Instead of adding users one at a time from our LDAP (Active Directory), is there a way to authorize a Security Group so that anyone who is a member of that group has access based on the setup in XI?
I've searched a bit on the internet but can't find anything - at least nothing recent - to suggest it can or can't be done.
Allow LDAP Group Access to XI
Re: Allow LDAP Group Access to XI
Hi @AngeloMileto,
I don't believe that functionality exists within XI currently. You do have the ability to select all entities within a given OU, which displays as a folder within the interface, so you could try and work around that limitation by putting all users within the group you want to add into a specific OU and then add it as a batch action.
I do see the utility of what you're suggesting however, and I've created an issue to investigate enhancing our LDAP functionality with this in mind.
I don't believe that functionality exists within XI currently. You do have the ability to select all entities within a given OU, which displays as a folder within the interface, so you could try and work around that limitation by putting all users within the group you want to add into a specific OU and then add it as a batch action.
I do see the utility of what you're suggesting however, and I've created an issue to investigate enhancing our LDAP functionality with this in mind.
-
AngeloMileto
- Posts: 70
- Joined: Mon Mar 21, 2022 7:53 am
Re: Allow LDAP Group Access to XI
Thanks for submitting the request. To your knowledge, are there any powershell hooks into XI for authentication? I'm wondering if I could script something to update the users list in XI from a powershell script running periodically.
Alternatively, is there a documentation on the SQL commands to update the tables from a bash script? Might be able to query the AD group from bash and then add/remove users in the XI database on a scheduled basis/cron.
Thanks again!
Alternatively, is there a documentation on the SQL commands to update the tables from a bash script? Might be able to query the AD group from bash and then add/remove users in the XI database on a scheduled basis/cron.
Thanks again!
-
AngeloMileto
- Posts: 70
- Joined: Mon Mar 21, 2022 7:53 am
Re: Allow LDAP Group Access to XI
No suggestions? I didn't want to tear apart the web code to figure it out if there was a simple API/db query way to do it.
Re: Allow LDAP Group Access to XI
Hi AngeloMileto,
It sounds like the XI Auth Tokens through the REST API might be helpful with what you're trying to accomplish.
The documentation with examples for this can be found in your Nagios XI instance web interface along the following path: http://<XI.Server.IP>/nagiosxi/help/ under Developer Docs -> Auth Tokens.
It sounds like the XI Auth Tokens through the REST API might be helpful with what you're trying to accomplish.
The documentation with examples for this can be found in your Nagios XI instance web interface along the following path: http://<XI.Server.IP>/nagiosxi/help/ under Developer Docs -> Auth Tokens.
Cheers,
- Cole
- Cole
-
AngeloMileto
- Posts: 70
- Joined: Mon Mar 21, 2022 7:53 am
Re: Allow LDAP Group Access to XI
Cole,
Appreciate the suggestion but that would only accomplish actual logons. What is lacking is the ability to update the authenticated users table based on an Active Directory Group. So I was thinking since PowerShell can get all users in a given OU/Group, that could be compared to the list in Nagios's database and adjusted as necessary - adding or deleting based on the Group.
I'll probably end up tearing into the we interface section that's actually adding and deleting users and write my own.
Appreciate the suggestion but that would only accomplish actual logons. What is lacking is the ability to update the authenticated users table based on an Active Directory Group. So I was thinking since PowerShell can get all users in a given OU/Group, that could be compared to the list in Nagios's database and adjusted as necessary - adding or deleting based on the Group.
I'll probably end up tearing into the we interface section that's actually adding and deleting users and write my own.