Nagios core 4.3.4 LDAP and authorization

This forum is intended for the discussion of Nagios Core development. Feature requests, patches, bug fixes, and all types of development-related discussions are welcome!

NOTE: The SourceForge.net nagios-devel mailing list has been deprecated in favor of this forum in order to expedite support and provide additional features not available on the old mailing list.

Re: Nagios core 4.3.4 LDAP and authorization

Postby scottwilkerson » Wed Jun 13, 2018 4:26 pm

Here is the official documentation
https://assets.nagios.com/downloads/nag ... iauth.html

https://assets.nagios.com/downloads/nag ... _all_hosts

I guess in that you are correct I do not see in the documentation the ability to wildcard with a * so this:
Code: Select all
authorized_for_all_services=*
authorized_for_all_hosts=*


Would for all practical purposed equal
Code: Select all
authorized_for_all_services=
authorized_for_all_hosts=
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
User avatar
scottwilkerson
CTO
 
Posts: 9590
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises

Re: Nagios core 4.3.4 LDAP and authorization

Postby emi65 » Fri Jun 15, 2018 6:34 am

Hi Scott

WITH LDAP authentication
if I set in cgi.cg
authorized_for_all_services=
authorized_for_all_hosts=

and I set in the host1.cfg contact user1

.... the user1 see only the host1
-------------------------------------------------------------------------------
WITH PASSWD authentication
if I set in cgi.cg
authorized_for_all_services=*
authorized_for_all_hosts=*

and I set in the host1.cfg contact user1

.... the user1 see only the host1
--------------------------------------------------------------

so behavior of cgi.cfg is different when I use LDAP then PASSWD
(the * (star) is interpreted in different way)

Is this a bug ?

Thank
Emilio
emi65
 
Posts: 99
Joined: Fri Aug 17, 2012 3:41 am

Re: Nagios core 4.3.4 LDAP and authorization

Postby kyang » Fri Jun 15, 2018 3:13 pm

WITH LDAP authentication
if I set in cgi.cg
authorized_for_all_services=
authorized_for_all_hosts=

and I set in the host1.cfg contact user1

.... the user1 see only the host1
-------------------------------------------------------------------------------
WITH PASSWD authentication
if I set in cgi.cg
authorized_for_all_services=*
authorized_for_all_hosts=*

and I set in the host1.cfg contact user1

.... the user1 see only the host1
--------------------------------------------------------------


So either option allows user1 to view only host1?

I'll have to set up an LDAP server with Core to see if I'm seeing the same thing.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
kyang
Support Tech
 
Posts: 1786
Joined: Tue Jul 25, 2017 3:35 pm

Re: Nagios core 4.3.4 LDAP and authorization

Postby emi65 » Fri Jun 15, 2018 3:43 pm

Yes you are in rigth
In both case user1 see the host 1

but the difference is big because the behaviour of cgi.cfg is difference
WITH LDAP authentication
I have to set in cgi.cg
authorized_for_all_services=
authorized_for_all_hosts=

while WITH PASSWD authentication I have to set
authorized_for_all_services=*
authorized_for_all_hosts=*

This create another difference
WITH LDAP the user2 can NOT see any hosts
WITH PASSWD the user2 can see ALL hosts

The * (star) in cgi.cfg has a differente behaviour when I use LDAP then when I use PASSWD

I like to get this situation
Use LDAP
show one or limited number of hosts to user1
show ALL hosts for all other users (user1,user2,user3 ..... user999)
set in cgi.cfg
authorized_for_all_services=*
authorized_for_all_hosts=*

Does it possible to get this behaviour ?

Regards
Emilio
emi65
 
Posts: 99
Joined: Fri Aug 17, 2012 3:41 am

Re: Nagios core 4.3.4 LDAP and authorization

Postby kyang » Mon Jun 18, 2018 10:20 am

Thanks for the explanation,

Please understand that I am currently trying this integration with Core when I have time.

I'll be using this information to see if I can recreate it on my end.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.

Be sure to check out our Knowledgebase for helpful articles and solutions!
User avatar
kyang
Support Tech
 
Posts: 1786
Joined: Tue Jul 25, 2017 3:35 pm

Previous

Return to Nagios Core Development

Who is online

Users browsing this forum: No registered users and 5 guests