Is it possible to have Nagios XI authorize UI access based on user membership in an LDAP/AD group?
Ie. Bob is allowed access because he is a member of the Nagios group.
(&(userPrincipalName=Bob)(memberOf=cn=nagiosGroup,ou=groups,dc=domain,dc=com))
Thx.
Nagios XI Authorization via LDAP group membership
-
markmerchant
- Posts: 65
- Joined: Tue Oct 17, 2017 8:38 am
-
kyang
Re: Nagios XI Authorization via LDAP group membership
Have you run through our documentation on authenticating and importing LDAP/AD users?
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
You could definitely import that user, and then give him specific security settings that pertain to what that user is authorized to do in XI .
Here's all of our other documentation on Multi-tenancy and user rights in case you need it.
https://assets.nagios.com/downloads/nag ... Rights.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Let us know if this helps!
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
You could definitely import that user, and then give him specific security settings that pertain to what that user is authorized to do in XI .
Here's all of our other documentation on Multi-tenancy and user rights in case you need it.
https://assets.nagios.com/downloads/nag ... Rights.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Let us know if this helps!
-
markmerchant
- Posts: 65
- Joined: Tue Oct 17, 2017 8:38 am
Re: Nagios XI Authorization via LDAP group membership
We don't to have to manage hundreds of users. We would rather have an
LDAP groups for read-only, and maybe a few others that allow read-write
on specific groups.
Another issue, how do I get past the LDAP paging? I'm stuck with the first
1000 users that appear. Can they be filtered? Even a ( one time ) LDIF
import would be ok.
Thx.
LDAP groups for read-only, and maybe a few others that allow read-write
on specific groups.
Another issue, how do I get past the LDAP paging? I'm stuck with the first
1000 users that appear. Can they be filtered? Even a ( one time ) LDIF
import would be ok.
Thx.
-
kyang
Re: Nagios XI Authorization via LDAP group membership
A while back, there was a request to have LDAP groups as an import option/auth into XI rather than a single user.
Unfortunately, this was turned down and is not in the works.
As for the LDAP paging of 1000 users, there is a feature request to sort these users A-Z as a method. But, there is no exact ETA, and since it's a feature request I cannot guarantee it will be implemented.
We are currently working on XI 5.5, after that time I'm sure there will be a discussion on feature requests but as of now, I cannot say.
Unfortunately, this was turned down and is not in the works.
As for the LDAP paging of 1000 users, there is a feature request to sort these users A-Z as a method. But, there is no exact ETA, and since it's a feature request I cannot guarantee it will be implemented.
We are currently working on XI 5.5, after that time I'm sure there will be a discussion on feature requests but as of now, I cannot say.
-
markmerchant
- Posts: 65
- Joined: Tue Oct 17, 2017 8:38 am
Re: Nagios XI Authorization via LDAP group membership
Can I enter the user names in a local file, and have them authenticate against the directory? Thx.
Re: Nagios XI Authorization via LDAP group membership
Sorry, there is not a way to add uses from a file and authenticate to the directory.
The 1000 user limit could be a limit set on your LDAP server.
There is a limit set in Active Directory which can be increased by following the instructions at the bottom of this KB article.
https://support.nagios.com/kb/article/a ... n-600.html
If we knew what your LDAP server is running, we may be able to find instructions on increasing the search.
The 1000 user limit could be a limit set on your LDAP server.
There is a limit set in Active Directory which can be increased by following the instructions at the bottom of this KB article.
https://support.nagios.com/kb/article/a ... n-600.html
If we knew what your LDAP server is running, we may be able to find instructions on increasing the search.
Be sure to check out our Knowledgebase for helpful articles and solutions!