LDAP authentication

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Mahantesh
Posts: 8
Joined: Mon Dec 03, 2018 12:27 am

LDAP authentication

Post by Mahantesh »

Hi,

I need to use AD-LDAP auhentication for Nagios web Sign-in access; but do not want to write AD user credentials in the nagios.conf file or any other nagios file.

In AD, I would create a group (nagios_users) of 5 users for those the Nagios access to be enabled upon authentication through LDAP
ssax
Dreams In Code
Posts: 7682
Joined: Wed Feb 11, 2015 12:54 pm

Re: LDAP authentication

Post by ssax »

Here is what works for me:

Code: Select all

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
	 Options ExecCGI
	 AllowOverride None
	 Order allow,deny
	 Allow from all

# AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=Your User,CN=Users,DC=contoso,DC=local"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://192.168.X.X/CN=Users,DC=contoso,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "contoso Authentication"
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group CN=nagios_users,CN=Users,DC=contoso,DC=local
	 Require valid-user
	 Require all denied
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
	 Options None
	 AllowOverride None
	 Order allow,deny
	 Allow from all

# AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=Your User,CN=Users,DC=contoso,DC=local"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://192.168.X.X/CN=Users,DC=contoso,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "contoso Authentication"
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group CN=nagios_users,CN=Users,DC=contoso,DC=local
	 Require valid-user
	 Require all denied
</Directory>
What version of apache are you running? I'm pretty sure you need the bind password in there though, I don't think it'll work without it unless your admins can disable the bind authentication requirement.
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: LDAP authentication

Post by cdienger »

Code: Select all

AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
you don't want to use groupname here. This should be a DN(distinguished name) of an account and this:

Code: Select all

AuthLDAPBindPassword "Admin Password"
is the password for that account.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Locked