Page 1 of 1
Nagios XI Authorization via LDAP group membership
Posted: Mon Dec 04, 2017 12:06 pm
by markmerchant
Is it possible to have Nagios XI authorize UI access based on user membership in an LDAP/AD group?
Ie. Bob is allowed access because he is a member of the Nagios group.
(&(userPrincipalName=Bob)(memberOf=cn=nagiosGroup,ou=groups,dc=domain,dc=com))
Thx.
Re: Nagios XI Authorization via LDAP group membership
Posted: Mon Dec 04, 2017 1:12 pm
by kyang
Have you run through our documentation on authenticating and importing LDAP/AD users?
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
You could definitely import that user, and then give him specific
security settings that pertain to what that user is authorized to do in XI .
Here's all of our other documentation on Multi-tenancy and user rights in case you need it.
https://assets.nagios.com/downloads/nag ... Rights.pdf
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Let us know if this helps!
Re: Nagios XI Authorization via LDAP group membership
Posted: Tue Jan 30, 2018 8:02 am
by markmerchant
We don't to have to manage hundreds of users. We would rather have an
LDAP groups for read-only, and maybe a few others that allow read-write
on specific groups.
Another issue, how do I get past the LDAP paging? I'm stuck with the first
1000 users that appear. Can they be filtered? Even a ( one time ) LDIF
import would be ok.
Thx.
Re: Nagios XI Authorization via LDAP group membership
Posted: Tue Jan 30, 2018 11:54 am
by kyang
A while back, there was a request to have LDAP groups as an import option/auth into XI rather than a single user.
Unfortunately, this was turned down and is not in the works.
As for the LDAP paging of 1000 users, there is a feature request to sort these users A-Z as a method. But, there is no exact ETA, and since it's a feature request I cannot guarantee it will be implemented.
We are currently working on XI 5.5, after that time I'm sure there will be a discussion on feature requests but as of now, I cannot say.
Re: Nagios XI Authorization via LDAP group membership
Posted: Wed Jan 31, 2018 2:19 pm
by markmerchant
Can I enter the user names in a local file, and have them authenticate against the directory? Thx.
Re: Nagios XI Authorization via LDAP group membership
Posted: Wed Jan 31, 2018 4:38 pm
by tgriep
Sorry, there is not a way to add uses from a file and authenticate to the directory.
The 1000 user limit could be a limit set on your LDAP server.
There is a limit set in Active Directory which can be increased by following the instructions at the bottom of this KB article.
https://support.nagios.com/kb/article/a ... n-600.html
If we knew what your LDAP server is running, we may be able to find instructions on increasing the search.