[icinga-users] AD authentication with icinga2 and icinga web 2 fails

Timo Golovanov Fri, 04 Sep 2015 08:34:43 -0700

Hello,

I have Icinga 2 (v2.3.9) installed with Icinga Web 2 (2.0.0-4) on CentOS 7 with 
all latest updates of stable releases (OS+Icinga). I would like to have AD 
authentication, but it doesn't work. DB authentication works fine and all the 
rest of the configuration seems to be okay too.


My AD configuration:

resources.ini

[ad]
type                       = ldap
hostname             = adserver.xxx.xxx.com
port                        = 389
root_dn                 = "OU=Accounts,DC=xxx,DC=xxx,DC=com"
bind_dn                 = "CN=Bind,OU=Accounts,DC=xxx,DC=xxx,DC=com"
password              = pa$$w0rd

authentication.ini

[auth_ad]
backend                = "msldap"
resource                = "ad"

Per default I get the following two options after logging in:

LDAP User Object Class = user
LDAP User Name Attribute = sAMAccountName


But authentication doesn't work with the following error:

LDAP query "(objectClass=user)" (base OU=Accounts,DC=xxx,DC=xxx,DC=com) failed. 
Error: Operations error

Here is also more output:

#0 /usr/share/php/Icinga/Protocol/Ldap/Connection.php(252): 
Icinga\Protocol\Ldap\Connection->runQuery(Object(Icinga\Protocol\Ldap\Query))
#1 /usr/share/php/Icinga/Data/SimpleQuery.php(530): 
Icinga\Protocol\Ldap\Connection->count(Object(Icinga\Protocol\Ldap\Query))
#2 /usr/share/php/Icinga/Repository/RepositoryQuery.php(511): 
Icinga\Data\SimpleQuery->count()
#3 [internal function]: Icinga\Repository\RepositoryQuery->count()
#4 
zend.view:///usr/share/icingaweb2/application/views/scripts/user/list.phtml(29):
 count(Object(Icinga\Repository\RepositoryQuery))
#5 /usr/share/php/Icinga/Web/View.php(204): include('zend.view:///us...')
#6 /usr/share/icingaweb2/library/vendor/Zend/View/Abstract.php(877): 
Icinga\Web\View->_run('/usr/share/icin...')
#7 
/usr/share/icingaweb2/library/vendor/Zend/Controller/Action/Helper/ViewRenderer.php(893):
 Zend_View_Abstract->render('user/list.phtml')
#8 
/usr/share/icingaweb2/library/vendor/Zend/Controller/Action/Helper/ViewRenderer.php(914):
 Zend_Controller_Action_Helper_ViewRenderer->renderScript('user/list.phtml', 
NULL)
#9 
/usr/share/icingaweb2/library/vendor/Zend/Controller/Action/Helper/ViewRenderer.php(953):
 Zend_Controller_Action_Helper_ViewRenderer->render()
#10 
/usr/share/icingaweb2/library/vendor/Zend/Controller/Action/HelperBroker.php(272):
 Zend_Controller_Action_Helper_ViewRenderer->postDispatch()
#11 /usr/share/icingaweb2/library/vendor/Zend/Controller/Action.php(518): 
Zend_Controller_Action_HelperBroker->notifyPostDispatch()
#12 
/usr/share/icingaweb2/library/vendor/Zend/Controller/Dispatcher/Standard.php(303):
 Zend_Controller_Action->dispatch('listAction')
#13 /usr/share/icingaweb2/library/vendor/Zend/Controller/Front.php(937): 
Zend_Controller_Dispatcher_Standard->dispatch(Object(Icinga\Web\Request), 
Object(Icinga\Web\Response))
#14 /usr/share/php/Icinga/Application/Web.php(154): 
Zend_Controller_Front->dispatch(Object(Icinga\Web\Request), 
Object(Icinga\Web\Response))
#15 /usr/share/php/Icinga/Application/webrouter.php(111): 
Icinga\Application\Web->dispatch()
#16 /usr/share/icingaweb2/public/index.php(4): 
require_once('/usr/share/php/...')
#17 {main}


Now I am not sure whether I have a false configuration or AD authentication 
doesn't work with my versions installed. Any help appreciated.

Regards
Timo Golovanov

_______________________________________________
icinga-users mailing list
icinga-users@lists.icinga.org
https://lists.icinga.org/mailman/listinfo/icinga-users

[icinga-users] AD authentication with icinga2 and icinga web 2 fails

Reply via email to