On 9/23/2013 5:23 PM, Michael Friedrich wrote: > Hi, > > On 23.09.2013 21:40, Brian Meyer wrote: >> Hello All, >> >> I'm becoming a bit more confused with this Icinga install I have. >> I'm on redhat 6.4 running icinga 1.8.4 with icinga-web 1.7.2. I followed >> the wiki precisely for installing installing icinga/icinga-web on >> redhat. > So i guess you're using packages from repoforge, or did you create them > by yourself? I'm using packages from repoforge as mentioned in the install guide on the Icinga WIki https://wiki.icinga.org/display/howtos/Setting+up+Icinga+with+IDOUtils+on+RHEL >> I now notice that I'm on an old release which may be part of the >> problem I'm experiencing. I am trying to setup ldap auth for icinga-web. >> (works fine with classic ui). > How? I'm editing the ldap section of the auth.xml file in /etc/conf.d/icinga-web. I'm using ldaps (hope that works) and I've tried using ldap://ldap.foo.bar <ae:parameter name="ldap_basedn">dc=foo,dc=bar</ae:parameter> <ae:parameter name="ldap_binddn">dc=foo,dc=bar</ae:parameter> (I've tried adding cn="a valid user" and no luck)
> >> I've tried my best to follow the steps >> outlined in the documentation (section 6.6) but I'm still getting errors >> and can't login to icinga-web with ldap credentials. I have two >> directories with icinga-web related stuff in it. /user/share/icinga-web >> and /etc/icinga-web. I try to edit the ldap part of the auth.xml file to >> the best of my knowledge but I still can't login. I've tried editing in >> the /etc/icinga-web/conf.d& >> /usr/share/icinga/web/app/modules/AppKit/Config directories but still no >> luck. > And that looks like? These are the errors I'm seeing in icinga-web log [Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object (name=internal) initialized [Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object (name=auth_key) initialized [Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object (name=http-basic-authentication) initialized [Tue Sep 24 13:43:08 2013] [debug] Auth.Provider.HTTPBasicAuthentification: Got data (auth_name=, auth_type=) [Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object (name=openldap-ldap1) initialized [Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch: Starting authenticate (username=meyerb) [Tue Sep 24 13:43:24 2013] [info] Auth.Dispatch: Converting username to lowercase [Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch: User testuser not found, try to import [Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object (name=internal) initialized [Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object (name=auth_key) initialized [Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object (name=http-basic-authentication) initialized [Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object (name=openldap-ldap1) initialized [Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch/import: openldap-ldap1 will provide the user profile [Tue Sep 24 13:43:24 2013] [debug] Auth.Provider.LDAP Try LDAP connect (dsn=ldap://ldap.foo.bar,bind=true) [Tue Sep 24 13:43:24 2013] [debug] Auth.Provider.LDAP got resource Resource id #267 [Tue Sep 24 13:43:24 2013] [fatal] Uncaught AppKitPHPError: PHP Error ldap_bind(): Unable to bind to server: No such object (/usr/share/icinga-web/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php:235) (/usr/share/icinga-web/app/modules/AppKit/lib/logging/AppKitExceptionHandler.class.php:59) [Tue Sep 24 13:43:24 2013] [error] Auth.Provider.LDAP Bind failed: (dn=dc=foo,dc=bar) [Tue Sep 24 13:43:24 2013] [error] Auth.Dispatch/import: Import failed (provider=openldap-ldap1,msg=Auth.Provider.LDAP: Bind failed) [Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch: User cound not authorized (username=testuser) [Tue Sep 24 13:43:24 2013] [error] Userlogin by testuser failed! > >> The error I am seeing in the icing-web log is: >> >> Uncaught AppKitPHPError: PHP Error ldap_connect(): Could not create >> session handle: Bad parameter to an ldap routine >> (/usr/share/icinga-web/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php:199) >> (/usr/share/icinga-web/app/modules/AppKit/lib/logging/AppKitExceptionHandler.class.php:5 > Would be interesting which php version is involved. Googling the error > leads to various wrong ldap urls used but without knowing your > configuration that's just a blind guess. I'm running php-5.3.3 as well as the other php packages needed,outlined in the wiki howto. > > >> >> Does anyone know whats going on here? > Without any further insight on your configuration - no. > >> I feel completely confused when I >> thought I had a firm grip on Icinga. Why are my icinga-web files allover >> the place? > You should only edit the files in /etc/icinga-web and leave the others > untouched. The config location is also mentioned in > https://wiki.icinga.org/display/howtos/Setting+up+Icinga+Web+on+RHEL#SettingupIcingaWebonRHEL-Packages >> Why does the wiki have you install an old version of icinga-web? > The wiki itsself does not. The repositories involved do, and it's their > reposponsibility to ship updates. And before you ask, icinga's own > package repo will happen, sooner or later. Depends on my spare time. Ok, that's cool.Do you recommend starting from scratch and doing a src install? I just want to be up to date and avoid security concerns/bugs. I read on the monitoring portal that icinga-web up to 1.8.2 had an issue not submitting the base DN properly. > > > Btw - if noone answers on the #icinga irc channel this would likely mean > that noone is available, or, due to different timezones, they > sleep/work/whatever. There's no need to insult the channel community - > please read the irc community guidelines [1] closely for any future visits. > > 20:35:33 -!- eyesinguh [8244047d@gateway/web/freenode/ip.x.x.x.x] has > joined #Icinga > 20:35:52 < eyesinguh> aloh aloh > 20:55:23 < eyesinguh> Anyone using ldap auth with icinga-web 1.7.2? > 20:55:58 < eyesinguh> I'm on redhat 6 > 21:28:46 < eyesinguh> I followed the wiki prescisely for a icinga-web > install on redhat > 21:28:56 < eyesinguh> But I'm on version 1.7.2 > 21:29:11 < eyesinguh> and don't know how to upgrade to 1.9 > 21:41:23 < eyesinguh> damn this channel sucks > 21:41:31 -!- eyesinguh [8244047d@gateway/web/freenode/ip.x.x.x.x] has > quit [Quit: Page closed] Very sorry about my rudeness, won't happen again. I'm a new nagios admin and I'm trying to make the switch to Icinga.. just been running into roadblocks and yesterday was a huge headache. VERY SORRY! Thank You for your help, it is truly appreciated ! > > regards, > Michael > > > [1] https://wiki.icinga.org/display/community/IRC+Community+Guidelines > ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ icinga-users mailing list icinga-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/icinga-users
