Troubleshooting
Problem
Due to the authentication modules deprecation in QRadar®, the administrators must configure an alternative authentication such as Lightweight Directory Access Protocol (LDAP) to authenticate to QRadar®
In the LDAP Authentication tab in the QRadar® UI, a pop-up window displays the following error message:
Symptom
Cause
The LDAP server certificate is not present or was removed from the /opt/qradar/conf/trusted_certificates/ directory.
Environment
QRadar® 7.3.x and later
Diagnosing The Problem
- Log in to QRadar® as an administrator.
- Click the Admin tab.
- Click Authentication.
- Review the General Authentication Setting tab to determine whether LDAP is configured.
- Ensure that LDAP is configured with the following parameters:
- LDAP port is set to 389 at the URL
Note: Secure LDAP uses port 636 as default, and insecure LDAP uses port 389 as default. Substitute the appropriate ports to match the LDAP server ports. - SSL Connection is set to false
- TLS Authentication is set to true
- LDAP port is set to 389 at the URL
Resolving The Problem
- Using SSH, log in to the system as the root user.
- Type the following command to navigate to the right directory:
cd /opt/qradar/conf/trusted_certificates
- Run the following command to pull the LDAP certificate from the LDAP server.
Note: Replace “ldap_host.example.com” with the ldap server FQDN or IP.
Note: Replace “ad_ldap_server.pem” with your preferred name ending with ".pem" extension. The ".pem" extension is mandatory.
openssl s_client -connect ldap_host.example.com:636 -showcerts </dev/null 2>/dev/null | openssl x509 -outform pem > ad_ldap_server.pem
- Verify that the certificate was pulled with the ls command.
[root@qradar01-console trusted_certificates]# ls -l -rw-rw-r-- 1 nobody nobody 2569 Oct 6 2019 external-scanner_qradar_ibmcloud_com.crt -rw-r--r-- 1 root root 2195 Sep 1 14:31 ldap_server.pem -rw-r--r-- 1 root root 1147 Jun 22 18:42 syslog-tls.cert -rw-r--r-- 1 root root 1704 Jun 22 18:42 syslog-tls.key
- Test again on the UI.
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
20 November 2020
UID
ibm16324869