Default setup of nagios on on of our systems had .htaccess auth method setup, and with growing number of users we needed to change to a more centralized and manageable auth method. We decided to include Nagios into our LDAP infrastructure and let Apache web server do the most of the work.
Since nagios is in a seperate vhost, we deleted the default .htaccess auth part and replaced it with:
AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative on AuthName "Nagios Web Browsing" AuthLDAPURL "ldap://ldap.test/ou=People,dc=test?userid?sub?(objectClass=*)" NONE AuthLDAPBindDN "cn=proxyuser,ou=People,dc=test" AuthLDAPBindPassword IamAsecret Require valid-user # AuthName "Nagios Access" # AuthType Basic # AuthUserFile /etc/nagios3/htpasswd.users # # nagios 1.x: # #AuthUserFile /etc/nagios/htpasswd.users # require valid-user
Dont forget to enable the module for apache:
and restart apache deamon:
Finally in nagios config files we need to change following entries in:
authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*
Now apache is doing the authorization of users, and every user is allowed to do edits on web frontend.