Page 1 of 1
LDAP authentication
Posted: Thu Dec 20, 2018 5:56 am
by Mahantesh
Hi,
I need to use AD-LDAP auhentication for Nagios web Sign-in access; but do not want to write AD user credentials in the nagios.conf file or any other nagios file.
In AD, I would create a group (nagios_users) of 5 users for those the Nagios access to be enabled upon authentication through LDAP
Re: LDAP authentication
Posted: Fri Dec 21, 2018 3:52 pm
by ssax
Here is what works for me:
Code: Select all
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
# SSLRequireSSL
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
# AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=Your User,CN=Users,DC=contoso,DC=local"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://192.168.X.X/CN=Users,DC=contoso,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "contoso Authentication"
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group CN=nagios_users,CN=Users,DC=contoso,DC=local
Require valid-user
Require all denied
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
# SSLRequireSSL
Options None
AllowOverride None
Order allow,deny
Allow from all
# AuthzLDAPAuthoritative on
AuthLDAPBindDN "CN=Your User,CN=Users,DC=contoso,DC=local"
AuthLDAPBindPassword "Password"
AuthLDAPURL "ldap://192.168.X.X/CN=Users,DC=contoso,DC=local?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "contoso Authentication"
AuthBasicProvider ldap
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group CN=nagios_users,CN=Users,DC=contoso,DC=local
Require valid-user
Require all denied
</Directory>
What version of apache are you running? I'm pretty sure you need the bind password in there though, I don't think it'll work without it unless your admins can disable the bind authentication requirement.
Re: LDAP authentication
Posted: Fri Sep 20, 2019 5:03 pm
by cdienger
Code: Select all
AuthLDAPBindDN "CN=<<groupNameInServer>>,DC=<<ldapserver>>,DC=com"
you don't want to use groupname here. This should be a DN(distinguished name) of an account and this:
Code: Select all
AuthLDAPBindPassword "Admin Password"
is the password for that account.