Hi
I'm using Nagios Core 4.4.14
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built: Apr 28 2023 16:54:19
I enable LDAP authentication using LDAP GROUP to validate access
I put in /etc/httpd/conf.d/nagios.conf
...
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group cn=ADGroup1,OU=XXXX,OU=XXXX,OU=XXXX,DC=sedi,DC=group
....
so I enable the user belong to ADGroup1 to get in nagios web interface
In the cgi.cfg I configured
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*
In this way all users inside the AD group ADGroup1 are enable to get in Nagios see and operate on all host and services
Now I want to configure a ADGroup2 to see only 3 specific servers
If I work with local user I have to create User1 and I set as contact of these 3 server the User1
In this way when the user1 log in nagios , he is able to see srv1 , srv2 and srv3
NOW I work with LDAP Authentication
What I need to do in order to authorize LDAP group ADGroup2 to see only srv1 , srv2 and srv3
Someone could help me ?
regards
Emilio
Nagios and LDAP auhentication e authorization
Re: Nagios and LDAP auhentication e authorization
in this forum I found
viewtopic.php?t=26488
where are mentioned these directives to set in CGI.cfg file
Are correct ?
authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=
viewtopic.php?t=26488
where are mentioned these directives to set in CGI.cfg file
Are correct ?
authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=
-
- Posts: 226
- Joined: Wed Aug 23, 2023 11:29 am
Re: Nagios and LDAP auhentication e authorization
Hi @emi65,
I am not familiar with this issue in particular, but is there any reason you cannot try this solution? My recommendation is to give this answer a try and let us know if it doesn't work.
Thank you!
I am not familiar with this issue in particular, but is there any reason you cannot try this solution? My recommendation is to give this answer a try and let us know if it doesn't work.
Thank you!
Re: Nagios and LDAP auhentication e authorization
Hi gwesteman
I solved the authorization problem by contact_group using this directive in cgi.cfg
authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=
Now I got another problem because the contact are case sensitive and using LDAP windows authentication the problem of the user
name upper or lower case is strong important
I described the problem in github issue
https://github.com/NagiosEnterprises/na ... ssues/1016
thanks
Emilio
I solved the authorization problem by contact_group using this directive in cgi.cfg
authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=
Now I got another problem because the contact are case sensitive and using LDAP windows authentication the problem of the user
name upper or lower case is strong important
I described the problem in github issue
https://github.com/NagiosEnterprises/na ... ssues/1016
thanks
Emilio
-
- Posts: 226
- Joined: Wed Aug 23, 2023 11:29 am
Re: Nagios and LDAP auhentication e authorization
Hi @emi65,
Thanks for digging into this and making an issue.
When any updates on this are made, your issue will be referenced. If it is resolved, it will be reference in the changelog.
Thank you!
Thanks for digging into this and making an issue.
When any updates on this are made, your issue will be referenced. If it is resolved, it will be reference in the changelog.
Thank you!