NagiosFusion and LDAP authentication

[65mustang4me]

I was wondering if LDAP authentication is supported for NagiosFusion? I have Nagios XI working with the LDAP authentication component and I would like to use the same for NagiosFusion.


Thanks!

[yancy]

Nagios Fusion uses session authentication to connect to NagiosXI. If NagiosXI uses LDAP to authenticate credentials, those credentials can be used when setting up Nagios Fusion.

In otherwords, if LDAP is setup on NagiosXI, you just point NagiosFusion to NagiosXI using a valid login (which when then be validated against LDAP). Hopefully that helps answer your question.

Here is instructions on setting up authentication type for NagiosFusion:

http://assets.nagios.com/downloads/nagi ... tarted.pdf

[65mustang4me]

I already have "session" based authentication between NagiosFusion and Nagios XI. What I'm looking for is LDAP authentication for Fusion itself.
I'm currently running Fusion on a separate server. I would like to add users to Fusion, but have them authenticate against our LDAP systems.

With Nagios XI, you have the LDAP Authentication component which works great. You have to create a local Nagios XI user, but the password can be maintained via LDAP. I want to be able to do the same on Fusion.

I tried to install the LDAP component in Fusion. It installs, but then complains that its not Nagios XI. When I try and use it anyway it fails to log me in.

[mguthrie]

This component will probably have to be modified to work with Fusion. I'll have to check and see if it would just be some simple component mods that need to be made, or if additional work needs to be added in Fusion as well.

[65mustang4me]

Any update on this? I'm ready to start using this in a Production setting and would really like to use LDAP authentication if possible.

[mguthrie]

As with the proxy component, the support for this can be rolled into our new 2012 release, which is currently in public beta, but should be in production very soon. We're actually just awaiting some user feedback on it. I'll look at adding support for this in the Fusion code and if it needs a Fusion specific component we'll get that released.

http://labs.nagios.com/2012/06/08/nagio ... available/

[JessieBryan]

Fusion LDAP Auth works for me, after I installed the LDAP/PHP dependancies on the VMware appliance

[slansing]

Thanks for the tips! Glad to hear its working for you.

[JessieBryan]

Thanks for the tips! Glad to hear its working for you.

Sure thing. Now if we could have better auth management between fusion and nagiosxi then I'd consider buying Fusion. Currently, the NagiosXI server has it's own AUTH LDAP, but when landing on the Fusion server first, then clicking onto the NagiosXI server from Fusion, we are auto-logged in as nagiosadmin (based on the server credentials). I don't know if this implementation is permanent, but having it this way doesn't allow us to use Fusion with multiple users (since the identity is changed to nagiosadmin once they click on the XI Server)

[sreinhardt]

That is a nice catch! So as I see it, you would like fusion to use the session or login information from it, on a per user basis to also authenticate with XI when passing into the other server. I would agree that this is how it should be. Let us talk to the dev staff and see what we can come up with! To some extent this is a privilege escalation issue as well. One question, would you use the same credentials from fusion and XI, or expect them to be different? I would see it as fusion keeps a local short term authentication token that when expired or with a new user is pulled from a valid XI server. This way sessions can be passed as they are now, but a per user basis and without additional login.