my ldapsearch request works just fine:
ldapsearch -x -LLL -ZZ -h dnsfordc.mycompany.com -D myuser -w'pwd' -b"CN=myuser,OU=SystemUser,OU=Tier1,OU=ADMIN,DC=myc ompany,DC=com"
Do you guys know any problems and issues that I might have overlooked?
Is there a certain log file where I could turn to?
So far I didn't figure out where to look, or might have overlooked something in the regular log files of zabbix.
I am glad for any help available. In case more info might help, please just let me know.
I am currently working on setting up LDAP Auth for a new domain and run into some strage behaviour of zabbix.
I'd like to enable the LDAP Auth and have configured my frontend as follows:
------------------------------------------------------------------------------------------------
LDAP Host = ldaps://dnsfordc.mycompany.com
Port = 636
BasDN = DC=mycompany,DC=com
searchAttribute = sAMAccountName
BindDN = CN=myuser,OU=SystemUser,OU=Tier1,OU=ADMIN
case sensitive login = unchecked
Bind Password = pwd
-----------------------------------------------------------------------------------------------
Zabbix Server Version = 4.0.14
OS = CentOS 7
already tried LDAP Host with IP; ldap://IP; and ldap://dnsfordc.mycompany.com - none of them worked
my ldap.conf looks like
-----------------------------------------------------------------------------------------------
BASE dc=mycompany,dc=com
URI ldaps://dnsfordc.mycompany.com
TLS_REQCERT never
TLS_CACERT /etc/openldap/certs/rootcacert.pem
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
----------------------------------------------------------------------------------------------
already tried TLS_REQCERT allow (as it was recommended by the zabbix doc and several forums)
The rootCA cert is provided what seems to be the right format and seems legit on manual recheck
funny enough my ldapsearch request works just fine:
ldapsearch -x -LLL -ZZ -h dnsfordc.mycompany.com -D myuser -w'pwd' -b"CN=myuser,OU=SystemUser,OU=Tier1,OU=ADMIN,DC=myc ompany,DC=com"
Do you guys know any problems and issues that I might have overlooked?
Is there a certain log file where I could turn to?
So far I didn't figure out where to look, or might have overlooked something in the regular log files of zabbix.
I am glad for any help available. In case more info might help, please just let me know.
Comment