I'm tying to migrate my old nagios server to a debian 9 / Nagios 4.3.4 server.
The only thing i can't use anymore is ldap authentication.
The apache auth seems to be working fine as i get access to web page with "Logged in as mysuser", but i can't get any info from status.cgi :
"It appears as though you do not have permission to view information for any of the services you requested..."
My apache configuration :
Code: Select all
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindAuthoritative on
AuthBasicProvider ldap
AuthLDAPUrl ldap://ldap.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPUrl ldap://ldap-backup.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=supervision,ou=groupes,dc=mydomain,dc=net
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindAuthoritative on
AuthBasicProvider ldap
AuthLDAPUrl ldap://ldap.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPUrl ldap://ldap-backup.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=supervision,ou=groupes,dc=mydomain,dc=net
Require valid-user
</IfVersion>
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
Options None
AllowOverride None
<IfVersion >= 2.3>
<RequireAll>
Require all granted
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindAuthoritative on
AuthBasicProvider ldap
AuthLDAPUrl ldap://ldap.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPUrl ldap://ldap-backup.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=supervision,ou=groupes,dc=mydomain,dc=net
Require valid-user
</RequireAll>
</IfVersion>
<IfVersion < 2.3>
Order allow,deny
Allow from all
AuthType Basic
AuthName "Restricted access"
AuthLDAPBindAuthoritative on
AuthBasicProvider ldap
AuthLDAPUrl ldap://ldap.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPUrl ldap://ldap-backup.mydomain.net/ou=utilisateurs,dc=mydomain,dc=net
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=supervision,ou=groupes,dc=mydomain,dc=net
Require valid-user
</IfVersion>
</Directory>
Code: Select all
(...)
use_authentication=1
use_ssl_authentication=0
default_user_name=myuser
authorized_for_system_information=myuser
authorized_for_configuration_information=myuser
authorized_for_system_commands=myuser
authorized_for_all_services=myuser
authorized_for_all_hosts=myuser
authorized_for_all_service_commands=myuser
authorized_for_all_host_commands=myuser
Does anyone has an any idea ?