NetXMS Support Forum

Good morning everyone!
The LDAP configuration is driving me crazy... please can you help me understand my error?

• The user srv_netxms is member of a group called "Service Accounts".
• LDPAS server is properly configured and accessible
• srv_netxms does not have Admin permission, it is just a regular user
• LDAPS server is an Active Directory Domain controller
• same error using LDAP

Thank you for your help!

Fabrizio

What kind of error you got?

Also check with ldapsearch:

ldapsearch \
    -x \
    -H "ldaps://devfg.rbc.com:3268/" \
    -D "..." \
    -w "..." \
    -b "..." \
    "(objectClass=user)"


Good morning Alex, thank you for your feedback.
See below the ldapsearch results (just a simply query to test LDAPS connections and credentials) and error from netXMS.
I posted my netXMS LDAP conf on my first post. The users used in both ldapsearch and netxms LDAP conf are the same.
Thank you for your help!

Fabrizio

Some updates:

• configuring netXMS with LDAP the error message "LDAP sync error: Cannot login to LDAP server (Can't contact LDAP Server) it disappear, but no users are synced.
• configuring netXMS with LDAPS the error message "LDAP sync error: Cannot login to LDAP server (Can't contact LDAP Server) it appears again
• ldapsearch from netXMS server CLI (using both LDAP and LDAPS) works properly, returning users list. The Base search and the bind credentials are the same used in netXMS server configuration

Any idea?
Thanks

No suggestions?  

Try increasing debug level for tag "ldap" by issuing

debug ldap 8

in server debug console (Tools -> Server Debug Console or nxamd -i from command line).
Then issue

ldapsync

command there - it will force the synchronization and check netxmsd log (/var/log/netxmsd)

Quick update...
I solved it: it was enough to use the IP address of the LDAPS server instead of the NS.
I don't know why, but even if Ubuntu was able to resolve the domain name of the LDAPS server, the same thing didn't happen using the NS in the netXMS parameters.