No idea what to put in LDAP fields inside Setup Wizard

I’m trying to configure LDAP access in the Web Setup Wizard. I can run the following command to show the new icinga2 POSIX group I created for Icinga access (so far it’s just me in it):

$ ldapsearch -h ldap -o ldif-wrap=no -b "ou=groups,ou=<Project LDAP group>,ou=projects,dc=dir,dc=my,dc=do,dc=main" -x -LLL "cn=icinga2"

dn: cn=icinga2,ou=groups,ou=<Project LDAP group>,ou=Projects,dc=dir,dc=my,dc=do,dc=main
memberUid: riotnrrrd
gidNumber: 10515
description: Icinga 2 Web access
objectClass: top
objectClass: posixGroup
cn: icinga2

but no matter what I put in the fields in the Setup Wizard, it rejects the Validation step.

The only thing that works is a basic

Backend Type * LDAP
Backend Name * icingaweb2
LDAP Connection * icingaweb_ldap

LDAP User Object Class * inetOrgPerson
LDAP Filter
LDAP User Name Attribute * uid
LDAP Base DN ou=<Project LDAP group>,ou=projects,dc=dir,dc=my,dc=do,dc=main

but that returns “209 people found in backend” under <Project LDAP group>.

If I change any of these fields, the Verification step yields an error.

Looking at the current Authentication documentation, it shows a filter being used in authentication.ini.

If I try to use said filter (modified for my environment) in the LDAP Filter part of the Setup Wizard

"memberOf=cn=icinga2,cn=groups,cn=<Project LDAP group>,cn=projects,dc=dir,dc=my,dc=do,dc=main"

I get

Failed to successfully validate the configuration: LDAP query "(&("memberOf=cn=icinga2,cn=groups,cn=<Project LDAP group>,cn=projects,dc=dir,dc=my,dc=do,dc=main")(objectClass=inetOrgPerson))" (base ou=<Project LDAP group>,ou=projects,dc=dir,dc=my,dc=do,dc=main) failed. Error: Bad search filter

I don’t get it. What am I doing wrong?? :disappointed:


Please try to omit the quotation marks:

memberOf=cn=icinga2,cn=groups,cn=<Project LDAP group>,cn=projects,dc=dir,dc=my,dc=do,dc=main


Hi @homerjay ,
I tried that but I got the same failed result :frowning:
I think I am just going to give up and use “Database” instead of “LDAP” for Auth in the Setup Wizard.

We did use DB first and configured LDAP later.
I think it’s always wise to have one admin account that is as local as possible.

Hi @rivad ,
Yes I agree with you, a local admin is a good idea.