This article assume that you already installed the nagios server on LAMP CentOS server and also installed 389 directory server. On the previous tutorial, the user that allowed to manage nagios is nagiosadmin which has been created using htpasswd. In this article, i will show you on how configure LDAP authentication for Nagios on CentOS 5.5.
Prerequisites
How to Install Apache Httpd Web Server on Linuxrel=”nofollow”
How to Install 389 Directory Server on CentOS/RHEL
1. Configure nagios.conf and change it to your LDAP environment. Assume the following info is valid on LDAP server:
Server ip = 192.168.2.5 Suffix = dc=intranet, dc=local LDAP user : user1 ( most of the time, this user is sytem administrator)
[root@server ~]# vi /etc/httpd/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi" <Directory "/usr/lib/nagios/cgi"> Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative on AuthName " LDAP Authentication for Nagios Monitoring" AuthLDAPURL "ldap://192.168.2.5:389/DC=intranet,DC=local?uid?sub?(objectClass=*)" NONE Require user </Directory> Alias /nagios "/usr/share/nagios" <Directory "/usr/share/nagios"> Options None AllowOverride None Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthzLDAPAuthoritative on AuthName " LDAP Authentication for Nagios Monitoring" AuthLDAPURL "ldap://192.168.2.5:389/DC=intranet,DC=local?uid?sub?(objectClass=*)" NONE Require user </Directory>
2. Replace all of the “nagiosadmin” entries with “*” in /etc/nagios/cgi.cfg. This is to prevent the error message in CGI authentication.
It appears as though you do not have permission to view information for any of the hosts you requested... If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI and check the authorization options in your CGI configuration file.
[root@server ~]# grep "nagiosadmin" /etc/nagios/cgi.cfg | grep -v "#"
authorized_for_system_information=nagiosadmin authorized_for_configuration_information=nagiosadmin authorized_for_system_commands=nagiosadmin authorized_for_all_services=nagiosadmin authorized_for_all_hosts=nagiosadmin authorized_for_all_service_commands=nagiosadmin authorized_for_all_host_commands=nagiosadmin
[root@server ~]# vi /etc/httpd/conf.d/nagios.conf
Replace nagiosadmin to * as below:
authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*
[root@server ~]# grep "*" /etc/nagios/cgi.cfg | grep -v "#" authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*
3. Restart the nagios service
[root@server ~]# /etc/init.d/nagios restart Stopping nagios: [ OK ] Starting nagios: [ OK ]
4. Restart apache server
[root@server ~]# /etc/init.d/httpd restart Stopping httpd: [ OK ] Starting httpd: [ OK ]
2 Comments
can you tell me service based authentications .
Like follows :
user 1:
in host1
service 1
service 2
user 2:
in host1
service 3
service 2
hi, is there any possible configuration in nagios or appache to login in nagios with via ldap with users name in lower and upper case?
Thanks&Regards,
Amir