Struck with error, thinking how to fix the ‘could not bind to the LDAP server’ error in Nagios.
Our technical team support will fix Nagios- related issues under our server management plan. You can also take assistance from our technical team support 24/7 for fixing the error or any sort of installation and migration
Let’s have a glance at the causes.
Why the error ‘could not bind to the LDAP server’ does occurs.
Let’s me take you to one of our client’s reports that he trying and executing the following.
/usr/local/nagios/libexec/check_ldaps -H dc01.domain.local -b ” -p 636Output
As a result, he got the following error.
Could not bind to the LDAP server
He tries to enable the verbose mode -v for the plugin:
/usr/local/nagios/libexec/check_ldaps -H dc01.domain.local -b ” -p 636 -v
The following error displayed on the screen.
ldap_bind: Can’t contact LDAP server (-1)additional info: TLS error -8179:Peer’s Certificate issuer is not recognized.
Could not bind to the LDAP server
This is due to plugins that don’t have a CA certificate to validate the certificate. By using the check_ldaps plugins let’s use the certificate authority (CA) certificates.
Fixing the error
The check_ldap plugin makes use of OpenLDAP. Whereas the OpenLDAP package is installed defaulting as it’s a part of Nagios installation because the plugins have dependencies on them where it is left as a non-configured state.
In order to configure the OpenLDAP to use the certificate, you need to create the CA certificate on the Nagios server.
we usually get the CA certificate from CA authorities and then tries to copy the content certificate into a file on the Nagios XI server for this you need to open the SSH session.
Create Certificate
Here, we will create a certificate file called /etc/openldap/certs/windows_ca.cer and this is from a Microsoft Windows server.
Execute command:
vi /etc/openldap/certs/windows_ca.cerLater, paste the content into SSH session. If all other blank lines are added then you request to delete all of these blank lines by simply pressing dd keyword.
Then save the changes and close the file.
Update ldap.conf
Making the OpenLDAP use the certificate.
Execute the command.
vi /etc/openldap/ldap.confOpen the file and drag it down to the end of the file.
On a new line ,type and run the following:
TLS_CACERT /etc/openldap/certs/windows_ca.cerSave the required changes and close the file.
Test Plugin
Now, the check_ldaps plugin should work:
/usr/local/nagios/libexec/check_ldaps -H dc01.domain.local -b ” -p 636
If it works, the following message is produced:
LDAP OK – 0.043 seconds response time|time=0.042861s;;;0.000000
Conclusion
In short, Follow the step to fix the ‘could not bind to the LDAP server’ error in Nagios. If need any further assistance to fix the error – click here and get help.
