I had a problem with Nagios because I needed to set up LDAP access and I didn’t know how to do it. After googling for a while
I found out that the solution was to set up LDAP access for APACHE and do few configuration change in Nagios.
The first intersting reading is that one: https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html/Administration_Guide/sect-Nagios_Advanced_Configuration.html
All these things have been done in Centos 6 server.
Apache LDAP login
Basically I set up nagios apache file for ldap access. These rules are generic for apache config. in my case I apply them to nagios but you can use it for any apache services.
First of all we need to check if ldap module is enabled in apache configuration:
vim /etc/httpd/conf/httpd.conf ... LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so ...
Then add the following to nagios.conf apache file. In my example:
ldap server: 192.168.10.10
bind user: mybinduser
bind user password: mybindpassword
vim /etc/httpd/conf.d/nagios.conf <Directory /yourpaht> Options ExecCGI AllowOverride None Order allow,deny Allow from all AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthName "LDAP Authentication for Nagios Monitoring" AuthLDAPURL "ldap://192.168.10.10:389/OU=Accounts,DC=hostrich,DC=com?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN "CN=mybinduser,CN=MyUsers,DC=hostrich,DC=com" AuthLDAPBindPassword “mybindpassword” Require valid-user </Directory>
Before being mad trying to find out why it is not working, remember to open port 389 in IPTABLES.
In case you have virtualhosts, you need to put the same ldap setup in virtualhosts file for nagios.
Nagios LDAP configuration
The only thing to do for Nagios is to set user permission in nagios cgi.cfg file
vim /etc/nagios/cgi.cfg authorized_for_system_information=* authorized_for_configuration_information=ldapuser1,ldapuser2 authorized_for_system_commands=ldapuser1,ldapuser2 authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_services=* authorized_for_all_hosts=* authorized_for_all_service_commands=* authorized_for_all_host_commands=*
In this examples ldapuser1 and ldapuser2 are the only two users with administrator right, all other user can login Nagios as normal user.
Remember to restart Nagios and Apache before trying if it is working.
service nagios restart service httpd restart
Hide bind user password
I don’t find a way to hide or encrypt bind user password in /etc/httpd/conf.d/nagios.conf
I have tried with the option
but It doesn’t seems to work.
So I used a wild solution;
chmod 600 /etc/httpd/conf.d/nagios.conf
So only root user can open the file, if anyone find a better solution, please leave a comment.
I hope it could help someone else, any comment or revision is appreciated.