Skip to main content

I'm currently running Centreon version 24.04.2 and trying to set up an LDAPS connection to my Active Directory. However, I am facing issues with the certificate configuration, and I can't find clear guidance in the official documentation.

So far, I've tried placing my certificate in the following directories:

  • /usr/share/ca-certificates
  • /usr/local/share/ca-certificates

After doing so, I updated the certificates using update-ca-certificates, but it didn’t resolve the issue. The connection to the AD via LDAPS still fails.

Could anyone guide me on where exactly I need to place the certificate, or provide details on how to configure Centreon properly for LDAPS?

Thank you in advance for your assistance!
Best regards,

can you do an ldapsearch to your ldaps? then use that to guide yourself for the setup

🤔

https://stackoverflow.com/questions/9468137/why-doesnt-ldapsearch-over-ssl-tls-work#13593766

Can you also enable ldap debug using “Administration > Parameters > Debug” and check in /var/log/centreon/ldap*.log?

​@ponchoh 

With the following configuration in /etc/ldap/ldap.conf:

URI ldaps://my_srv.my_domain:636

TLS_CACERT /tmp/my_cert.pem

TLS_REQCERT demand

 

LDAP search requests work correctly, as shown in the example below:

ldapsearch -ZZ -d 5 -b "OU=UO-Test,DC=my_domain,DC=fr" -s sub -D "CN=my_user,OU=my_user,DC=my_domain,DC=fr" -W -x

 

However, even without the content of the ldap.conf file, I can still synchronize my users. The issue is that when the ldap.conf file is disabled, Centreon uses a different certificate, but I am unsure which one it is and where is it.

​@Laurent I enabled LDAP debugging, and here is the content of /var/log/centreon/ldapsearch.log:

For context, my LDAP server uses TLSv1.3, and I have checked the TLS option in the LDAP configuration under Administration > Settings > LDAP.

Additionally, my user credentials work when connecting to the LDAP server over port 389.

o08/01/2025 17:00] LDAP Connect : trying url : ldap://srv_01:636/ 
r08/01/2025 17:00] LDAP Connect : use tls 
r08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
r08/01/2025 17:00] LDAP Connect : Credentials : CN=user,OU=user,DC=dc,DC=fr =08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
r08/01/2025 17:00] LDAP Connect : Bind : Can't contact LDAP server 
r08/01/2025 17:00] LDAP Connect : connection error 
r08/01/2025 17:00] LDAP Connect : trying url : ldap://srv_02:636/ 
r08/01/2025 17:00] LDAP Connect : use tls 
r08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
r08/01/2025 17:00] LDAP Connect : Credentials : CN=user,OU=user,DC=dc,DC=fr =08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
r08/01/2025 17:00] LDAP Connect : Bind : Can't contact LDAP server 
r08/01/2025 17:00] LDAP Connect : connection error 
r08/01/2025 17:21] LDAP Search : XML Output :

The /var/log/centreon/ldap.log file does not display any errors when I configure the LDAP server and export the Centreon configuration.

In the LDAP servers defined in Administration > Settings > LDAP menu, did you enable TLS option (checkbox)?

​@Laurent Yes the TLS checkbox is enabled

You need to check also SSL option to use ldaps:// instead of ldap://

​@Laurent Both SSL and TLS options are enabled in my configuration. It seems the issue occurs because I haven't added the root certificate to my Centreon machine.

But I'm not sure exactly where I need to place it on my Centreon server.

Reply


Terms & ConditionsCookie settings