On 9/23/2013 5:23 PM, Michael Friedrich wrote:
> Hi,
>
> On 23.09.2013 21:40, Brian Meyer wrote:
>> Hello All,
>>
>>      I'm becoming a bit more confused with this Icinga install I have.
>> I'm on redhat 6.4 running icinga 1.8.4 with icinga-web 1.7.2. I followed
>> the wiki precisely for installing installing icinga/icinga-web on
>> redhat.
> So i guess you're using packages from repoforge, or did you create them
> by yourself?
I'm using packages from repoforge as mentioned in the install guide on
the Icinga WIki
https://wiki.icinga.org/display/howtos/Setting+up+Icinga+with+IDOUtils+on+RHEL
>> I now notice that I'm on an old release which may be part of the
>> problem I'm experiencing. I am trying to setup ldap auth for icinga-web.
>> (works fine with classic ui).
> How?
  I'm editing the ldap section of the auth.xml file in
/etc/conf.d/icinga-web. I'm using ldaps (hope that works) and I've tried
using  ldap://ldap.foo.bar
<ae:parameter name="ldap_basedn">dc=foo,dc=bar</ae:parameter>
<ae:parameter name="ldap_binddn">dc=foo,dc=bar</ae:parameter> (I've
tried adding cn="a valid user" and no luck)


>
>> I've tried my best to follow the steps
>> outlined in the documentation (section 6.6) but I'm still getting errors
>> and can't login to icinga-web with ldap credentials. I have two
>> directories with icinga-web related stuff in it. /user/share/icinga-web
>> and /etc/icinga-web. I try to edit the ldap part of the auth.xml file to
>> the best of my knowledge but I still can't login. I've tried editing in
>> the /etc/icinga-web/conf.d&
>> /usr/share/icinga/web/app/modules/AppKit/Config directories but still no
>> luck.
> And that looks like?

These are the errors I'm seeing in icinga-web log

[Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object (name=internal)
initialized
[Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object (name=auth_key)
initialized
[Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object
(name=http-basic-authentication) initialized
[Tue Sep 24 13:43:08 2013] [debug]
Auth.Provider.HTTPBasicAuthentification: Got data (auth_name=, auth_type=)
[Tue Sep 24 13:43:08 2013] [debug] Auth.Provider: Object
(name=openldap-ldap1) initialized
[Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch: Starting authenticate
(username=meyerb)
[Tue Sep 24 13:43:24 2013] [info] Auth.Dispatch: Converting username to
lowercase
[Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch: User testuser not
found, try to import
[Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object (name=internal)
initialized
[Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object (name=auth_key)
initialized
[Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object
(name=http-basic-authentication) initialized
[Tue Sep 24 13:43:24 2013] [debug] Auth.Provider: Object
(name=openldap-ldap1) initialized
[Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch/import: openldap-ldap1
will provide the user profile
[Tue Sep 24 13:43:24 2013] [debug] Auth.Provider.LDAP Try LDAP connect
(dsn=ldap://ldap.foo.bar,bind=true)
[Tue Sep 24 13:43:24 2013] [debug] Auth.Provider.LDAP got resource
Resource id #267
[Tue Sep 24 13:43:24 2013] [fatal] Uncaught AppKitPHPError: PHP Error
ldap_bind(): Unable to bind to server: No such object
(/usr/share/icinga-web/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php:235)
(/usr/share/icinga-web/app/modules/AppKit/lib/logging/AppKitExceptionHandler.class.php:59)
[Tue Sep 24 13:43:24 2013] [error] Auth.Provider.LDAP Bind failed:
(dn=dc=foo,dc=bar)
[Tue Sep 24 13:43:24 2013] [error] Auth.Dispatch/import: Import failed
(provider=openldap-ldap1,msg=Auth.Provider.LDAP: Bind failed)
[Tue Sep 24 13:43:24 2013] [debug] Auth.Dispatch: User cound not
authorized (username=testuser)
[Tue Sep 24 13:43:24 2013] [error] Userlogin by testuser failed!


>
>> The error I am seeing in the icing-web log is:
>>
>> Uncaught AppKitPHPError: PHP Error ldap_connect(): Could not create
>> session handle: Bad parameter to an ldap routine
>>
(/usr/share/icinga-web/app/modules/AppKit/models/Auth/Provider/LDAPModel.class.php:199)
>>
(/usr/share/icinga-web/app/modules/AppKit/lib/logging/AppKitExceptionHandler.class.php:5
> Would be interesting which php version is involved. Googling the error
> leads to various wrong ldap urls used but without knowing your
> configuration that's just a blind guess.
I'm running php-5.3.3 as well as the other php packages needed,outlined
in the wiki howto. 
>
>
>>
>> Does anyone know whats going on here?
> Without any further insight on your configuration - no.
>
>> I feel completely confused when I
>> thought I had a firm grip on Icinga. Why are my icinga-web files allover
>> the place?
> You should only edit the files in /etc/icinga-web and leave the others
> untouched. The config location is also mentioned in
>
https://wiki.icinga.org/display/howtos/Setting+up+Icinga+Web+on+RHEL#SettingupIcingaWebonRHEL-Packages
>> Why does the wiki have you install an old version of icinga-web?
> The wiki itsself does not. The repositories involved do, and it's their
> reposponsibility to ship updates. And before you ask, icinga's own
> package repo will happen, sooner or later. Depends on my spare time.
Ok, that's cool.Do you recommend starting from scratch and doing a src
install? I just want to be up to date and avoid security concerns/bugs.
I read on the monitoring portal that icinga-web up to 1.8.2 had an issue
not submitting the base DN properly.
>
>
> Btw - if noone answers on the #icinga irc channel this would likely mean
> that noone is available, or, due to different timezones, they
> sleep/work/whatever. There's no need to insult the channel community -
> please read the irc community guidelines [1] closely for any future
visits.
>
> 20:35:33 -!- eyesinguh [8244047d@gateway/web/freenode/ip.x.x.x.x] has
> joined #Icinga
> 20:35:52 < eyesinguh> aloh aloh
> 20:55:23 < eyesinguh> Anyone using ldap auth with icinga-web 1.7.2?
> 20:55:58 < eyesinguh> I'm on redhat 6
> 21:28:46 < eyesinguh> I followed the wiki prescisely for a icinga-web
> install on redhat
> 21:28:56 < eyesinguh> But I'm on version 1.7.2
> 21:29:11 < eyesinguh> and don't know how to upgrade to 1.9
> 21:41:23 < eyesinguh> damn this channel sucks
> 21:41:31 -!- eyesinguh [8244047d@gateway/web/freenode/ip.x.x.x.x] has
> quit [Quit: Page closed]
Very sorry about my rudeness, won't happen again. I'm a new nagios admin
and I'm trying to make the switch to Icinga.. just been running into
roadblocks and yesterday was a huge headache. VERY SORRY!

Thank You for your help, it is truly appreciated !
>
> regards,
> Michael
>
>
> [1] https://wiki.icinga.org/display/community/IRC+Community+Guidelines
>


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
icinga-users mailing list
icinga-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/icinga-users

Reply via email to