[dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs #2645

icinga-migration · 2016-12-12T21:47:36Z

This issue has been migrated from Redmine: https://dev.icinga.com/issues/13539

Created by TheFlyingCorpse on 2016-12-12 21:47:36 +00:00

Assignee: (none)
Status: New
Target Version: (none)
Last Update: 2016-12-13 22:02:45 +00:00 (in Redmine)

Issue

I saw the documentation update and decided to try this out right away. Sadly it does not work.

I've tried the list below (each pre is its own attempt) which yields the following error message:

Validation Log

Connect using LDAPS
ldap_connect(): Could not create session handle: Bad parameter to an ldap routine

Attempted:

ldaps://rygmdc08.labdomain.net

ldaps://rygmdc08.labdomain.net ldaps://rygmdc12.labdomain.net

rygmdc08.labdomain.net rygmdc12.labdomain.net

Works:

rygmdc08.labdomain.net

rygmdc12.labdomain.net

About

Info about setup:
distro: Debian Jessie
icingaweb2 (package) version: 2.3.4+snapshot2016.12.12+1~jessie
php version: 5.6.27+dfsg-0+deb8u1
php5 ldap version: 5.6.27+dfsg-0+deb8u1

This is attempted against AD with the following resource config(which does work when using either of the servers as a single fqdn to ldap server:

[LABDomain-LDAPS]
type = "ldap"
hostname = "rygmdc08.labdomain.net"
port = "636"
encryption = "ldaps"
root_dn = "dc=labdomain,dc=net"
bind_dn = "CN=svcIcingaWeb2,OU=ServiceAccounts,OU=Admins,OU=RYG,DC=labdomain,DC=net"
bind_pw = "xxxx"

Relations:

relates #11809

The text was updated successfully, but these errors were encountered:

icinga-migration · 2016-12-13T12:54:00Z

Updated by mfrosch on 2016-12-13 12:54:00 +00:00

Relates set to 11809

icinga-migration · 2016-12-13T12:56:39Z

Updated by elippmann on 2016-12-13 12:56:39 +00:00

Hi Rune,

Please set encryption to none and use the following for the hostname:

ldaps://rygmdc08.labdomain.net ldaps://rygmdc12.labdomain.net

This should work.

Best regards,
Eric

icinga-migration · 2016-12-13T22:02:45Z

Updated by TheFlyingCorpse on 2016-12-13 22:02:45 +00:00

Setting the encryption type to "none" makes it possible to use multiple ldap hostnames. I did not see that in the documentation :)

refs #2645

…d-validation-of-multiple-ldap-uris-2645 fixes #2645 (cherry picked from commit 5b4de83) Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>

icinga-migration added the bug Something isn't working label Jan 17, 2017

nilmerg self-assigned this Feb 1, 2017

nilmerg added this to the 2.5.0 milestone Feb 1, 2017

nilmerg changed the title ~~[dev.icinga.com #13539] IcingaWeb2 does not support multiple ldap servers in the same field~~ [dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs Feb 2, 2017

nilmerg added a commit that referenced this issue Feb 2, 2017

LdapResourceForm: Add hostname validation

7864450

refs #2645

nilmerg added a commit that referenced this issue Feb 2, 2017

LdapConnection: Properly handle multiple hosts if encryption is involved

8d3e8b8

refs #2645

nilmerg closed this as completed in 5b4de83 Feb 2, 2017

lippserd mentioned this issue Aug 1, 2017

LDAP authentication fails when using more than one host in LDAP configuration in RHEL6 and PHP >= 5.6 IUS #2906

Closed

lippserd modified the milestones: 2.5.0, 2.4.2 Sep 20, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs #2645

[dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs #2645

icinga-migration commented Dec 12, 2016

icinga-migration commented Dec 13, 2016

icinga-migration commented Dec 13, 2016

icinga-migration commented Dec 13, 2016

[dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs #2645

[dev.icinga.com #13539] Improve error handling and validation of multiple LDAP URIs #2645

Comments

icinga-migration commented Dec 12, 2016

Issue

About

icinga-migration commented Dec 13, 2016

icinga-migration commented Dec 13, 2016

icinga-migration commented Dec 13, 2016