Autentica LDAP Nagios

De Slacam_Wiki
Ir para: navegação, pesquisa

LDAP authentication in Nagios 3.2.3 on CentOS 5.5 Enabling LDAP authentication in Nagios has been one of those things that I've been putting off for a while. It took me three hours to finally get it, but it is working - thank god. I'd like to share with you the configuration changes that made LDAP authentication work in Nagios 3.2.3 on a CentOS 5.5 install.

1. Make sure that Nagios and Apache are installed correctly.

2. The following module should exist in your /etc/httpd/httpd.conf file:

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

If not, install the package with the following command: yum install mod_authz_ldap.i386

3. Next, change the /etc/openldap/ldap.conf file. Add the following line:

REFERRALS off

4. Edit the /etc/httpd/conf.d/nagios.conf file and tailor it to your LDAP environment. Here's a sanitized version of my configuration:


ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"

<Directory "/usr/lib/nagios/cgi">

  1. SSLRequireSSL
  Options ExecCGI
  AllowOverride None
  Order allow,deny
  Allow from all
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "LDAP Authentication"
  AuthLDAPURL "ldap://test.domain.edu:389/OU=Specific,OU=Branch,OU=School,DC=test,DC=edu?sAMAccountName?one?(objectClass=user)" NONE
  AuthLDAPBindDN "CN=NagiosUser,OU=School,DC=test,DC=edu"
  AuthLDAPBindPassword "mypassword" 
  require valid-user

</Directory>

Alias /nagios "/usr/share/nagios"

<Directory "/usr/share/nagios"> 

  Options None
  AllowOverride None
  Order allow,deny
  Allow from all
  AuthBasicProvider ldap
  AuthType Basic
  AuthName "LDAP Authentication"
  AuthLDAPURL "ldap://test.domain.edu:389/OU=Specific,OU=Branch,OU=School,DC=test,DC=edu?sAMAccountName?one?(objectClass=user)" NONE
  AuthLDAPBindDN "CN=NagiosUser,OU=School,DC=test,DC=edu"
  AuthLDAPBindPassword "mypassword"
  require ldap-attribute objectClass=user

</Directory>


5. The final piece is changing the cgi.cfg file. You'll receive CGI authentication errors if you do not take this step. Here's the changes that I made to fix that issue:

These are the original directives that I commented out:

grep "#" /etc/nagios/cgi.cfg | grep -i "nagiosadmin"

  1. authorized_for_system_information=nagiosadmin
  2. authorized_for_configuration_information=nagiosadmin
  3. authorized_for_system_commands=nagiosadmin
  4. authorized_for_all_services=nagiosadmin
  5. authorized_for_all_hosts=nagiosadmin
  6. authorized_for_all_service_commands=nagiosadmin
  7. authorized_for_all_host_commands=nagiosadmin

Replace all of the "nagiosadmin" entries with "*". This will give all LDAP authenticated users access to Nagios's functionality.

grep "*" /etc/nagios/cgi.cfg | grep -v "#" authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*

Finally,

/etc/init.d/httpd restart; /etc/init.d/nagios restart

Log into Nagios via LDAP and enjoy!

Disponível em "http://wiki.slacam.com.br/index.php?title=Autentica_LDAP_Nagios&oldid=602"