My apologies. I had started working on LDAP auth for Network Analyzer at the same time.
Adding ipaSshGroupOfPubKeys to the list for Nagios XI allowed me to find and import users from FreeIPA.
No combination of additions to ldap_ad_helper.php on Nagios NA made any difference. I checked the document that you mentioned and, allowing for the differences between what is expected there and what is actually in the file, it looks as if ldap_ad_helper is already setup the way that is specified.
Should I start a separate topic for the Nagios NA user import?
FreeIPA Authentication change search
Re: FreeIPA Authentication change search
I have split your last post into a new topic under the Nagios Network Analyzer forum section.
I'm labbing this up and will let you know what I find shortly.
I'm labbing this up and will let you know what I find shortly.
Re: FreeIPA Authentication change search
Please take the attached file, unzip it, and replace this file on your Nagios Network Analyzer system:
Then test again and let us know the results.
Code: Select all
/var/www/html/nagiosna/application/helpers/ldap_ad_helper.phpYou do not have the required permissions to view the files attached to this post.
Re: FreeIPA Authentication change search
That worked. I was able to import users into Network Analyzer and then sign in with them.
-
benjaminsmith
- Posts: 5324
- Joined: Wed Aug 22, 2018 4:39 pm
- Location: saint paul
Re: FreeIPA Authentication change search
Hi,
Excellent! Did you have any other questions or may we close this out. Let us know when you have a moment.That worked. I was able to import users into Network Analyzer and then sign in with them
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: FreeIPA Authentication change search
Many thanks for the quick help. One more question: would it be practical to change the user import portion so that we could just put in the username instead of the full DN?
Importing users is a rare thing, so just a nice to have.
Importing users is a rare thing, so just a nice to have.
Re: FreeIPA Authentication change search
I'm investigating this and will post an update shortly.
Re: FreeIPA Authentication change search
This is because the ldap entry can contain uid or cn in the distinguished name:
https://stackoverflow.com/a/18183821
I have submitted a feature request for this as development will need to re-architect the way that it works:
FR: NNA - LDAP - Have LDAP authenticate poll for the proper DN to use from the credentials passed so you don't need to enter in the full DN of the user in the username box during the import (some have cn=, some have uid= on the start of the DN)
https://stackoverflow.com/a/18183821
I have submitted a feature request for this as development will need to re-architect the way that it works:
FR: NNA - LDAP - Have LDAP authenticate poll for the proper DN to use from the credentials passed so you don't need to enter in the full DN of the user in the username box during the import (some have cn=, some have uid= on the start of the DN)
Re: FreeIPA Authentication change search
Sounds good. Since adding users would be pretty infrequent, I could see us having to figure out why the import isn't working when we just put in username and password.
Re: FreeIPA Authentication change search
Yeah, I agree it would be helpful functionality to have. Please keep in mind that the decision to implement the enhancement is at the discretion of our development team.