Error: “ldap_bind: Can’t contact LDAP server (-1)” on nagios check

Posted on Updated on

Nagios check_ldaps plugin working with SSL or TLS
Error:

[root@nagios libexec]# ./check_ldaps  -H 10.0.0.51  -w 10 -c 15 -b dc=tolven,dc=com -p 636 -v
ldap_bind: Can't contact LDAP server (-1)
 additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user.
 Could not bind to the LDAP server

 

To fix this issue, simple understand the client is not issuing certificate, The client environment is not fully configured. so I configure the bellow setting. It works charm in both ways, byt ignoring the SSL check or adding client certificate,

Create new configuration file if not exist, /etc/openldap/ldap.conf

Ignoring SSL certificate, Add the bellow settings

TLS_REQCERT never
TLS_CACERT /etc/openldap/certs/ldap-client-ca.crt

Output:

root@nagios libexec]# ./check_ldaps -H 10.0.0.51 -w 10 -c 15 -b dc=tolven,dc=com -p 636 -v
LDAP OK - 0.062 seconds response time|time=0.061526s;10.000000;15.000000;0.000000
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s