Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

AD Authentication Integration

https://support.nagios.com/forum/viewtopic.php?t=42859

Page 1 of 1

AD Authentication Integration

Posted: Wed Mar 08, 2017 9:49 am
by TCBeekley
Hello!

When integrated with AD for user authentication, what query does Nagios use against AD? Our AD admin would like to know what the query is prior to granting us a bind ID. We have a very large organization and they want to make sure there isn't an issue when run against our AD.

Thanks!

Re: AD Authentication Integration

Posted: Wed Mar 08, 2017 10:35 am
by SteveBeauchemin
Good question.

My company has an AD with more than 25K users. The company has more than 20 thousand employees and add 10k more.

I use AD auth and we have no issues. So using AD is not a problem for me.

But I would be curious to see the same information.

Steve B

Re: AD Authentication Integration

Posted: Wed Mar 08, 2017 6:04 pm
by mcapra
We just throw things at the adLDAP library, which runs everything through ldap_search basically. Here's a pretty print of the returned object for a given set of directories:

Code: Select all

array (
  'count' => 12,
  0 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'builtinDomain',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Builtin,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Builtin,DC=DOMAIN,DC=local',
  ),
  1 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Computers,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Computers,DC=DOMAIN,DC=local',
  ),
  2 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'organizationalUnit',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'OU=Domain Controllers,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'OU=Domain Controllers,DC=DOMAIN,DC=local',
  ),
  3 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=ForeignSecurityPrincipals,DC=DOMAIN,DC=local',
  ),
  4 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'infrastructureUpdate',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Infrastructure,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Infrastructure,DC=DOMAIN,DC=local',
  ),
  5 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'lostAndFound',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=LostAndFound,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=LostAndFound,DC=DOMAIN,DC=local',
  ),
  6 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Managed Service Accounts,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Managed Service Accounts,DC=DOMAIN,DC=local',
  ),
  7 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'msDS-QuotaContainer',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=NTDS Quotas,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=NTDS Quotas,DC=DOMAIN,DC=local',
  ),
  8 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Program Data,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Program Data,DC=DOMAIN,DC=local',
  ),
  9 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=System,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=System,DC=DOMAIN,DC=local',
  ),
  10 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'msTPM-InformationObjectsContainer',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=TPM Devices,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=TPM Devices,DC=DOMAIN,DC=local',
  ),
  11 => 
  array (
    'objectclass' => 
    array (
      'count' => 2,
      0 => 'top',
      1 => 'container',
    ),
    0 => 'objectclass',
    'distinguishedname' => 
    array (
      'count' => 1,
      0 => 'CN=Users,DC=DOMAIN,DC=local',
    ),
    1 => 'distinguishedname',
    'count' => 2,
    'dn' => 'CN=Users,DC=DOMAIN,DC=local',
  ),
)
Though this doesn't tell you the query, it tells you some of the filters being used and the things being examined.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited