+3Hi guys,
Since a couple of days, ldap access doesn’t work anymore.
login.log reports “Authentication failed for 'xxx' : invalid credentials”
ldap.log reports “LDAP AUTH - Error : No DN for xxx”
ldap user import still is working properly
Any help would be appreciated.
Thanks
J.
Best answer by lpinsivy
Are you sure that the “Login attribute” in the LDAP server definition is correct?
+21Hi
Can you check in in database, information are ok using following SQL request:
SELECT contact_id, contact_alias, contact_auth_type, ar_id, contact_ldap_dn FROM contact;
ar_id is the ID of the LDAP server (from auth_ressource_host table) where Centreon use to find the user during the first import. ID can change if Centreon don’t find anymore this user on the LDAP server and find it on another one.
+3Salut Laurent :D
Thanks for your help.
contacts seems right in contact tables, here is an example :
| 32 | xxx | ldap | 1 | CN=xxx xxx,OU=DSI,OU=Users,OU=xxxx,OU=xxx,OU=xxx,DC=xxxx,DC=lxxx |
select * from auth_ressource_host;
+--------------+-------------------+--------------+-----------+---------+---------+------------+
| ldap_host_id | auth_ressource_id | host_address | host_port | use_ssl | use_tls | host_order |
+--------------+-------------------+--------------+-----------+---------+---------+------------+
| 5 | 1 | | 0 | 0 | 0 | 1 |
+--------------+-------------------+--------------+-----------+---------+---------+-----------∓
Cordialement,
J.
+21Looks good for your contact.
Did you change value for second request or host_address and host_port are incorrect?
+3Nope, the result of the second request has not been changed.
Same values on tables of centreon databases.
+21Hi
Regards,
+3Hi there,
Thx for that lead.
I was using the “Use service DNS” option.
I disabled the option in order to add the ldap servers.
select * from auth_ressource_host;
+--------------+-------------------+--------------+-----------+---------+---------+------------+
| ldap_host_id | auth_ressource_id | host_address | host_port | use_ssl | use_tls | host_order |
+--------------+-------------------+--------------+-----------+---------+---------+------------+
| 6 | 1 | 172.24.xx.xx | 389 | 0 | 0 | 1 |
| 7 | 1 | 172.24.xx.xx | 389 | 0 | 0 | 2 |
+--------------+-------------------+--------------+-----------+---------+---------+-----------∓
ar_id is still 1 for ldap users
But I stil got that “No DN” error
The strange thing is that I still can do ldap import of user, meaning that centreon is able to communicate with ldap hosts, right ?
Regards,
J.
+21Are you sure that the “Login attribute” in the LDAP server definition is correct?
+3Login attribure is samaccountname and matching with ad login.
While writing this lines and checking ldap paramters, you helped me find my problem…
In fact, I changed the user filter parameter, thinking that it only afftects the “ldap import filter” (Changed from samaccountname to CN for helping me import users as uid is different of the name).
Bringing back user filter to “(&(samaccountname=%s)(objectClass=user)(samAccountType=xxx)) solved my problem.
Many thanks for the time you spent to help me with this,
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.