This manual should give you an overview of some common LDAP issues we saw over time. |
You can use this as a checklist for troubleshooting step by step. |
You receive an error message on user synchronization similar to the following:
Synchronization started... [CONNECTION] Starting sync for connection [CONNECTION] Exception: The "Authentication Expiration" attribute (pwdlastset) could not be fetched from the LDAP server for user {'cn': ['Lastname, Givenname'], 'samaccountname': ['givenname.lastname'], 'dn': 'cn=lastname\\, givenname (lastname),ou=users,dc=domain,dc=tld'}. 2022-08-10 11:56:01,202 [40] [cmk.web 10815] Exception (CONNECTION, userdb_job): Traceback (most recent call last): File "/omd/sites/mysite/lib/python3/cmk/gui/userdb.py", line 1501, in _execute_sync_action connection.do_sync( File "/omd/sites/mysite/lib/python3/cmk/gui/plugins/userdb/ldap_connector.py", line 1282, in do_sync self._execute_active_sync_plugins(user_id, ldap_user, user) File "/omd/sites/mysite/lib/python3/cmk/gui/plugins/userdb/ldap_connector.py", line 1369, in _execute_active_sync_plugins user.update(plugin.sync_func(self, key, params or {}, user_id, ldap_user, user)) File "/omd/sites/mysite/lib/python3/cmk/gui/plugins/userdb/ldap_connector.py", line 1941, in sync_func raise MKLDAPException( cmk.gui.plugins.userdb.ldap_connector.MKLDAPException: The "Authentication Expiration" attribute (pwdlastset) could not be fetched from the LDAP server for user {'cn': ['Lastname, Givenname'], 'samaccountname': ['givenname.lastname'], 'dn': 'cn=lastname\\, givenname (lastname),ou=users,dc=domain,dc=tld'}. Finalizing synchronization The user synchronization completed successfully. |
In Active Directory, it is possible that a user may not read the attribute pwdLastSet.
Checkmk needs this attribute to synchronize authorization expiration.
So the user Checkmk uses as the bind user needs to be able to read this attribute.
See: LDAPs stops working after upgrade from 1.6 to 2.0: "unable to get issuer certificate"
Related articles appear here based on the labels you select. Click to edit the macro and add or change labels.
|