Troubleshoot check_ldaps (check_ldap works)

Hi there,

i’m having issues on getting the ldaps check to work on a 1.6.0p8 CRE.
The ldap check (with almost exactly the same settings) is working as expected.

The Root Certificates are installed on the ubuntu 18.04 machine aswell and a
‘openssl s_client -connect fqdn.dc.de:636’ shows no certificate validation errors.

The normal ldap check:
root@Server:/usr/local/share/ca-certificates# /opt/omd/versions/1.6.0p8.cre/lib/nagios/plugins/checkldap -H fqdn.dc.de -b ‘DC=fqdn,DC=domain,DC=de’ -D ‘checkmk@fqdn.dc.de’ -P ‘password’
LDAP OK - 0,004 seconds response time|time=0,003631s;;;0,000000

Ldaps: with error:
root@Server:/usr/local/share/ca-certificates# /opt/omd/versions/1.6.0p8.cre/lib/nagios/plugins/check_ldaps -H fqdn.dc.de -b ‘DC=fqdn,DC=domain,DC=de’ -D ‘checkmk@fqdn.dc.de’ -P ‘password’ -p 636 -v

ldap_bind: Can’t contact LDAP server (-1)
additional info: (unknown error code)
Could not bind to the LDAP server

Has anynone an idea where I can look for a more detailed error message, or what that could be ?

Kind regards,
Constantin

Hi @Constey,
Are you able to run this without any error ?
" The Root Certificates are installed on the ubuntu 18.04 machine aswell and a
‘openssl s_client -connect fqdn.dc.de:636’ shows no certificate validation errors."

It seems a connectivity issue…

Stupid question:

Is your LDAPS server running at port 636?

yep openssl responds me the dc certificates on that.
and yes ldaps is runnig. (the authentication to the webgui is also handled by ldaps (ldap sync))

it seems that only the check is not working

Did you configure the ldap version well in the check ? I’ve never had an issue like that.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.