Skip to main content

Connectivity to ldap works when tested with centreon plugin, but not for ldap import

 

./centreon_protocol_ldap.pl --plugin=apps::protocols::ldap::plugin --mode=login --hostname=10.1.6.24 --ldap-connect-options='scheme=ldaps' --username='cn=ldapbind,ou=users,dc=xxx=local' --password='xxxxxxx'
OK: Response time 0.072 second(s) | 'time'=0.072s;;;;
>08/08/2022 11:16] LDAP Connect : trying url : ldaps://10.1.6.24:636/
>08/08/2022 11:16] LDAP Connect : Credentials : cn=ldapbind,ou=users,dc=xxx=local
>08/08/2022 11:16] LDAP Error : Can't contact LDAP server
>08/08/2022 11:16] LDAP Connect : Bind : Can't contact LDAP server
>08/08/2022 11:16] LDAP Connect : connection error

 

 

Hi !

There is probably a mistake in search user base dn or user filter parameters

search user filter must contain a single %s

 

You could try search with base dn using following command :

ldapsearch -D "cn=ldapbind,ou=users,dc=xxx=local" -w <password> -p 636 -h 10.1.6.24 -b "<search_base_dn>" -s sub "<user_filter>"

(replace %s by * in user filter)

Le probleme ne vient pas de la

ldapsearch -D "cn=ldapbind,ou=users,ou=xxx,dc=xxx,dc=xxx,dc=local" -w 'xxxx' -p 636 -h ldaps://10.1.6.24 -b ou=xxx,dc=xxx,dc=xxx,dc=local -s sub "(&(uid=*)(objectClass=inetOrgPerson))"
# extended LDIF
#
# LDAPv3
# base <ou=xxx,dc=xxx,dc=xxx,dc=local> with scope subtree
# filter: (&(uid=*)(objectClass=inetOrgPerson))
# requesting: ALL
#

# AAAA, users, xxx, xxxx.xxx.local
dn: uid=AAAA,ou=users,ou=xxx,dc=xxx,dc=xxx,dc=local
objectClass: inetOrgPerson
objectClass: top
cn: AAAA
sn: AAAA
uid: AAAA

# BBBB, xxx, xxxx.xxx.local
dn: uid=Controller1,ou=users,ou=xxx,dc=xxx,dc=xxx,dc=local
objectClass: inetOrgPerson
objectClass: top
cn: BBBB
sn: An
description: Example to be removed
givenName: John
uid: Controller1
…..etc

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

did you put (&(uid=%s)(objectClass=inetOrgPerson)) as user filter in ldap form ?

Yep

il n’aime pas le ldaps

you can enable debug in Administration > Parameters > Debug

Then, you should have some logs in /var/log/centreon/

[08/08/2022 11:16] LDAP Connect : trying url : ldaps://10.1.6.24:636/
[08/08/2022 11:16] LDAP Connect : Credentials : cn=ldapbind,ou=users,dc=xxx=local
[08/08/2022 11:16] LDAP Error : Can't contact LDAP server
[08/08/2022 11:16] LDAP Connect : Bind : Can't contact LDAP server
[08/08/2022 11:16] LDAP Connect : connection error

@coco163 can you try to add this in /etc/openldap/ldap.conf :

TLS_REQCERT never

 

Same problem

@coco163 you don’t have error with remote LDAP certificate? can you try to install it on Centreon server?

@Laurent , openldap is installed on the same server than centreon.

Also, i can query the openldap using centreon plugin without any problem.

All details here: Openldap with SSL/TLS error · Issue #12057 · centreon/centreon (github.com)

Hi @coco163 I follow this documentation and adapt EL commands and path for Debian to install and Configure OpenLDAP with TLS and self-signed certificates: https://www.golinuxcloud.com/configure-openldap-with-tls-certificates/

The “LDAP Import” with debug give me correct results:

# TLS
S07/11/2022 15:47] LDAP Connect : trying url : ldap://ldap.mydomain.local:389/
/07/11/2022 15:47] LDAP Connect : use tls
s07/11/2022 15:47] LDAP Connect : Credentials : cn=admin,dc=mydomain,dc=local
l07/11/2022 15:47] LDAP Search : Base DN : ou=People,dc=mydomain,dc=local
l07/11/2022 15:47] LDAP Search : Filter : (&(uid=*)(objectClass=*))
)07/11/2022 15:47] LDAP Search : Size Limit : 60
007/11/2022 15:47] LDAP Search : Timeout : 60
007/11/2022 15:47] LDAP Search : 1 entries found
d07/11/2022 15:47] LDAP Search : 1
107/11/2022 15:53] LDAP Search : XML Output :

# SSL
L07/11/2022 15:48] LDAP Connect : trying url : ldaps://ldap.mydomain.local:636/
/07/11/2022 15:48] LDAP Connect : Credentials : cn=admin,dc=mydomain,dc=local
l07/11/2022 15:48] LDAP Search : Base DN : ou=People,dc=mydomain,dc=local
l07/11/2022 15:48] LDAP Search : Filter : (&(uid=*)(objectClass=*))
)07/11/2022 15:48] LDAP Search : Size Limit : 60
007/11/2022 15:48] LDAP Search : Timeout : 60
007/11/2022 15:48] LDAP Search : 1 entries found
d07/11/2022 15:48] LDAP Search : 1
107/11/2022 15:14] LDAP Search : XML Output :

 

I have the same configuration except that my certificates a in different location:

olcTLSCertificateFile: /etc/ssl/certs/server.crt

olcTLSCertificateKeyFile: /etc/ssl/private/server.key

olcTLSCACertificateFile: /usr/local/share/ca-certificates/ca.crt

 

But problem main the same.

The debug mode of ldapsearch is not really debug, it just show error and info.

Where can i increase the verbosity?

@coco163 can you try:

--- /usr/share/centreon/www/class/centreonLDAP.class.php.origin	2022-11-08 14:10:17.222727270 +0000
+++ /usr/share/centreon/www/class/centreonLDAP.class.php	2022-11-08 14:29:34.063706359 +0000
@@ -195,7 +195,8 @@
             } else {
                 $url = 'ldap://' . $ldapp'host'] . $port . '/';
             }
             $this->debug('LDAP Connect : trying url : ' . $url);
 	         $this->debug('LDAP Connect : trying url : ' . $url);
+	         ldap_set_option(NULL, LDAP_OPT_DEBUG_LEVEL, 7);
             $this->setErrorHandler();
             $this->ds = ldap_connect($url);
             ldap_set_option($this->ds, LDAP_OPT_REFERRALS, 0);
@@ -808,7 +809,9 @@
         }

         // throwing all errors
-        $this->debug("LDAP Error : " . ldap_error($this->ds));
+	$this->debug("LDAP Error : " . ldap_error($this->ds));
+	$this->debug("LDAP Error str: " . $errstr);
+	$this->debug("LDAP Error number: " . $errno);
         return false;
     }

 

Thanks:

[09/11/2022 10:41] LDAP Connect : trying url : ldap://XXXXX:389/
[09/11/2022 10:41] LDAP Connect : use tls
[09/11/2022 10:41] LDAP Error : Connect error
[09/11/2022 10:41] LDAP Error str: ldap_start_tls(): Unable to start TLS: Connect error
[09/11/2022 10:41] LDAP Error number: 2
[09/11/2022 10:41] LDAP Connect : Credentials : cn=ldapbind,ou=users,ou=xx,dc=xxx,dc=xxx,dc=xxx
[09/11/2022 10:41] LDAP Error : Can't contact LDAP server
[09/11/2022 10:41] LDAP Error str: ldap_bind(): Unable to bind to server: Can't contact LDAP server
[09/11/2022 10:41] LDAP Error number: 2
[09/11/2022 10:41] LDAP Connect : Bind : Can't contact LDAP server
[09/11/2022 10:41] LDAP Connect : connection error
[09/11/2022 10:04] LDAP Search : XML Output :


 

@coco163 it look like CA issue

It works from Centreon 21.04 using the same CA

I tried multiple times and the problem persist.

Have you tried with an offline installation with only centreon, debian, sury-php and mariadb repositories?

During the installation, something is failing with pear.php.net

Setting up centreon-web (22.04.7-bullseye) ...
Updating channel "pear.php.net"
Channel "pear.php.net" is not responding over http://, failed with message: Connection to `pear.php.net:80' failed: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution
Trying channel "pear.php.net" over https:// instead
Cannot retrieve channel.xml for channel "pear.php.net" (Connection to `ssl://pear.php.net:443' failed: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolution)
Setting up centreon-license-manager (22.04.0-bullseye) ...
Setting up centreon-widget-grid-map (22.04.0-bullseye) ...
Setting up centreon-plugin-applications-monitoring-centreon-database (20220810-062138-bullseye) ...
Setting up centreon-widget-global-health (22.04.0-bullseye) ...
Setting up centreon-widget-single-metric (22.04.0-bullseye) ...
Setting up centreon-plugin-applications-jvm-actuator (20220810-062138-bullseye) ...
Setting up centreon-plugin-hardware-printers-generic-snmp (20220810-062138-bullseye) ...
Setting up centreon-web-apache (22.04.7-bullseye) ...
ERROR: Conf centreon does not exist!

 

Hi @coco163  I think never because we need some Pear dependencies

Could i have the list so i can try to install them manually please

Of course, list is available here : https://github.com/centreon/centreon-gha/blob/develop/centreon/varinstall/pear.lst

Ah! i doubt my issue is coming from here then

I suppose no because php-ldap is a dependency and pear only manage DB and Date

@coco163 it’s not possible to enable logs in openldap to understand why connection can’t be done? using TLS?

Connection from Apache Studio

2022-11-16T09:44:09.523835+00:00 SERVER-01 slapd[757]: conn=1112 fd=22 ACCEPT from IP=10.1.6.254:52498 (IP=0.0.0.0:389)
2022-11-16T09:44:09.525517+00:00 SERVER-01 slapd[757]: conn=1112 op=0 EXT oid=1.3.6.1.4.1.1466.20037
2022-11-16T09:44:09.525704+00:00 SERVER-01 slapd[757]: conn=1112 op=0 STARTTLS
2022-11-16T09:44:09.525875+00:00 SERVER-01 slapd[757]: conn=1112 op=0 RESULT oid= err=0 text=
2022-11-16T09:44:09.664796+00:00 SERVER-01 slapd[757]: conn=1112 fd=22 TLS established tls_ssf=256 ssf=256
2022-11-16T09:44:09.706564+00:00 SERVER-01 slapd[757]: conn=1112 op=1 BIND dn="cn=ldapbind,ou=users,ou=xxx,dc=xxxx,dc=xxxx,dc=xxxx" method=128
2022-11-16T09:44:09.706773+00:00 SERVER-01 slapd[757]: conn=1112 op=1 BIND dn="cn=ldapbind,ou=users,ou=xxx,dc=xxxx,dc=xxxx,dc=xxxx" mech=SIMPLE ssf=0
2022-11-16T09:44:09.706871+00:00 SERVER-01 slapd[757]: ppolicy_bind: Setting warning for password expiry for cn=ldapbind,ou=users,ou=xxx,dc=xxxx,dc=xxxx,dc=xxxx = 0 seconds
2022-11-16T09:44:09.706967+00:00 SERVER-01 slapd[757]: conn=1112 op=1 RESULT tag=97 err=0 text=
2022-11-16T09:44:09.708695+00:00 SERVER-01 slapd[757]: conn=1112 op=2 SRCH base="" scope=0 deref=3 filter="(objectClass=*)"
2022-11-16T09:44:09.709066+00:00 SERVER-01 slapd[757]: conn=1112 op=2 SRCH attr=subschemaSubentry
2022-11-16T09:44:09.709302+00:00 SERVER-01 slapd[757]: conn=1112 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text=
2022-11-16T09:44:09.710888+00:00 SERVER-01 slapd[757]: conn=1112 op=3 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=subschema)"
2022-11-16T09:44:09.711167+00:00 SERVER-01 slapd[757]: conn=1112 op=3 SRCH attr=createTimestamp modifyTimestamp
2022-11-16T09:44:09.712904+00:00 SERVER-01 slapd[757]: conn=1112 op=3 SEARCH RESULT tag=101 err=0 nentries=1 text=
2022-11-16T09:44:09.715384+00:00 SERVER-01 slapd[757]: conn=1112 op=4 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
2022-11-16T09:44:09.715770+00:00 SERVER-01 slapd[757]: conn=1112 op=4 SRCH attr=namingContexts subschemaSubentry supportedLDAPVersion supportedSASLMechanisms supportedExtension supportedControl supportedFeatures vendorName vendorVersion + objectClass
2022-11-16T09:44:09.716064+00:00 SERVER-01 slapd[757]: conn=1112 op=4 SEARCH RESULT tag=101 err=0 nentries=1 text=
2022-11-16T09:44:09.719933+00:00 SERVER-01 slapd[757]: conn=1112 op=5 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
2022-11-16T09:44:09.720290+00:00 SERVER-01 slapd[757]: conn=1112 op=5 SRCH attr=*
2022-11-16T09:44:09.720641+00:00 SERVER-01 slapd[757]: conn=1112 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text=
2022-11-16T09:44:09.723375+00:00 SERVER-01 slapd[757]: conn=1112 op=6 SRCH base="ou=xxx,dc=xxxx,dc=xxxx,dc=xxxx" scope=0 deref=3 filter="(objectClass=*)"
2022-11-16T09:44:09.723726+00:00 SERVER-01 slapd[757]: conn=1112 op=6 SRCH attr=hasSubordinates objectClass
2022-11-16T09:44:09.724010+00:00 SERVER-01 slapd[757]: conn=1112 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text=
2022-11-16T09:44:09.727841+00:00 SERVER-01 slapd[757]: conn=1112 op=7 SRCH base="cn=Subschema" scope=0 deref=3 filter="(objectClass=*)"
2022-11-16T09:44:09.728255+00:00 SERVER-01 slapd[757]: conn=1112 op=7 SRCH attr=hasSubordinates objectClass
2022-11-16T09:44:09.728530+00:00 SERVER-01 slapd[757]: conn=1112 op=7 SEARCH RESULT tag=101 err=0 nentries=1 text=
2022-11-16T09:44:09.730100+00:00 SERVER-01 slapd[757]: conn=1112 op=8 SRCH base="cn=config" scope=0 deref=3 filter="(objectClass=*)"
2022-11-16T09:44:09.730422+00:00 SERVER-01 slapd[757]: conn=1112 op=8 SRCH attr=hasSubordinates objectClass
2022-11-16T09:44:09.730631+00:00 SERVER-01 slapd[757]: conn=1112 op=8 SEARCH RESULT tag=101 err=32 nentries=0 text=

Connection from Centreon

2022-11-16T09:49:30.753212+00:00 SERVER-01 slapd[757]: conn=1123 fd=23 ACCEPT from IP=10.1.6.24:50796 (IP=0.0.0.0:389)
2022-11-16T09:49:30.753489+00:00 SERVER-01 slapd[757]: conn=1123 op=0 EXT oid=1.3.6.1.4.1.1466.20037
2022-11-16T09:49:30.753536+00:00 SERVER-01 slapd[757]: conn=1123 op=0 STARTTLS
2022-11-16T09:49:30.753573+00:00 SERVER-01 slapd[757]: conn=1123 op=0 RESULT oid= err=0 text=
2022-11-16T09:49:30.775043+00:00 SERVER-01 slapd[757]: conn=1123 fd=23 TLS established tls_ssf=256 ssf=256
2022-11-16T09:49:30.775956+00:00 SERVER-01 slapd[757]: conn=1123 fd=23 closed (connection lost)

 

Reply


Terms & ConditionsCookie settings