{"id":741,"date":"2017-01-04T16:19:00","date_gmt":"2017-01-04T16:19:00","guid":{"rendered":"https:\/\/www.geekmungus.co.uk\/?p=741"},"modified":"2022-11-05T10:53:18","modified_gmt":"2022-11-05T10:53:18","slug":"nagiosxi-check_ldap-error-could-not-bind-to-the-ldap-server","status":"publish","type":"post","link":"https:\/\/geekmungus.co.uk\/?p=741","title":{"rendered":"NagiosXI check_ldap Error – Could not bind to the LDAP server"},"content":{"rendered":"\n

When attempting to use the check_ldap plugin, I found that unsecured LDAP lookups on port 389\/TCP worked fine, but attempting a secure lookup on 636 or using TLS failed.<\/p>\n\n\n\n

Attempting a check_ldap check normally worked fine (i.e. to port 389), but attempting an LDAPS or LDAP TLS check failed with the following error:<\/p>\n\n\n\n

# \/usr\/local\/nagios\/libexec\/check_ldaps -H <HOSTNAME> -p 636 -S -a \"(objectclass=organizationalUnit)\" -b \"dc=domain,dc=co,dc=uk\" -3 -v\n\nldap_bind: Can't contact LDAP server (-1)\n\n        additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.\n\nCould not bind to the LDAP server<\/code><\/pre>\n\n\n\n
The check_ldap plugin makes use of OpenLDAP, the OpenLDAP package is installed as part of the NagiosXI installation because the plugins have dependencies on it but it is left in a non-configured state.<\/p>\n\n\n\n
To resolve the problem on each node (wtgc-nagios-01 and wtgc-nagios-02) the following is required, firstly edit the file: \/etc\/openldap\/ldap.conf<\/strong> and at the bottom of the file add the following line:<\/p>\n\n\n\n
TLS_REQCERT allow<\/code><\/pre>\n\n\n\n
Then performing the check again gives the expected response:<\/p>\n\n\n\n
# \/usr\/local\/nagios\/libexec\/check_ldaps -H <HOSTNAME> -p 636 -S -a \"(objectclass=organizationalUnit)\" -b \"dc=domain,dc=co,dc=uk\" -3 -v\n\nLDAP OK - 0.050 seconds response time|time=0.049688s;;;0.000000<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
When attempting to use the check_ldap plugin, I found that unsecured LDAP lookups on port 389\/TCP worked fine, but attempting a secure lookup on 636 or using TLS failed. Attempting a check_ldap check normally worked fine (i.e. to port 389), but attempting an LDAPS or LDAP TLS check failed with the following error: The check_ldap … Read more<\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,16],"tags":[],"class_list":["post-741","post","type-post","status-publish","format-standard","hentry","category-linux","category-nagios-and-nagiosxi"],"_links":{"self":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=741"}],"version-history":[{"count":1,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/741\/revisions"}],"predecessor-version":[{"id":1395,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/741\/revisions\/1395"}],"wp:attachment":[{"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/geekmungus.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}