Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

LDAP authentication

https://support.nagios.com/forum/viewtopic.php?t=51718

Page 1 of 1

LDAP authentication

Posted: Thu Dec 20, 2018 5:56 am
by Mahantesh
Hi,

I need to use AD-LDAP auhentication for Nagios web Sign-in access; but do not want to write AD user credentials in the nagios.conf file or any other nagios file.

In AD, I would create a group (nagios_users) of 5 users for those the Nagios access to be enabled upon authentication through LDAP

Re: LDAP authentication

Posted: Fri Dec 21, 2018 3:52 pm
by ssax
Here is what works for me:

Code: Select all

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"

<Directory "/usr/local/nagios/sbin">
#  SSLRequireSSL
	 Options ExecCGI
	 AllowOverride None
	 Order allow,deny
	 Allow from all

# AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=Your User,CN=Users,DC=contoso,DC=local"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://192.168.X.X/CN=Users,DC=contoso,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "contoso Authentication"
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group CN=nagios_users,CN=Users,DC=contoso,DC=local
	 Require valid-user
	 Require all denied
</Directory>

Alias /nagios "/usr/local/nagios/share"

<Directory "/usr/local/nagios/share">
#  SSLRequireSSL
	 Options None
	 AllowOverride None
	 Order allow,deny
	 Allow from all

# AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=Your User,CN=Users,DC=contoso,DC=local"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://192.168.X.X/CN=Users,DC=contoso,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "contoso Authentication"
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group CN=nagios_users,CN=Users,DC=contoso,DC=local
	 Require valid-user
	 Require all denied
</Directory>
What version of apache are you running? I'm pretty sure you need the bind password in there though, I don't think it'll work without it unless your admins can disable the bind authentication requirement.

Re: LDAP authentication

Posted: Fri Sep 20, 2019 5:03 pm
by cdienger

Code: Select all

AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
you don't want to use groupname here. This should be a DN(distinguished name) of an account and this:

Code: Select all

AuthLDAPBindPassword "Admin Password"
is the password for that account.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited