Re: [Nagios-users] Nagios authentication thru LDAP.
Hi Robert, Am Mittwoch, 10. Aug. 11, 12:23:17 schrieb Robert J Molerio: > Can anyone indicate how this can be done? > We would like users to log on to Nagios via LDAP. > I think we need to configure the Apache server within Nagios to be able to > do this but we're not sure. you need to install the apache ldap modules and put this in your apache nagios vhost config. In this case it's better to have a redundant ldap ;) AllowOverride None AuthType basic AuthName "Auth needed!" AuthBasicProvider ldap AuthLDAPURL ldap://your.ldap.server:389/dc=bla,dc=fasel?uid?sub? (objectClass=whatYouNeed) AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off require ldap-group your-ldap-group require ldap-user your-ldap-user Options ExecCGI Order allow,deny Allow from all AllowOverride None AuthType basic AuthName "Auth needed!" AuthBasicProvider ldap AuthLDAPURL ldap://your.ldap.server:389/dc=bla,dc=fasel?uid?sub? (objectClass=whatYouNeed) AuthLDAPGroupAttribute memberUid AuthLDAPGroupAttributeIsDN off require ldap-group your-ldap-group require ldap-user your-ldap-user Options ExecCGI Order allow,deny Allow from all Kind regards, Axel -- Axel Rosenski - Administration - __ Wave Computersysteme GmbH Philipp-Reis-Str. 1-3 / 9 35440 Linden Geschäftsführer: Carsten Kellmann Registergericht Gießen HRB 1823 Tel.: +49 (0)6403 / 9050 8317 Fax: +49 (0)6403 / 9050 5089 mailto:rosen...@wave-computer.de http://www.wave-computer.de -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
Qua, 2011-08-10 às 13:42 -0400, Terry Carmen escreveu: > Quoting Robert J Molerio : > > > Can anyone indicate how this can be done? > > We would like users to log on to Nagios via LDAP. > > I think we need to configure the Apache server within Nagios to be > able to > > do this but we're not sure. > > It's definitely possible using Apache's LDAP auth, however you might > want to consider that when your network is going ape, it's really > nice to know that your Nagios machine doesn't require any external > resources. > > That's why I chose local auth (htpasswd). > > Now matter how much of the brown stuff is flying around, Nagios is up. > > Terry Tsk tsk tsk. Apache supports falling back to other auth methods and you should use Nagios and LDAP via SSL sockets (https and ldaps) securing passwords. Setting up Apache against LDAP is really easy, and most of the LDAP issues are on its maintenance rather than pointing at it for data. Rui -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
On Wed, Aug 10, 2011 at 13:48, Mike Lindsey wrote: > On 8/10/11 9:23 AM, Robert J Molerio wrote: >> Can anyone indicate how this can be done? >> We would like users to log on to Nagios via LDAP. >> I think we need to configure the Apache server within Nagios to be >> able to do this but we're not sure. > > Depending on your version of Apache this ranges from a pain in the rear, > to nigh impossible. It's doable, but I've often found it easier and > more stable, to have a cronjob that exports the ldap users to an > htpasswd file. Requires fewer changes to your Apache installation, and > doesn't lock your users out of your Nagios install if LDAP fails. I think the backend that does this for you is called "script": does the same, but only when there are changes, and immediately on change. Allan -- all...@chickenandporn.com "金鱼" http://linkedin.com/in/goldfish -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
On Wed, Aug 10, 2011 at 14:16, wrote: >> Quoting Robert J Molerio : >> >>> Can anyone indicate how this can be done? >>> We would like users to log on to Nagios via LDAP. >>> I think we need to configure the Apache server within Nagios to be able to >>> do this but we're not sure. >> >> It's definitely possible using Apache's LDAPÂ auth, however you might want to >> consider that when your network is going ape, it's really nice to know >> that >> your Nagios machine doesn't require any external resources. >> >> That's why IÂ chose local auth (htpasswd). >> >> Now matter how much of the brown stuff is flying around, Nagios is up. > > Those are the times that once I am notified, I wish nagios would shut up > already ;-) > > For authentication only Nagios will still send out notifications, even if you > can't get into its web interface, which is all we're talking about > authenticating > here. > > Always have more than one LDAP source, but this should be fairly easy to do > using > Apache's mod_auth_ldap. Disclaimer: I haven't used that mod, but I HAVE used > mod_auth_xradius, which in turn used radius+LDAP, which has got to be at > least as > complicated as using LDAP directly. I'll see if I can pull my examples tonight from when I did this a few years ago. A syncrepl LDAP secondary on the same server as the apache server gets the best of both worlds: LDAP replication, but it's on the same box so not prone to network issues. Allan -- all...@chickenandporn.com "金鱼" http://linkedin.com/in/goldfish -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
> Quoting Robert J Molerio : > >> Can anyone indicate how this can be done? >> We would like users to log on to Nagios via LDAP. >> I think we need to configure the Apache server within Nagios to be able to >> do this but we're not sure. > > It's definitely possible using Apache's LDAPÂ auth, however you might want to > consider that when your network is going ape, it's really nice to know > that > your Nagios machine doesn't require any external resources. > > That's why IÂ chose local auth (htpasswd). > > Now matter how much of the brown stuff is flying around, Nagios is up. Those are the times that once I am notified, I wish nagios would shut up already ;-) For authentication only Nagios will still send out notifications, even if you can't get into its web interface, which is all we're talking about authenticating here. Always have more than one LDAP source, but this should be fairly easy to do using Apache's mod_auth_ldap. Disclaimer: I haven't used that mod, but I HAVE used mod_auth_xradius, which in turn used radius+LDAP, which has got to be at least as complicated as using LDAP directly. -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
On 8/10/11 9:23 AM, Robert J Molerio wrote: > Can anyone indicate how this can be done? > We would like users to log on to Nagios via LDAP. > I think we need to configure the Apache server within Nagios to be > able to do this but we're not sure. Depending on your version of Apache this ranges from a pain in the rear, to nigh impossible. It's doable, but I've often found it easier and more stable, to have a cronjob that exports the ldap users to an htpasswd file. Requires fewer changes to your Apache installation, and doesn't lock your users out of your Nagios install if LDAP fails. -- Mike Lindsey -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
Quoting Robert J Molerio : > Can anyone indicate how this can be done? > We would like users to log on to Nagios via LDAP. > I think we need to configure the Apache server within Nagios to be able to > do this but we're not sure. It's definitely possible using Apache's LDAP auth, however you might want to consider that when your network is going ape, it's really nice to know that your Nagios machine doesn't require any external resources. That's why I chose local auth (htpasswd). Now matter how much of the brown stuff is flying around, Nagios is up. Terry -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Nagios authentication thru LDAP.
Hi If you are looking for Active Directory or Kerberos ldap authentication, see this link - http://wiki.nagios.org/index.php/Windows_Authentication (Not sure how different it is if you are using another LDAP, sorry)! Cheers, James --- From: Robert J Molerio [mailto:rjm...@nyu.edu] Sent: Wednesday, August 10, 2011 12:23 PM To: nagios-users@lists.sourceforge.net Subject: [Nagios-users] Nagios authentication thru LDAP. Can anyone indicate how this can be done? We would like users to log on to Nagios via LDAP. I think we need to configure the Apache server within Nagios to be able to do this but we're not sure. -- Thank you, Bob Molerio Systems Administrator New York University ITS Computer Facilities Services/Infrastructure Level C-2 75 Third Avenue New York NY 10003-5527 email:robert.mole...@nyu.edu -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Nagios authentication thru LDAP.
Can anyone indicate how this can be done? We would like users to log on to Nagios via LDAP. I think we need to configure the Apache server within Nagios to be able to do this but we're not sure. -- Thank you, Bob Molerio Systems Administrator New York University ITS Computer Facilities Services/Infrastructure Level C-2 75 Third Avenue New York NY 10003-5527 email:robert.mole...@nyu.edu -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null