You are here

LDAP Can't find Active Directory Groups

6 posts / 0 new
Last post
Gary Burch
gb.opsview's picture
LDAP Can't find Active Directory Groups

I've managed to get a valid config in opsview_web_local.yml now, and running the opsview_sync_ldap -t script reports that it is able to connect to LDAP successfully.  I have also verified that the LDAP server is seeing connections from the OpsView Appliance.

However, running the opsview_sync_ldap -t script with a username and password reports 'no user found', and running the opsview_sync_ldap -y script starts but fails as it can't locate the group matching the name of the XML file I've created.

I've double checked the search base entered in opsview_web_local.yml for user_basedn and group_basedn, which are correct.

Does anyone have any ideas why it would connect to LDAP, but not be able to find anything?

Duncan Ferguson
dferguson's picture
Can you confirm what version

Can you confirm what version you are running on?  There was a bug in this area that was fixed in 5.3

  Duncs

Gary Burch
gb.opsview's picture
I'm running 5.3.0

I'm running 5.3.0

Duncan Ferguson
dferguson's picture
I take it you have been

I take it you have been following the docs on https://knowledge.opsview.com/articles/opsview-monitor-500/42511-setting... ?

The '-t' option confirms the LDAP server and bind information is correct and can connect.  

The '-u' and '-p' options confirm the "user_*" fields are correct for performing searches on the user.  Does the user you are using have access to search the groups you have set up?

  Duncs

Gary Burch
gb.opsview's picture
I've got it working now, I

I've got it working now, I had to add the binddn: value in the format of DOMAIN\username to get it to work though.

I think I've missed something still though, the sync script has run, has created the user account and added it into the correct role.  I can't log in with this account though, it's reporting a username/password error at the login screen.  This is the same user account I tested opsview_sync_ldap -t with the username and password option, which is now reporting that it's successful.

Any ideas?

Duncan Ferguson
dferguson's picture
Have you restarted opsview

Have you restarted opsview-web since making the change to the configuration?

  Duncs