Page 1 of 1

AD ldap authentication

Posted: Fri May 31, 2019 12:48 am
by Pitone_Maledetto
Hi all,
I am running NagiosĀ® Coreā„¢ 4.2.1 on a Debian Jessie 8.7 server.
I am trying to implement personal logins via Active Directory.
Could you please tell me what apache2 modules I need in order to make the following configuration work?

Code: Select all

AuthBasicProvider ldap
AuthLDAPURL ldap://myactivedirectory_ip:389/CN=Administrators,CN=User Accounts,DC=domain,dc=com?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN "cn=svc-ldap,cn=ServiceAccounts,DC=domain,dc=com"
AuthLDAPBindPassword svc-ldap_password
At the moment I get an error in apache2 reload and the following when trying to list enabled modules(apache2ctl -M):

Code: Select all

AH00526: Syntax error on line 22 of /etc/apache2/sites-enabled/nagios.conf:
Unknown Authn provider: ldap
Action '-M' failed.
The Apache error log may have more information.
Thank you in advance.
Regards

Re: AD ldap authentication

Posted: Fri May 31, 2019 2:35 am
by Pitone_Maledetto
So,
Now I have enabled ldap_module (shared) and authnz_ldap_module (shared)

I have added the following to the configuration

Code: Select all

LDAPTrustedMode NONE
AuthzLDAPAuthoritative on
and deleted the :389 port from the AuthLDAPURL directive.

Now I get the following error although LDAPTrustedMode NONE:

Invalid LDAP connection mode setting: must be one of NONE, SSL, or TLS/STARTTLS

Re: AD ldap authentication

Posted: Fri May 31, 2019 4:30 am
by Pitone_Maledetto
Hi admins,
I appreciate this is an apache2 question/issue more than it is a Nagios one, therefore please feel free to close the thread.
Thanks

Re: AD ldap authentication

Posted: Fri May 31, 2019 8:45 am
by mcapra

Re: AD ldap authentication

Posted: Fri May 31, 2019 9:52 am
by Pitone_Maledetto
Thank you @mcapra
I will try on Monday.
Regards

Re: AD ldap authentication

Posted: Fri May 31, 2019 1:01 pm
by scottwilkerson
Pitone_Maledetto wrote:Hi admins,
I appreciate this is an apache2 question/issue more than it is a Nagios one, therefore please feel free to close the thread.
Thanks
Will do.

Closing