Abdul Wahab via FreeIPA-users wrote: > Dear François > > Thanks for your reply. How can I check the certificate?
I don't but if you look in the 389-ds access log you may be able to see a connection failure which would confirm that it is indeed an issue with trust. I suspect that if you add the IPA CA certificate(s) to the system-wide trust on the librenms box that would probably fix it. How to do that depends on the distro. As a source of inspiration look at the way the openstack development environment adds its own CA to the global store. It covers Fedora, SuSE and Ubuntu (and should work on RHEL/CentOS/Debian as well depending on version). https://github.com/openstack-dev/devstack/blob/master/lib/tls#L209 Start with the contents of /etc/ipa/ca.crt from an enrolled host or IPA master. rob > > *Abdul Wahab* > > OSS Engineer > > *[email protected] <mailto:[email protected]>* > > *[email protected] <mailto:[email protected]>* > > M +27842744755 > > Block D, The Main Straight Office Park, 392 Main Road, Bryanston, 2191 > > rain.co.za <https://rain.co.za/> > > > > On Mon, 8 Apr 2019 at 13:58, François Cami <[email protected] > <mailto:[email protected]>> wrote: > > Hi Abdul, > > On Mon, Apr 8, 2019 at 1:38 PM Abdul Wahab via FreeIPA-users > <[email protected] > <mailto:[email protected]>> wrote: > > > > Dear Rob > > > > Trust you are well and thanks for your help. I am able to connect > with LDAP now but I am having below error when I do the > configuration in config.php file. Please alsp help me on this. > Thanks in advance > > > > [2019-04-08 08:52:46] production.ERROR: Fatal error: LDAP TLS > required but not successfully negotiated: Connect error > {"exception":"[object] > (LibreNMS\\Exceptions\\AuthenticationException(code: 0): Fatal > error: LDAP TLS required but not successfully negotiated: Connect > error at /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php:320) > > Quite probably the certificate is not trusted by the LibreNMS stack. > > François > > > [stacktrace] > > #0 /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php(331): > LibreNMS\\Authentication\\LdapAuthorizer->connect() > > #1 /opt/librenms/app/Providers/LegacyUserProvider.php(169): > LibreNMS\\Authentication\\LdapAuthorizer->bind(Array) > > #2 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php(349): > App\\Providers\\LegacyUserProvider->retrieveByCredentials(Array) > > #3 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(81): > Illuminate\\Auth\\SessionGuard->attempt(Array, false) > > #4 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(44): > > App\\Http\\Controllers\\Auth\\LoginController->attemptLogin(Object(Illuminate\\Http\\Request)) > > #5 [internal function]: > > App\\Http\\Controllers\\Auth\\LoginController->login(Object(Illuminate\\Http\\Request)) > > #6 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): > call_user_func_array(Array, Array) > > #7 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): > Illuminate\\Routing\\Controller->callAction('login', Array) > > #8 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Route.php(219): > > Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), > Object(App\\Http\\Controllers\\Auth\\LoginController), 'login') > > #9 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Route.php(176): > Illuminate\\Routing\\Route->runController() > > #10 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(682): > Illuminate\\Routing\\Route->run() > > #11 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): > > Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #12 > /opt/librenms/app/Http/Middleware/RedirectIfAuthenticated.php(24): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #13 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > App\\Http\\Middleware\\RedirectIfAuthenticated->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #14 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #15 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #16 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #17 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #18 /opt/librenms/app/Http/Middleware/LegacySession.php(44): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #19 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > App\\Http\\Middleware\\LegacySession->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #20 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #21 /opt/librenms/app/Http/Middleware/LegacyExternalAuth.php(45): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #22 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > App\\Http\\Middleware\\LegacyExternalAuth->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #23 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #24 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(75): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #25 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #26 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #27 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #28 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #29 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #30 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #31 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #32 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #33 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #34 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #35 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #36 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #37 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #38 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #39 /opt/librenms/app/Http/Middleware/CheckInstalled.php(46): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #40 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > App\\Http\\Middleware\\CheckInstalled->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #41 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #42 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #43 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(684): > Illuminate\\Pipeline\\Pipeline->then(Object(Closure)) > > #44 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(659): > > Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), > Object(Illuminate\\Http\\Request)) > > #45 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625): > Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request), > Object(Illuminate\\Routing\\Route)) > > #46 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(614): > > Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request)) > > #47 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): > Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request)) > > #48 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30): > > Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request)) > > #49 /opt/librenms/vendor/fideloper/proxy/src/TrustProxies.php(57): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #50 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #51 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #52 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #53 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #54 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #55 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #56 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #57 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #58 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #59 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #60 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #61 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(62): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #62 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163): > > Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request), > Object(Closure)) > > #63 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53): > > Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request)) > > #64 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104): > > Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request)) > > #65 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151): > Illuminate\\Pipeline\\Pipeline->then(Object(Closure)) > > #66 > > /opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116): > > Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request)) > > #67 /opt/librenms/html/index.php(53): > > Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request)) > > #68 {main} > > "} > > > > Abdul Wahab > > > > OSS Engineer > > > > [email protected] <mailto:[email protected]> > > > > [email protected] <mailto:[email protected]> > > > > M +27842744755 > > > > Block D, The Main Straight Office Park, 392 Main Road, Bryanston, 2191 > > > > rain.co.za <http://rain.co.za> > > > > > > > > On Thu, 4 Apr 2019 at 19:24, Rob Crittenden <[email protected] > <mailto:[email protected]>> wrote: > >> > >> Florence Blanc-Renaud via FreeIPA-users wrote: > >> > On 4/4/19 2:11 PM, Abdul Wahab via FreeIPA-users wrote: > >> >> Dear Rob > >> >> > >> >> Trust you are well. Thanks for your reply. > >> >> > >> >> As I explained I am trying to configure LibreeNMS via freeIPA and > >> >> having below error. > >> >> > >> >> When I run below command from LibreeNMS. > >> >> > >> >> ldapsearch -h aaa01.rain.network -D > >> >> uid=abdul,cn=sysaccounts,cn=etc,dc=rain,dc=network -x uid=abdul-W > >> >> > >> >> I get below output which does not look correct. > >> >> > >> >> root@abdulwpk:~# ldapsearch -h aaa01.rain.network -D > >> >> uid=abdul,cn=users,cn=accounts,dc=rain,dc=network -x uid=abdul -W > >> > Hi, > >> > > >> > in the above search, there is no search base. By default, > ldapsearch > >> > will take the BASE defined in /etc/openldap/ldap.conf or in the > user's > >> > ldap.conf (please see man ldap.conf(5)). In your case, it looks > like the > >> > null dn is used (base <> in the output). > >> > > >> > You can try to specify a search base with -b. > >> > >> On an IPA-enrolled machine the default base is set in ldap.conf. > >> > >> I think the problem si you are comparing apples and oranges. The DN's > >> you mention do not match. One is in cn=sysaccounts and one is in > cn=users. > >> > >> Does the IPA user abdul exist? ipa user-show abdul. > >> > >> rob > > > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > <mailto:[email protected]> > > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > > > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
