Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Allow LDAP Group Access to XI

https://support.nagios.com/forum/viewtopic.php?t=76496

Page 1 of 1

Allow LDAP Group Access to XI

Posted: Tue Aug 26, 2025 7:56 am
by AngeloMileto
Instead of adding users one at a time from our LDAP (Active Directory), is there a way to authorize a Security Group so that anyone who is a member of that group has access based on the setup in XI?

I've searched a bit on the internet but can't find anything - at least nothing recent - to suggest it can or can't be done.

Re: Allow LDAP Group Access to XI

Posted: Tue Aug 26, 2025 9:20 am
by jsimon
Hi @AngeloMileto,

I don't believe that functionality exists within XI currently. You do have the ability to select all entities within a given OU, which displays as a folder within the interface, so you could try and work around that limitation by putting all users within the group you want to add into a specific OU and then add it as a batch action.

I do see the utility of what you're suggesting however, and I've created an issue to investigate enhancing our LDAP functionality with this in mind.

Re: Allow LDAP Group Access to XI

Posted: Wed Aug 27, 2025 6:27 am
by AngeloMileto
Thanks for submitting the request. To your knowledge, are there any powershell hooks into XI for authentication? I'm wondering if I could script something to update the users list in XI from a powershell script running periodically.

Alternatively, is there a documentation on the SQL commands to update the tables from a bash script? Might be able to query the AD group from bash and then add/remove users in the XI database on a scheduled basis/cron.

Thanks again!

Re: Allow LDAP Group Access to XI

Posted: Thu Sep 04, 2025 2:55 pm
by AngeloMileto
No suggestions? I didn't want to tear apart the web code to figure it out if there was a simple API/db query way to do it.

Re: Allow LDAP Group Access to XI

Posted: Fri Sep 05, 2025 11:34 am
by cdietsch
Hi AngeloMileto,

It sounds like the XI Auth Tokens through the REST API might be helpful with what you're trying to accomplish.

The documentation with examples for this can be found in your Nagios XI instance web interface along the following path: http://<XI.Server.IP>/nagiosxi/help/ under Developer Docs -> Auth Tokens.

Re: Allow LDAP Group Access to XI

Posted: Mon Sep 08, 2025 1:32 pm
by AngeloMileto
Cole,

Appreciate the suggestion but that would only accomplish actual logons. What is lacking is the ability to update the authenticated users table based on an Active Directory Group. So I was thinking since PowerShell can get all users in a given OU/Group, that could be compared to the list in Nagios's database and adjusted as necessary - adding or deleting based on the Group.

I'll probably end up tearing into the we interface section that's actually adding and deleting users and write my own.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited