However almost any combination i have tested results in “Could not contact LDAP Server”.
Only exception is trying port 389 / no ssl, which results in “Confidentiality required”
Compared to a python script i used to connect (using ldap, not LDAP3) i had to add below to get around this:
i am not aware of an option to disable the certificate check, like you did in the python example, if you enable SSL for the ldap check.
Does your CMK server trust the LDAP certificate?
You could check this with
openssl s_client --connect <your ldap fqdn>:636
At the end it should give you an
Verify return code: 0 (ok)
If it doesn’t you will need to install the root and probably intermediate certificate of the used CA in /usr/local/share/ca-certificates and then run
update-ca-certificates
Then test again with the openssl command.
Besides that i don’t think you can just use cn= as a Bind DN.
AFAIK it requires the complete DN like this: Bind DN:uid=monitor,ou=people,ou=svcaccounts,dc=mydomain,dc=at
Same for Base DN cn=Monitor
I mean i don’t know your setup but i think this is invalid anyway.
A base dn should end with an “Domain Component” like dc=com.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
