the default LDAP connection seems to test fine (Save & Test),
but when I try to log into the Web UI using a valid AD account, it fails with “Invalid credentials”.
this was working fine for all userids prior to upgrade.
only omdadmin account is working at this point
any ideas? any logs to look for errors?
Distributed Monitoring setup, and all nodes are set to sync with LDAP connection – default
I’ve also checked omd config for each instance and MULTISITE_COOKIE_AUTH is on
the only thing I suspect is somehow the original user search filter is no longer accepted…?
master check_mk server node has 3 different sites running… only 1 site is impacted with this problem…
I tried adjusting the faulty site’s LDAP search filter to use the same as the other working sites…
and still no go… ldap scan seems to run fine, users to roles mapping seems to run fine… but web UI authentication still failing =(
makes no sense-- I added new LDAP connection, using similar settings…I can see the new connection under ~/etc/check_mk/multisite.d/wato/user_connections.mk … but when trying to move to this connection, same issues occur. is there any log file I can check to find out what’s causing this issue? at this point maybe it’s not LDAP , but something else on the web server side that’s breaking
and symptoms sound very similar – however , where do I find the logs for web.auth or ldap debug?
I’ve increased the logging level as mentioned in the above…
sigh… only way I found this – from looking at the working setups,
cached_profile.mk for my users have
'connector': 'default'
while in the instance where things are failing
'connector': 'ldap'
I replaced “ldap” with “default” and was able to authenticate — great
but now to push this to all 500 or so accounts? or is it ok to delete cached_profile.mk
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.