Unable to apply any site changes after LDAP configuration

Troubleshooting
,
1

CMK version: Checkmk Raw Edition 2.2.0p9
OS version: Ubuntu 22.4

Error message: ValueError: Invalid username: ‘ldap_Active Directory_sync_time.mk’

Output of “cmk --debug -vvn hostname”: (If it is a problem with checks or plugins)

Hi Team, i have just configured ldap authentication for checkmk raw. This is working fine and users can log in with their active directory accounts. However i am unable to apply any changes to the site after applying the ldap settings. The error says invalid username however the two users that i am trying to sync dont have any special characters int the samaccountname.

2023-09-13 11_16_14-Termius - 0293NMS01
2023-09-13 11_16_14-Termius - 0293NMS011878×648 37.2 KB

2

The error message says, that there is an invalid user name. As AD is notorious for allowing weird object names, this sounds sensible. Double-check your LDAP connection, how you handle special characters. Maybe you can already fix it there. Otherwise you might need to look at the file mentioned in the end of the message to find the corrupt username.

3

Is there a list of characters that are now allowed? I have a dash character ( - ) in my users samaccount name. eg sa-ldapuser. Could that be causing the issue?

4

2023-09-13 17_42_41-Checkmk Local site hwps_monitoring - Users — Mozilla Firefox
2023-09-13 17_42_41-Checkmk Local site hwps_monitoring - Users — Mozilla Firefox1717×357 12.4 KB

Does this error mean that its finding a user called “'ldap_Active Directory_sync_time.mk” Im not sure where / how it would be pulling this user from

5

The dash is no problem, but I am not aware of a definite list of forbidden characters.

ldap_Active Directory_sync_time.mk refers to a file within your site. As site user, you can either find the file by name, or look into $OMD_ROOT/var/check_mk/web/ where the file should be located somewhere I think.

7

I was about to correct myself: I missed the blank in the file name. That will be the problem.
You can use find to find the file: find "$OMD_ROOT" - name "ldap_Active Directory_sync_time.mk"

8

i have found the file.

It contains random numbers. How do i use this to find out what the corrupter user is?

2023-09-13 18_56_51-_C__Users_st01645_Pictures_Switch Icons_ldap_Active Directory_sync_time.mk - Not
2023-09-13 18_56_51-_C__Users_st01645_Pictures_Switch Icons_ldap_Active Directory_sync_time.mk - Not696×257 11.4 KB

9

It is the file itself that is the problem. There is a blank in the file name. The reason is, that you used a connection ID of “Active Directory”. That would be an appropriate description, but not an ID. You should remove the connection (and the file if it persists) and create a new connection with a proper ID.

10

Dude you are a legend. Thanks so much. This is now humming along perfectly.

1 Like
11

Just doing my job good sir. :slight_smile:
Glad you could solve it and thanks for the nice feedback!
Take care. :v: