Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Nagios and LDAP auhentication e authorization

https://support.nagios.com/forum/viewtopic.php?t=75983

Page 1 of 1

Nagios and LDAP auhentication e authorization

Posted: Tue Dec 17, 2024 5:56 am
by emi65
Hi
I'm using Nagios Core 4.4.14
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built: Apr 28 2023 16:54:19

I enable LDAP authentication using LDAP GROUP to validate access
I put in /etc/httpd/conf.d/nagios.conf
...
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group cn=ADGroup1,OU=XXXX,OU=XXXX,OU=XXXX,DC=sedi,DC=group
....

so I enable the user belong to ADGroup1 to get in nagios web interface
In the cgi.cfg I configured
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

In this way all users inside the AD group ADGroup1 are enable to get in Nagios see and operate on all host and services

Now I want to configure a ADGroup2 to see only 3 specific servers

If I work with local user I have to create User1 and I set as contact of these 3 server the User1
In this way when the user1 log in nagios , he is able to see srv1 , srv2 and srv3

NOW I work with LDAP Authentication
What I need to do in order to authorize LDAP group ADGroup2 to see only srv1 , srv2 and srv3

Someone could help me ?
regards
Emilio

Re: Nagios and LDAP auhentication e authorization

Posted: Tue Dec 17, 2024 10:48 am
by emi65
in this forum I found
viewtopic.php?t=26488

where are mentioned these directives to set in CGI.cfg file

Are correct ?

authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=

Re: Nagios and LDAP auhentication e authorization

Posted: Wed Dec 18, 2024 5:47 pm
by gwesterman
Hi @emi65,

I am not familiar with this issue in particular, but is there any reason you cannot try this solution? My recommendation is to give this answer a try and let us know if it doesn't work.

Thank you!

Re: Nagios and LDAP auhentication e authorization

Posted: Wed Jan 08, 2025 3:15 pm
by emi65
Hi gwesteman

I solved the authorization problem by contact_group using this directive in cgi.cfg
authorized_contactgroup_for_all_hosts=
authorized_contactgroup_for_all_services=
authorized_contactgroup_for_system_information=
authorized_contactgroup_for_configuration_information=
authorized_contactgroup_for_all_host_commands=
authorized_contactgroup_for_all_service_commands=
authorized_contactgroup_for_system_commands=
authorized_contactgroup_for_read_only=

Now I got another problem because the contact are case sensitive and using LDAP windows authentication the problem of the user
name upper or lower case is strong important

I described the problem in github issue

https://github.com/NagiosEnterprises/na ... ssues/1016

thanks
Emilio

Re: Nagios and LDAP auhentication e authorization

Posted: Thu Jan 09, 2025 5:18 pm
by gwesterman
Hi @emi65,

Thanks for digging into this and making an issue.

When any updates on this are made, your issue will be referenced. If it is resolved, it will be reference in the changelog.

Thank you!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited