Solved

ldap Authentication failed

  • 1 September 2023
  • 8 replies
  • 493 views

Badge +3

Hi guys,

 

Since a couple of days, ldap access doesn’t work anymore.

 

login.log reports “Authentication failed for 'xxx' : invalid credentials”

ldap.log reports “LDAP AUTH - Error : No DN for xxx”

 

ldap user import still is working properly 

 

Any help would be appreciated.

 

Thanks

 

J.

icon

Best answer by Laurent 7 September 2023, 14:23

View original

8 replies

Userlevel 6
Badge +19

Hi @Jul3s ,

Can you check in in database, information are ok using following SQL request:

SELECT contact_id, contact_alias, contact_auth_type, ar_id, contact_ldap_dn FROM contact;

 

ar_id is the ID of the LDAP server (from auth_ressource_host table) where Centreon use to find the user during the first import. ID can change if Centreon don’t find anymore this user on the LDAP server and find it on another one.

Badge +3

Salut Laurent :D

 

Thanks for your help.

 

contacts seems right in contact tables, here is an example :

|         32 | xxx                  | ldap              |     1 | CN=xxx xxx,OU=DSI,OU=Users,OU=xxxx,OU=xxx,OU=xxx,DC=xxxx,DC=lxxx                |

 

 

select * from auth_ressource_host;

+--------------+-------------------+--------------+-----------+---------+---------+------------+

| ldap_host_id | auth_ressource_id | host_address | host_port | use_ssl | use_tls | host_order |

+--------------+-------------------+--------------+-----------+---------+---------+------------+

|            5 |                 1 |              |         0 |       0 |       0 |          1 |

+--------------+-------------------+--------------+-----------+---------+---------+-----------∓

 

 

Cordialement,

 

J.

Userlevel 6
Badge +19

Looks good for your contact.

 

Did you change value for second request or host_address and host_port are incorrect?

Badge +3

Nope, the result of the second request has not been changed.

Same values on tables of centreon databases.

Userlevel 6
Badge +19

Hi @Jul3s , so you need to correct IP and port address of your LDAP server from “Administration  >  Parameters  >  LDAP” menu.

Regards,

Badge +3

Hi there,

Thx for that lead.

I was using the “Use service DNS” option.

I disabled the option in order to add the ldap servers.

select * from auth_ressource_host;
+--------------+-------------------+--------------+-----------+---------+---------+------------+
| ldap_host_id | auth_ressource_id | host_address | host_port | use_ssl | use_tls | host_order |
+--------------+-------------------+--------------+-----------+---------+---------+------------+
|            6 |                 1 | 172.24.xx.xx |       389 |       0 |       0 |          1 |
|            7 |                 1 | 172.24.xx.xx |       389 |       0 |       0 |          2 |
+--------------+-------------------+--------------+-----------+---------+---------+-----------∓

 

ar_id is still 1 for ldap users

 

But I stil got that “No DN” error 

 

The strange thing is that I still can do ldap import of user, meaning that centreon is able to communicate with ldap hosts, right ?

 

Regards,

J.

Userlevel 6
Badge +19

Are you sure that the “Login attribute” in the LDAP server definition is correct?

 

Badge +3

Login attribure is samaccountname and matching with ad login.

While writing this lines and checking ldap paramters, you helped me find my problem…

In fact, I changed the user filter parameter, thinking that it only afftects the “ldap import filter” (Changed from samaccountname to CN for helping me import users as uid is different of the name).

Bringing back user filter to “(&(samaccountname=%s)(objectClass=user)(samAccountType=xxx)) solved my problem.

 

Many thanks for the time you spent to help me with this, 

 

Reply