Applies To
- Zenoss Resource Manager 5.x
Summary
LDAP issues can result in various Zenoss and connectivity issues including being unable to ping outbound LDAP servers. This KB provides some basic guidance for identifying LDAP configuration issues.
Procedures
Perform the following procedures to help identify LDAP issues.
NOTE: It is recommended as a best practice that you create a Control Center snapshot and perform a backup via the Backup/Restore tab in Control Center before adjusting your system.
Verify Resource Manager LDAP Configuration
- In Resource Manager, navigate to Advanced > LDAP
- Click the LDAP Configuration drop down arrow to display the current configurations.
- Check for invalid, old, or outdated LDAP server configurations that can be removed.
- Check for highlighted red settings on the other tabs, these indicate configuration issues.
Consult event.log Files
There are six (6) event.log files, one for each zope container.
The zope containers are named Zope/0 through Zope/5.
To examine the event.log file for each zope container, perform the following, exchanging Zope/0 with the names Zope/1 through Zope/5:
- SSH into the Zenoss master.
- Attach to the zope container:
serviced service attach Zope/0
- Change to the zenoss user:
su - zenoss
- Navigate to the file /opt/zenoss/log/event.log
- View or copy the file to another location on the master for inspection.
- Examine the file for errors and associated trace back information to assist in troubleshooting.
- Exit the zenoss user:
exit
- Exit the container:
exit
- Repeat the process for each of the remaining five zope containers. Replace the name Zope/0 with Zope/1, Zope/2 ... through Zope/5
Verify Database LDAP Instances
To verify the LDAP instances in the database, perform the following:
- SSH into the Zenoss master.
- Attach to the Zope/0 container:
serviced service attach Zope/0
- Change to the zenoss user:
su - zenoss
- Copy the ldapdmd.dmd file (attached below) to the /tmp directory in the Zope/0 container.
- Add execute permissions (+x) for the zenoss user to the file:
/tmp/ldapdmd.dmd - The zendmd ldapp fetch function returns the list of configured LDAP servers configured in Zenoss Resource Manager. Run the following command:
zendmd ldapdmd.dmd
- Consult the output from the zendmd command. The results display the LDAP servers configured for Zenoss Resource Manager. Verify they are correct and if there is more than one configured LDAP server.
Clear Zope Cache and Verify LDAP Plugins
To clear the zope cache and verify the LDAP plugins, perform the following:
- Navigate to the zope configuration/settings page at:
https://<RM Host Name>/zport/acl_users/manage
- Navigate to cache tab > cache settings
- Click:
purge all caches
- Verify the LDAP plugin(s) show the correct information.
Comments