Here's what I've done so far:
1: nagios.conf - Modified for LDAPS (see below attached file)
2: ldap.conf - Added the following lines:
Code: Select all
HOST "hostname"
PORT 636
TLS_CACERT /etc/httpd/conf.d/rootcert.pem
TLS_REQCERT never
Code: Select all
openssl x509 -inform der -in rootcert.cer -out rootcert.pem
Code: Select all
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative on
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN off
AuthName "Active Directory Login 1"
AuthLDAPURL "ldaps://[myActiveDirServerName]:636/DC=[dc1],DC=[dc2],DC=[dc3],DC=[dc4]?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=nagiosadmin,OU=[ou1],OU=[ou2],OU=[ou3],DC=[dc1],DC=[dc2],DC=[dc3],dc=[dc4]"
AuthLDAPBindPassword [passwd]
Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative on
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN off
AuthName "Active Directory Login 2"
AuthLDAPURL "ldaps://[myActiveDirServerName]:636/DC=[dc1],DC=[dc2],DC=[dc3],DC=[dc4]?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=nagiosadmin,OU=[ou1],OU=[ou2],OU=[ou3],DC=[dc1],DC=[dc2],DC=[dc3],dc=[dc4]"
AuthLDAPBindPassword [passwd]
Require valid-user
</Directory>