I’m trying to configure LDAP access in the Web Setup Wizard. I can run the following command to show the new icinga2 POSIX group I created for Icinga access (so far it’s just me in it):
$ ldapsearch -h ldap -o ldif-wrap=no -b "ou=groups,ou=<Project LDAP group>,ou=projects,dc=dir,dc=my,dc=do,dc=main" -x -LLL "cn=icinga2"
dn: cn=icinga2,ou=groups,ou=<Project LDAP group>,ou=Projects,dc=dir,dc=my,dc=do,dc=main
memberUid: riotnrrrd
gidNumber: 10515
description: Icinga 2 Web access
objectClass: top
objectClass: posixGroup
cn: icinga2
but no matter what I put in the fields in the Setup Wizard, it rejects the Validation step.
The only thing that works is a basic
Backend Type * LDAP
Backend Name * icingaweb2
LDAP Connection * icingaweb_ldap
LDAP User Object Class * inetOrgPerson
LDAP Filter
LDAP User Name Attribute * uid
LDAP Base DN ou=<Project LDAP group>,ou=projects,dc=dir,dc=my,dc=do,dc=main
Domain my.do.main
but that returns “209 people found in backend” under <Project LDAP group>.
If I change any of these fields, the Verification step yields an error.
Looking at the current Authentication documentation, it shows a filter being used in authentication.ini.
If I try to use said filter (modified for my environment) in the LDAP Filter part of the Setup Wizard
"memberOf=cn=icinga2,cn=groups,cn=<Project LDAP group>,cn=projects,dc=dir,dc=my,dc=do,dc=main"
I get
Failed to successfully validate the configuration: LDAP query "(&("memberOf=cn=icinga2,cn=groups,cn=<Project LDAP group>,cn=projects,dc=dir,dc=my,dc=do,dc=main")(objectClass=inetOrgPerson))" (base ou=<Project LDAP group>,ou=projects,dc=dir,dc=my,dc=do,dc=main) failed. Error: Bad search filter
I don’t get it. What am I doing wrong?? 
