AD Authentication Integration

This support forum board is for support questions relating to Nagios XI, our flagship commercial network monitoring solution.
Locked
TCBeekley
Posts: 20
Joined: Thu May 26, 2016 6:40 am

AD Authentication Integration

Post by TCBeekley »

Hello!

When integrated with AD for user authentication, what query does Nagios use against AD? Our AD admin would like to know what the query is prior to granting us a bind ID. We have a very large organization and they want to make sure there isn't an issue when run against our AD.

Thanks!
Top
SteveBeauchemin
Posts: 524
Joined: Mon Oct 14, 2013 7:19 pm

Re: AD Authentication Integration

Post by SteveBeauchemin »

Good question.

My company has an AD with more than 25K users. The company has more than 20 thousand employees and add 10k more.

I use AD auth and we have no issues. So using AD is not a problem for me.

But I would be curious to see the same information.

Steve B
XI 5.7.3 / Core 4.4.6 / NagVis 1.9.8 / LiveStatus 1.5.0p11 / RRDCached 1.7.0 / Redis 3.2.8 /
SNMPTT / Gearman 0.33-7 / Mod_Gearman 3.0.7 / NLS 2.0.8 / NNA 2.3.1 /
NSClient 0.5.0 / NRPE Solaris 3.2.1 Linux 3.2.1 HPUX 3.2.1
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: AD Authentication Integration

Post by mcapra »

We just throw things at the adLDAP library, which runs everything through ldap_search basically. Here's a pretty print of the returned object for a given set of directories:

Code: Select all

array (
  'count' => 12,
  0 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'builtinDomain',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Builtin,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Builtin,DC=DOMAIN,DC=local',
  ),
  1 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Computers,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Computers,DC=DOMAIN,DC=local',
  ),
  2 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'organizationalUnit',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'OU=Domain Controllers,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'OU=Domain Controllers,DC=DOMAIN,DC=local',
  ),
  3 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=local',
  ),
  4 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'infrastructureUpdate',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Infrastructure,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Infrastructure,DC=DOMAIN,DC=local',
  ),
  5 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'lostAndFound',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=LostAndFound,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=LostAndFound,DC=DOMAIN,DC=local',
  ),
  6 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Managed Service Accounts,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Managed Service Accounts,DC=DOMAIN,DC=local',
  ),
  7 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'msDS-QuotaContainer',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=NTDS Quotas,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=NTDS Quotas,DC=DOMAIN,DC=local',
  ),
  8 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Program Data,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Program Data,DC=DOMAIN,DC=local',
  ),
  9 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=System,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=System,DC=DOMAIN,DC=local',
  ),
  10 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'msTPM-InformationObjectsContainer',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=TPM Devices,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=TPM Devices,DC=DOMAIN,DC=local',
  ),
  11 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Users,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Users,DC=DOMAIN,DC=local',
  ),
)
Though this doesn't tell you the query, it tells you some of the filters being used and the things being examined.
Former Nagios employee
https://www.mcapra.com/
Top
Locked

Return to “Nagios XI”