[ZBX-9647] CLldap.php ldap_get_entries() complains of "expects parameter 2 to be resource, boolean given" Created: 2015 Jun 18  Updated: 2017 May 30

Status: Open
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 2.4.5
Fix Version/s: None

Type: Incident report Priority: Trivial
Reporter: Nicola Worthington Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: authentication, ldap
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

root@dev-monitoring-test:/var/log/apache2 $ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.2 LTS
Release: 14.04
Codename: trusty
root@dev-monitoring-test:/var/log/apache2 $ dpkg -l | egrep -i '(apache|php|ldap|zabbix)'
ii apache2 2.4.7-1ubuntu4.4 amd64 Apache HTTP Server
ii apache2-bin 2.4.7-1ubuntu4.4 amd64 Apache HTTP Server (binary files and modules)
ii apache2-data 2.4.7-1ubuntu4.4 all Apache HTTP Server (common files)
ii ldap-auth-client 0.5.3 all meta-package for LDAP authentication
ii ldap-auth-config 0.5.3 all Config package for LDAP authentication
ii ldap-utils 2.4.31-1+nmu2ubuntu8.1 amd64 OpenLDAP utilities
ii libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.9 amd64 server-side, HTML-embedded scripting language (Apache 2 module)
ii libapr1:amd64 1.5.0-1 amd64 Apache Portable Runtime Library
ii libaprutil1:amd64 1.5.3-1 amd64 Apache Portable Runtime Utility Library
ii libaprutil1-dbd-sqlite3:amd64 1.5.3-1 amd64 Apache Portable Runtime Utility Library - SQLite3 Driver
ii libaprutil1-ldap:amd64 1.5.3-1 amd64 Apache Portable Runtime Utility Library - LDAP Driver
ii libldap-2.4-2:amd64 2.4.31-1+nmu2ubuntu8.1 amd64 OpenLDAP libraries
ii libldb1:amd64 1:1.1.16-1 amd64 LDAP-like embedded database - shared library
ii libnss-ldapd:amd64 0.8.13-3 amd64 NSS module for using LDAP as a naming service
ii libpam-ldap:amd64 184-8.5ubuntu3 amd64 Pluggable Authentication Module for LDAP
ii nslcd 0.8.13-3 amd64 daemon for NSS and PAM lookups using LDAP
ii php5 5.5.9+dfsg-1ubuntu4.9 all server-side, HTML-embedded scripting language (metapackage)
ii php5-cli 5.5.9+dfsg-1ubuntu4.9 amd64 command-line interpreter for the php5 scripting language
ii php5-common 5.5.9+dfsg-1ubuntu4.9 amd64 Common files for packages built from the php5 source
ii php5-gd 5.5.9+dfsg-1ubuntu4.9 amd64 GD module for php5
ii php5-json 1.3.2-2build1 amd64 JSON module for php5
ii php5-ldap 5.5.9+dfsg-1ubuntu4.9 amd64 LDAP module for php5
ii php5-mysql 5.5.9+dfsg-1ubuntu4.9 amd64 MySQL module for php5
ii php5-pgsql 5.5.9+dfsg-1ubuntu4.9 amd64 PostgreSQL module for php5
ii php5-readline 5.5.9+dfsg-1ubuntu4.9 amd64 Readline module for php5
ii zabbix-agent 1:2.4.5-1+trusty amd64 network monitoring solution - agent
ii zabbix-frontend-php 1:2.4.5-1+trusty all network monitoring solution - PHP front-end
ii zabbix-server-pgsql 1:2.4.5-1+trusty amd64 network monitoring solution - server (using PostgreSQL)
root@dev-monitoring-test:/var/log/apache2 $ uname -a
Linux dev-monitoring-test 3.13.0-54-generic #91-Ubuntu SMP Tue May 26 19:15:08 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
root@dev-monitoring-test:/var/log/apache2 $

Attachments: PNG File zabbix_ldap.png    

 Description   

When trying to configure LDAP authentication through the web administration frontend, I get the following error message:

ldap_search(): Search: No such object [authentication.php:120 ? CLdapAuthValidator->validate() ? CLdap->checkPass() ? CLdap->getUserData() ? ldap_search() in /usr/share/zabbix/include/classes/ldap/CLdap.php:198]
ldap_get_entries() expects parameter 2 to be resource, boolean given [authentication.php:120 ? CLdapAuthValidator->validate() ? CLdap->checkPass() ? CLdap->getUserData() ? ldap_get_entries() in /usr/share/zabbix/include/classes/ldap/CLdap.php:199]
LDAP: User not found.
Login name or password is incorrect!

I am reasonably sure that the credentials I have entered are correct (they are in use on other systems). The first two lines of the error message suggest to me that there is something other than a configuration value wrong here.

 Comments   
Comment by Nicola Worthington [ 2015 Jun 18 ]

(For clarity – I have censored part of the end of the LDAP host and DNs, if it wasn't clear).

Comment by richlv [ 2015 Jun 20 ]

first one is debug, and looks ok when username is not found - did you check both bind & test usernames with other tools ?

the second line looks like a bug in zabbix (maybe only exposed when user is not found ?) - leaving this issue open

Comment by Nicola Worthington [ 2015 Jun 22 ]

I'm reasonably sure I have the details correct when I test:

# Working:
nworthington@desk-nworthington:~ $ ldapsearch -D cn=manager,dc=companyfoo,dc=com -w FFFFFFF -x -H ldap://ldap.companyfoo.com:389 -b ou=users,dc=companyfoo,dc=com -o ldif-wrap=no -s sub 'uid=nworthington' userPassword sambaLMPassword sambaNTPassword uid
# extended LDIF
#
# LDAPv3
# base <ou=users,dc=companyfoo,dc=com> with scope subtree
# filter: uid=nworthington
# requesting: userPassword sambaLMPassword sambaNTPassword uid
#

# nworthington, users, companyfoo.com
dn: uid=nworthington,ou=users,dc=companyfoo,dc=com
uid: nworthington
sambaLMPassword: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
sambaNTPassword: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
userPassword:: FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF=

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

# Incorrect password:
nworthington@desk-nworthington:~ $ ldapsearch -D cn=manager,dc=companyfoo,dc=com -w WRONGPASS -x -H ldap://ldap.companyfoo.com:389 -b ou=users,dc=companyfoo,dc=com -o ldif-wrap=no -s sub 'uid=nworthington' userPassword sambaLMPassword sambaNTPassword uid
ldap_bind: Invalid credentials (49)

# Incorrect bind DN:
nworthington@desk-nworthington:~ $ ldapsearch -D cn=FOOmanager,dc=companyfoo,dc=com -w FFFFFFF -x -H ldap://ldap.companyfoo.com:389 -b ou=users,dc=companyfoo,dc=com -o ldif-wrap=no -s sub 'uid=nworthington' userPassword sambaLMPassword sambaNTPassword uid
ldap_bind: Invalid credentials (49)

# Incorrect search attribute name:
nworthington@desk-nworthington:~ $ ldapsearch -D cn=manager,dc=companyfoo,dc=com -w FFFFFFF -x -H ldap://ldap.companyfoo.com:389 -b ou=users,dc=companyfoo,dc=com -o ldif-wrap=no -s sub 'uidWRONGFOO=nworthington' userPassword sambaLMPassword sambaNTPassword uid
# extended LDIF
#
# LDAPv3
# base <ou=users,dc=companyfoo,dc=com> with scope subtree
# filter: uidXXX=nworthington
# requesting: userPassword sambaLMPassword sambaNTPassword uid
#

# search result
search: 2
result: 0 Success

# numResponses: 1
Generated at Fri Apr 04 18:41:35 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.