Skip to main content
Solved

Configuring LDAPS Connection to Active Directory in Centreon 24.04.2

  • January 7, 2025
  • 9 replies
  • 506 views
S
Forum|alt.badge.img+3

I'm currently running Centreon version 24.04.2 and trying to set up an LDAPS connection to my Active Directory. However, I am facing issues with the certificate configuration, and I can't find clear guidance in the official documentation.

So far, I've tried placing my certificate in the following directories:

  • /usr/share/ca-certificates
  • /usr/local/share/ca-certificates

After doing so, I updated the certificates using update-ca-certificates, but it didn’t resolve the issue. The connection to the AD via LDAPS still fails.

Could anyone guide me on where exactly I need to place the certificate, or provide details on how to configure Centreon properly for LDAPS?

Thank you in advance for your assistance!
Best regards,

Best answer by sysadmin

@Laurent I enabled LDAP debugging, and here is the content of /var/log/centreon/ldapsearch.log:

For context, my LDAP server uses TLSv1.3, and I have checked the TLS option in the LDAP configuration under Administration > Settings > LDAP.

Additionally, my user credentials work when connecting to the LDAP server over port 389.

[08/01/2025 17:00] LDAP Connect : trying url : ldap://srv_01:636/ 
[08/01/2025 17:00] LDAP Connect : use tls 
[08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Credentials : CN=user,OU=user,DC=dc,DC=fr [08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Bind : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : connection error 
[08/01/2025 17:00] LDAP Connect : trying url : ldap://srv_02:636/ 
[08/01/2025 17:00] LDAP Connect : use tls 
[08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Credentials : CN=user,OU=user,DC=dc,DC=fr [08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Bind : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : connection error 
[08/01/2025 17:21] LDAP Search : XML Output :

The /var/log/centreon/ldap.log file does not display any errors when I configure the LDAP server and export the Centreon configuration.

9 replies

ponchoh
Centreonian
Forum|alt.badge.img+14
  • ponchoh
  • Centreonian
  • 531 replies
  • January 7, 2025

can you do an ldapsearch to your ldaps? then use that to guide yourself for the setup

🤔

https://stackoverflow.com/questions/9468137/why-doesnt-ldapsearch-over-ssl-tls-work#13593766

lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Centreonian
  • 1120 replies
  • January 8, 2025

Can you also enable ldap debug using “Administration > Parameters > Debug” and check in /var/log/centreon/ldap*.log?

S
Forum|alt.badge.img+3
  • sysadmin
  • Author
  • Steward *
  • 5 replies
  • January 8, 2025

@ponchoh 

With the following configuration in /etc/ldap/ldap.conf:

URI ldaps://my_srv.my_domain:636

TLS_CACERT /tmp/my_cert.pem

TLS_REQCERT demand

 

LDAP search requests work correctly, as shown in the example below:

ldapsearch -ZZ -d 5 -b "OU=UO-Test,DC=my_domain,DC=fr" -s sub -D "CN=my_user,OU=my_user,DC=my_domain,DC=fr" -W -x

 

However, even without the content of the ldap.conf file, I can still synchronize my users. The issue is that when the ldap.conf file is disabled, Centreon uses a different certificate, but I am unsure which one it is and where is it.

S
Forum|alt.badge.img+3
  • sysadmin
  • Author
  • Steward *
  • 5 replies
  • Answer
  • January 8, 2025

@Laurent I enabled LDAP debugging, and here is the content of /var/log/centreon/ldapsearch.log:

For context, my LDAP server uses TLSv1.3, and I have checked the TLS option in the LDAP configuration under Administration > Settings > LDAP.

Additionally, my user credentials work when connecting to the LDAP server over port 389.

[08/01/2025 17:00] LDAP Connect : trying url : ldap://srv_01:636/ 
[08/01/2025 17:00] LDAP Connect : use tls 
[08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Credentials : CN=user,OU=user,DC=dc,DC=fr [08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Bind : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : connection error 
[08/01/2025 17:00] LDAP Connect : trying url : ldap://srv_02:636/ 
[08/01/2025 17:00] LDAP Connect : use tls 
[08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Credentials : CN=user,OU=user,DC=dc,DC=fr [08/01/2025 17:00] LDAP Error : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : Bind : Can't contact LDAP server 
[08/01/2025 17:00] LDAP Connect : connection error 
[08/01/2025 17:21] LDAP Search : XML Output :

The /var/log/centreon/ldap.log file does not display any errors when I configure the LDAP server and export the Centreon configuration.

lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Centreonian
  • 1120 replies
  • January 9, 2025

In the LDAP servers defined in Administration > Settings > LDAP menu, did you enable TLS option (checkbox)?

S
Forum|alt.badge.img+3
  • sysadmin
  • Author
  • Steward *
  • 5 replies
  • January 9, 2025

@Laurent Yes the TLS checkbox is enabled

lpinsivy
Centreonian
Forum|alt.badge.img+21
  • lpinsivy
  • Centreonian
  • 1120 replies
  • January 9, 2025

You need to check also SSL option to use ldaps:// instead of ldap://

S
Forum|alt.badge.img+3
  • sysadmin
  • Author
  • Steward *
  • 5 replies
  • January 9, 2025

@Laurent Both SSL and TLS options are enabled in my configuration. It seems the issue occurs because I haven't added the root certificate to my Centreon machine.

S
Forum|alt.badge.img+3
  • sysadmin
  • Author
  • Steward *
  • 5 replies
  • January 10, 2025

But I'm not sure exactly where I need to place it on my Centreon server.


Terms & ConditionsCookie settingsAccessibility statement