Dear François
Thanks for your reply. How can I check the certificate?
I don't but if you look in the 389-ds access log you may be able to see
a connection failure which would confirm that it is indeed an issue with
trust.
I suspect that if you add the IPA CA certificate(s) to the system-wide
trust on the librenms box that would probably fix it. How to do that
depends on the distro.
As a source of inspiration look at the way the openstack development
environment adds its own CA to the global store. It covers Fedora, SuSE
and Ubuntu (and should work on RHEL/CentOS/Debian as well depending on
version).
Start with the contents of /etc/ipa/ca.crt from an enrolled host or IPA
master.
rob
*Abdul Wahab*
OSS Engineer
*abdul(a)rain.co.za <mailto:abdul@rain.co.za>*
*abdulwpk(a)gmail.com <mailto:abdulwpk@gmail.com>*
M +27842744755
Block D, The Main Straight Office Park, 392 Main Road, Bryanston, 2191
rain.co.za <
https://rain.co.za/>
On Mon, 8 Apr 2019 at 13:58, François Cami <fcami(a)redhat.com
<mailto:fcami@redhat.com>> wrote:
Hi Abdul,
On Mon, Apr 8, 2019 at 1:38 PM Abdul Wahab via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>
> Dear Rob
>
> Trust you are well and thanks for your help. I am able to connect
with LDAP now but I am having below error when I do the
configuration in config.php file. Please alsp help me on this.
Thanks in advance
>
> [2019-04-08 08:52:46] production.ERROR: Fatal error: LDAP TLS
required but not successfully negotiated: Connect error
{"exception":"[object]
(LibreNMS\\Exceptions\\AuthenticationException(code: 0): Fatal
error: LDAP TLS required but not successfully negotiated: Connect
error at /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php:320)
Quite probably the certificate is not trusted by the LibreNMS stack.
François
> [stacktrace]
> #0 /opt/librenms/LibreNMS/Authentication/LdapAuthorizer.php(331):
LibreNMS\\Authentication\\LdapAuthorizer->connect()
> #1 /opt/librenms/app/Providers/LegacyUserProvider.php(169):
LibreNMS\\Authentication\\LdapAuthorizer->bind(Array)
> #2
/opt/librenms/vendor/laravel/framework/src/Illuminate/Auth/SessionGuard.php(349):
App\\Providers\\LegacyUserProvider->retrieveByCredentials(Array)
> #3
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(81):
Illuminate\\Auth\\SessionGuard->attempt(Array, false)
> #4
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Auth/AuthenticatesUsers.php(44):
App\\Http\\Controllers\\Auth\\LoginController->attemptLogin(Object(Illuminate\\Http\\Request))
> #5 [internal function]:
App\\Http\\Controllers\\Auth\\LoginController->login(Object(Illuminate\\Http\\Request))
> #6
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54):
call_user_func_array(Array, Array)
> #7
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45):
Illuminate\\Routing\\Controller->callAction('login', Array)
> #8
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Route.php(219):
Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route),
Object(App\\Http\\Controllers\\Auth\\LoginController), 'login')
> #9
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Route.php(176):
Illuminate\\Routing\\Route->runController()
> #10
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(682):
Illuminate\\Routing\\Route->run()
> #11
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30):
Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #12
/opt/librenms/app/Http/Middleware/RedirectIfAuthenticated.php(24):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #13
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
App\\Http\\Middleware\\RedirectIfAuthenticated->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #14
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #15
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Middleware/SubstituteBindings.php(41):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #16
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Routing\\Middleware\\SubstituteBindings->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #17
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #18 /opt/librenms/app/Http/Middleware/LegacySession.php(44):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #19
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
App\\Http\\Middleware\\LegacySession->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #20
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #21 /opt/librenms/app/Http/Middleware/LegacyExternalAuth.php(45):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #22
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
App\\Http\\Middleware\\LegacyExternalAuth->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #23
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #24
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(75):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #25
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #26
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #27
/opt/librenms/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #28
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #29
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #30
/opt/librenms/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(63):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #31
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Session\\Middleware\\StartSession->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #32
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #33
/opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #34
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #35
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #36
/opt/librenms/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(66):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #37
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #38
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #39 /opt/librenms/app/Http/Middleware/CheckInstalled.php(46):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #40
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
App\\Http\\Middleware\\CheckInstalled->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #41
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #42
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #43
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(684):
Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
> #44
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(659):
Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route),
Object(Illuminate\\Http\\Request))
> #45
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(625):
Illuminate\\Routing\\Router->runRoute(Object(Illuminate\\Http\\Request),
Object(Illuminate\\Routing\\Route))
> #46
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Router.php(614):
Illuminate\\Routing\\Router->dispatchToRoute(Object(Illuminate\\Http\\Request))
> #47
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176):
Illuminate\\Routing\\Router->dispatch(Object(Illuminate\\Http\\Request))
> #48
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(30):
Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(Illuminate\\Http\\Request))
> #49 /opt/librenms/vendor/fideloper/proxy/src/TrustProxies.php(57):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #50
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Fideloper\\Proxy\\TrustProxies->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #51
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #52
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #53
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #54
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #55
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(31):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #56
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #57
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #58
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #59
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #60
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #61
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(62):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #62
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(163):
Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(Illuminate\\Http\\Request),
Object(Closure))
> #63
/opt/librenms/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(53):
Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(Illuminate\\Http\\Request))
> #64
/opt/librenms/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(104):
Illuminate\\Routing\\Pipeline->Illuminate\\Routing\\{closure}(Object(Illuminate\\Http\\Request))
> #65
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(151):
Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
> #66
/opt/librenms/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(116):
Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(Illuminate\\Http\\Request))
> #67 /opt/librenms/html/index.php(53):
Illuminate\\Foundation\\Http\\Kernel->handle(Object(Illuminate\\Http\\Request))
> #68 {main}
> "}
>
> Abdul Wahab
>
> OSS Engineer
>
> abdul(a)rain.co.za <mailto:abdul@rain.co.za>
>
> abdulwpk(a)gmail.com <mailto:abdulwpk@gmail.com>
>
> M +27842744755
>
> Block D, The Main Straight Office Park, 392 Main Road, Bryanston, 2191
>
> rain.co.za <
http://rain.co.za>
>
>
>
> On Thu, 4 Apr 2019 at 19:24, Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
>>
>> Florence Blanc-Renaud via FreeIPA-users wrote:
>> > On 4/4/19 2:11 PM, Abdul Wahab via FreeIPA-users wrote:
>> >> Dear Rob
>> >>
>> >> Trust you are well. Thanks for your reply.
>> >>
>> >> As I explained I am trying to configure LibreeNMS via freeIPA and
>> >> having below error.
>> >>
>> >> When I run below command from LibreeNMS.
>> >>
>> >> ldapsearch -h aaa01.rain.network -D
>> >> uid=abdul,cn=sysaccounts,cn=etc,dc=rain,dc=network -x uid=abdul-W
>> >>
>> >> I get below output which does not look correct.
>> >>
>> >> root@abdulwpk:~# ldapsearch -h aaa01.rain.network -D
>> >> uid=abdul,cn=users,cn=accounts,dc=rain,dc=network -x uid=abdul -W
>> > Hi,
>> >
>> > in the above search, there is no search base. By default,
ldapsearch
>> > will take the BASE defined in /etc/openldap/ldap.conf or in the
user's
>> > ldap.conf (please see man ldap.conf(5)). In your case, it looks
like the
>> > null dn is used (base <> in the output).
>> >
>> > You can try to specify a search base with -b.
>>
>> On an IPA-enrolled machine the default base is set in ldap.conf.
>>
>> I think the problem si you are comparing apples and oranges. The DN's
>> you mention do not match. One is in cn=sysaccounts and one is in
cn=users.
>>
>> Does the IPA user abdul exist? ipa user-show abdul.
>>
>> rob
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
<mailto:freeipa-users@lists.fedorahosted.org>
> To unsubscribe send an email to
freeipa-users-leave(a)lists.fedorahosted.org
<mailto:freeipa-users-leave@lists.fedorahosted.org>
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...