Struck with error, thinking how to fix the ‘could not bind to the LDAP server’ error in Nagios.

Our technical team support will fix Nagios- related issues under our server management plan. You can also take assistance from our technical team support 24/7 for fixing the error or any sort of installation and migration

Let’s have a glance at the causes.

Why the error ‘could not bind to the LDAP server’ does occurs.

Let’s me take you to one of our client’s reports that he trying and executing the following.

/usr/local/nagios/libexec/check_ldaps -H dc01.domain.local -b ” -p 636

 Output

As a result, he got the following error.

Could not bind to the LDAP server

He tries to enable the verbose mode -v for the plugin:

/usr/local/nagios/libexec/check_ldaps -H dc01.domain.local -b ” -p 636 -v

The following error displayed on the screen.

ldap_bind: Can’t contact LDAP server (-1)

additional info: TLS error -8179:Peer’s Certificate issuer is not recognized.

Could not bind to the LDAP server

This is due to plugins that don’t have a CA certificate to validate the certificate. By using the check_ldaps plugins let’s use the certificate authority (CA) certificates.

Fixing the error

The check_ldap plugin makes use of OpenLDAP. Whereas the OpenLDAP package is installed defaulting as it’s a part of Nagios installation because the plugins have dependencies on them where it is left as a non-configured state.  

In order to configure the OpenLDAP to use the certificate, you need to create the CA certificate on the Nagios server.

we usually get the CA certificate from CA authorities and then tries to copy the content certificate into a file on the Nagios XI server for this you need to open the SSH session.

Create Certificate

Here, we will create a certificate file called /etc/openldap/certs/windows_ca.cer and this is from a Microsoft Windows server.

 Execute command:

vi /etc/openldap/certs/windows_ca.cer

Later, paste the content into SSH session. If all other blank lines are added then you request to delete all of these blank lines by simply pressing dd keyword.

Then save the changes and close the file. 

Update ldap.conf

Making the OpenLDAP use the certificate.

Execute the command.

vi /etc/openldap/ldap.conf

Open the file and drag it down to the end of the file.

On a new line ,type and run the following:

TLS_CACERT /etc/openldap/certs/windows_ca.cer

Save the required changes and close the file.

Test Plugin

Now, the check_ldaps plugin should work:

/usr/local/nagios/libexec/check_ldaps -H dc01.domain.local -b ” -p 636

If it works, the following message is produced:

LDAP OK – 0.043 seconds response time|time=0.042861s;;;0.000000

Conclusion

In short, Follow the step to fix the ‘could not bind to the LDAP server’ error in Nagios. If need any further assistance to fix the error – click here and get help.