Nagios Support Forum

So looking at updating my Nagios REST API front end to allow for the 5.5.x changes, and I have a question about adding users that are in AD.

When doing so via the Web UI, you have to enter in a valid AD user name and password. But looking in the API docs, all I see is a user name. Is that correct? Because in the Web UI, you still have to enter a password, not just the user name.

Hello @johncwelch,

You're correct that you only need the username when adding an AD user from the API. This is because a random password is generated (16 characters) to be added into the db. Of course you can't log in with the password but it's just there in case.

If you end up setting allow_local to 1, the API would require that you set a password also, since you would need a password to log in if the AD login failed.

I think I was being imprecise. In the Web UI, I have to have an AD account that allows me to see the users I want to add, and a password for that, so I can browse the AD tree and select users. That's the user name I'm referring to, not the user name of the AD user I am trying to add.

Oh, the API does not have the functionality that the AD import has in the Web GUI. You are not able to connect to the AD server and find users to add through any of the current API endpoints. The only things you can currently do is add/remove/view AD servers and add new Nagios XI users (with AD username and server for auth) through the API if you know the username and other user info and pass it manually.

I think that could be a useful feature, I could add it in as a feature request if you'd like.

it'd be okay, but not necessary. As long as I can add/delete AD users, that's fine.

what is needed desperately is the ability to modify existing objects, i.e. user permissions, services, hosts, hostgroups, etc. that's far more of a need than browsing AD I think.

Adding the REST API functionality to modify objects is on our TODO list. I don't have an ETA on that, and for the time being, the only way to modify an existing object would be to delete it, and recreate it "from scratch".