Nagios3 frontend with ldap auth

Introduction

Default setup of nagios on on of our systems had .htaccess auth method setup, and with growing number of users we needed to change to a more centralized and manageable auth method. We decided to include Nagios into our LDAP infrastructure and let Apache web server do the most of the work.

Configuration

Since nagios is in a seperate vhost, we deleted the default .htaccess auth part and replaced it with:

    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthName "Nagios Web Browsing"
    AuthLDAPURL "ldap://ldap.test/ou=People,dc=test?userid?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "cn=proxyuser,ou=People,dc=test"
    AuthLDAPBindPassword IamAsecret
    Require valid-user

#       AuthName "Nagios Access"
#       AuthType Basic
#       AuthUserFile /etc/nagios3/htpasswd.users
#       # nagios 1.x:
#       #AuthUserFile /etc/nagios/htpasswd.users
#       require valid-user

Dont forget to enable the module for apache:

a2enmod authnz_ldap

and restart apache deamon:

/etc/init.d/apache2 restart

Finally in nagios config files we need to change following entries in:

vim /etc/nagios3/cgi.cfg
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

Now apache is doing the authorization of users, and every user is allowed to do edits on web frontend.

Author: S4mur4i

Happy in the unhappy world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s