Self-replying: I've just discovered the root cause: can_submit_commands was set to 0 in contacts template definition. Works as expected now
Mattia On Tue, May 25, 2010 at 3:08 PM, Mattia Gandolfi <[email protected]> wrote: > Hi all, > > I'm facing problems while trying to enable LDAP authentication on a Nagios > 3.2.1 install (using htpasswd.users everything works fine). > This is how I've configured Apache: > > <Directory /usr/share/nagios/> > AuthType Basic > AuthName "Nagios - Ldap" > AuthBasicProvider ldap > AuthLDAPUrl > ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid > AuthLDAPBindDN "cn=authuser,dc=sky,dc=local" > AuthLDAPBindPassword oaj5Phum > Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local > Require ldap-user gandolfim > AuthLDAPGroupAttributeIsDN off > Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local > Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local > AuthLDAPGroupAttribute memberUid > </Directory> > <Directory "/usr/lib/nagios/cgi"> > AuthType Basic > AuthName "Nagios - Ldap - CGI" > AuthBasicProvider ldap > AuthLDAPUrl > ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid > AuthLDAPBindDN "cn=authuser,dc=sky,dc=local" > AuthLDAPBindPassword oaj5Phum > Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local > Require ldap-user gandolfim > AuthLDAPGroupAttributeIsDN off > Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local > Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local > AuthLDAPGroupAttribute memberUid > </Directory> > > I've defined my username as a contact > > define contact { > use email-contact > contact_name gandolfim > alias Mattia Gandolfi > email [email protected] > pager none > } > > and I've set the following options in cgi.cfg > > use_authentication=1 > use_ssl_authentication=0 > authorized_for_system_information=gandolfim > authorized_for_configuration_information=gandolfim > authorized_for_system_commands=gandolfim > authorized_for_all_services=gandolfim > authorized_for_all_hosts=gandolfim > authorized_for_all_service_commands=gandolfim > > Authentication works fine, and I see "Logged in as *gandolfim"* on top of > the Tactical Monitoring Overview page. > However, as soon as I try to access the cgi, for example to disable > notifications for a service, I get "Sorry, but you are not authorized to > commit the specified command." > > What am I missing? > > Thanks > > Mattia > >
------------------------------------------------------------------------------
_______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
