Mudanças entre as edições de "Autentica LDAP Nagios"
(Criou página com ''''LDAP authentication in Nagios 3.2.3 on CentOS 5.5''' Enabling LDAP authentication in Nagios has been one of those things that I've been putting off for a while. It took me thr…') |
|||
| Linha 1: | Linha 1: | ||
| + | <ads media=goo5/> | ||
'''LDAP authentication in Nagios 3.2.3 on CentOS 5.5''' | '''LDAP authentication in Nagios 3.2.3 on CentOS 5.5''' | ||
Enabling LDAP authentication in Nagios has been one of those things that I've been putting off for a while. It took me three hours to finally get it, but it is working - thank god. I'd like to share with you the configuration changes that made LDAP authentication work in Nagios 3.2.3 on a CentOS 5.5 install. | Enabling LDAP authentication in Nagios has been one of those things that I've been putting off for a while. It took me three hours to finally get it, but it is working - thank god. I'd like to share with you the configuration changes that made LDAP authentication work in Nagios 3.2.3 on a CentOS 5.5 install. | ||
Edição atual tal como às 20h50min de 18 de dezembro de 2013
LDAP authentication in Nagios 3.2.3 on CentOS 5.5 Enabling LDAP authentication in Nagios has been one of those things that I've been putting off for a while. It took me three hours to finally get it, but it is working - thank god. I'd like to share with you the configuration changes that made LDAP authentication work in Nagios 3.2.3 on a CentOS 5.5 install.
1. Make sure that Nagios and Apache are installed correctly.
2. The following module should exist in your /etc/httpd/httpd.conf file:
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
If not, install the package with the following command: yum install mod_authz_ldap.i386
3. Next, change the /etc/openldap/ldap.conf file. Add the following line:
REFERRALS off
4. Edit the /etc/httpd/conf.d/nagios.conf file and tailor it to your LDAP environment. Here's a sanitized version of my configuration:
ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"
<Directory "/usr/lib/nagios/cgi">
- SSLRequireSSL
Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthName "LDAP Authentication" AuthLDAPURL "ldap://test.domain.edu:389/OU=Specific,OU=Branch,OU=School,DC=test,DC=edu?sAMAccountName?one?(objectClass=user)" NONE AuthLDAPBindDN "CN=NagiosUser,OU=School,DC=test,DC=edu" AuthLDAPBindPassword "mypassword" require valid-user
</Directory>
Alias /nagios "/usr/share/nagios"
<Directory "/usr/share/nagios">
Options None AllowOverride None Order allow,deny Allow from all AuthBasicProvider ldap AuthType Basic AuthName "LDAP Authentication" AuthLDAPURL "ldap://test.domain.edu:389/OU=Specific,OU=Branch,OU=School,DC=test,DC=edu?sAMAccountName?one?(objectClass=user)" NONE AuthLDAPBindDN "CN=NagiosUser,OU=School,DC=test,DC=edu" AuthLDAPBindPassword "mypassword" require ldap-attribute objectClass=user
</Directory>
5. The final piece is changing the cgi.cfg file. You'll receive CGI authentication errors if you do not take this step. Here's the changes that I made to fix that issue:
These are the original directives that I commented out:
grep "#" /etc/nagios/cgi.cfg | grep -i "nagiosadmin"
- authorized_for_system_information=nagiosadmin
- authorized_for_configuration_information=nagiosadmin
- authorized_for_system_commands=nagiosadmin
- authorized_for_all_services=nagiosadmin
- authorized_for_all_hosts=nagiosadmin
- authorized_for_all_service_commands=nagiosadmin
- authorized_for_all_host_commands=nagiosadmin
Replace all of the "nagiosadmin" entries with "*". This will give all LDAP authenticated users access to Nagios's functionality.
grep "*" /etc/nagios/cgi.cfg | grep -v "#" authorized_for_system_information=* authorized_for_configuration_information=* authorized_for_system_commands=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*
Finally,
/etc/init.d/httpd restart; /etc/init.d/nagios restart
Log into Nagios via LDAP and enjoy!
