[Xymon] xymon server 4.3.28 -- Cannot issue STARTTLS for ldap:389

Scott Birl scott.birl at temple.edu
Fri Jun 1 20:11:18 CEST 2018


Hello all:

Running the 4.3.28 server.

My LDAP team wants me to monitor their LDAP farm over both 636 *and* 389.  Monitoring 636 is working as expected, but 389 is not; at least not 100%.
        ServerA's 389 has not required the use of STARTTLS, yet, so monitoring it is working well.
        ServerB's 389 is requiring the use of STARTTLS, and tests are failing red with an output of "unknown error."

        (Yes, there are applications outside of Xymon that can connect to 389 using STARTTLS with no problem.)

I modified ~xymon/server/etc/protocols.cfg to have the [ldap] section to use "options ssl", but my LDAP team tells me that STARTTLS is not present, and tests are still red.

I ran: strace ~xymon/server/bin/xymonnet --debug --report ServerB
and I can see the connection being made, as well as the ldaplogin bind credentials being passed over, but certainly no STARTTLS is being passed.

On the receiving end of the strace, I see:
        read(3, "\1\r\4\0\4\30confidentiality required", 30) = 30
        write(1, "101588 2018-06-01 11:52:08.27042"..., 81101588 2018-06-01 11:52:08.270421 ldap_result returned 97 for ldap_simple_bind()) = 81
followed by the "LDAP output: Unknown error"


The hosts.cfg has this entry for its LDAP tests for ServerA and ServerB.
        ldap://10.96.160.XX:389/dc=DOMAIN,dc=ORG??sub?(uid=moof8) ldaplogin=cn=USER,ou=roles,dc=DOMAIN,dc=ORG:*********



Is there something that I am missing in order to have Xymon issue a STARTTLS for 389?

Thanks.
Birl






More information about the Xymon mailing list