Nagios Support Forum

Hello all, I was recently tasked with allow nagios to authenticate with an LDAP group but also allow local authenticated in the scenario where LDAP is not reachable. I was wondering if someone with knowledge could let me know if the following is correct. I can SUCCESSFULLY log into LDAP but I can't log in with local user credentials. I have three local credentials and they were all working before I did this change:


ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"

<Directory "/usr/lib64/nagios/cgi-bin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthBasicProvider "ldap"
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://<server_name>/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ldap-group cn=nagios,ou=Group,dc=<domain,dc=<domain>
</Directory>

Alias /nagios "/usr/share/nagios/html"

<Directory "/usr/share/nagios/html">
# SSLRequireSSL
Options None
AllowOverride None
AuthBasicProvider "ldap"
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://server_name/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ld

FYI, I changed to permission * in the cgi file to allow authentication.

thanks in advance!

I believe you can change this to

thanks for quick reply scott.

I did the change, however the change didn't seem to change anything. my local accounts still don't have permissions to log into Nagios while my LDAP username worked like a charm. with your suggestion, this is what i'm working with now:

ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin"

<Directory "/usr/lib64/nagios/cgi-bin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://<server_name>/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ldap-group cn=nagios,ou=Group,dc=<domain,dc=<domain>
</Directory>

Alias /nagios "/usr/share/nagios/html"

<Directory "/usr/share/nagios/html">
# SSLRequireSSL
Options None
AllowOverride None
AuthBasicProvider ldap file
AuthzLDAPAuthoritative off
Order deny,allow
Allow from all
# Allow from 127.0.0.1
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/htpasswd.users
AuthLDAPURL "ldap://server_name/ou=People,dc=<domain>,dc=<domain>?uid"
Require valid-user
Require ld

then I restarted the nagios and httpd service.

thanks again

I don't want to sound like we're pushing you away, but have you asked at the Apache forums? We're not really experts in Apache here and I'm certain they would have more knowledge of things like this.

That is a great idea, i'll also post on their website; but I can't possibly be the only person who wanted to set up a local account along with LDAP authentication for Nagios. I feel like they will just reply as you did and say "post on a nagios forum."

if they give me the answer, i'll be sure to post it here. but if anyway on this site could help, that would be greatly appreciated.

Here's what works for me (I do the same as you want to). I have this in the .htaccess file:
AuthType Basic
AuthName "Nagios"
AuthBasicProvider file ldap
AuthLDAPUrl ldap://xxxxxx:3268/dc=xxxxx,dc=xxxxx,dc=xxxxx?sAMAccountName?sub?(objectClass=*)
AuthLDAPBindDN cn=xxxxx,OU=xxxxxx,DC=xxxx,DC=xxxxx,DC=xxxxx
AuthLDAPBindPassword xxxxxxx
AuthzLDAPAuthoritative off
AuthUserFile /usr/local/nagios/etc/htpasswd
Require valid-user

My apache conf:
<Directory /usr/local/nagios>
AllowOverride AuthConfig
</Directory>

<Directory /usr/local/nagios/sbin>
AllowOverride AuthConfig
</Directory>

@sobedrinker42

Does the wfournier's solution work for you?

yes that worked perfectly. Thank you wfournier and everyone else who helped me with my issue!