Nagios and LDAP auhentication e authorization

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Post Reply
emi65
Posts: 127
Joined: Fri Aug 17, 2012 3:41 am

Nagios and LDAP auhentication e authorization

Post by emi65 »

Hi
I'm using Nagios Core 4.4.14
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built: Apr 28 2023 16:54:19

I enable LDAP authentication using LDAP GROUP to validate access
I put in /etc/httpd/conf.d/nagios.conf
...
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group cn=ADGroup1,OU=XXXX,OU=XXXX,OU=XXXX,DC=sedi,DC=group
....

so I enable the user belong to ADGroup1 to get in nagios web interface
In the cgi.cfg I configured
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

In this way all users inside the AD group ADGroup1 are enable to get in Nagios see and operate on all host and services

Now I want to configure a ADGroup2 to see only 3 specific servers

If I work with local user I have to create User1 and I set as contact of these 3 server the User1
In this way when the user1 log in nagios , he is able to see srv1 , srv2 and srv3

NOW I work with LDAP Authentication
What I need to do in order to authorize LDAP group ADGroup2 to see only srv1 , srv2 and srv3

Someone could help me ?
regards
Emilio
emi65
Posts: 127
Joined: Fri Aug 17, 2012 3:41 am

Re: Nagios and LDAP auhentication e authorization

Post by emi65 »

in this forum I found
viewtopic.php?t=26488

where are mentioned these directives to set in CGI.cfg file

Are correct ?

authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=
gwesterman
Posts: 226
Joined: Wed Aug 23, 2023 11:29 am

Re: Nagios and LDAP auhentication e authorization

Post by gwesterman »

Hi @emi65,

I am not familiar with this issue in particular, but is there any reason you cannot try this solution? My recommendation is to give this answer a try and let us know if it doesn't work.

Thank you!
emi65
Posts: 127
Joined: Fri Aug 17, 2012 3:41 am

Re: Nagios and LDAP auhentication e authorization

Post by emi65 »

Hi gwesteman

I solved the authorization problem by contact_group using this directive in cgi.cfg
authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=

Now I got another problem because the contact are case sensitive and using LDAP windows authentication the problem of the user
name upper or lower case is strong important

I described the problem in github issue

https://github.com/NagiosEnterprises/na ... ssues/1016

thanks
Emilio
gwesterman
Posts: 226
Joined: Wed Aug 23, 2023 11:29 am

Re: Nagios and LDAP auhentication e authorization

Post by gwesterman »

Hi @emi65,

Thanks for digging into this and making an issue.

When any updates on this are made, your issue will be referenced. If it is resolved, it will be reference in the changelog.

Thank you!
Post Reply