Hello list. We migrating an older nagios-based infrastructure to Icinga2, and for at least some time we will need to support both environments with identical (as much as we can) configurations. We’ve developed some scripts to translate the Nagios configuration to an Icinga2 one, so we can just re-run them when they update their Nagios config.
We have LDAP authentication configured and working in IcingaWeb2, we get groups and users and users can correctly authenticate to IcingaWeb2 just like they do on their current legacy nagios interface. Now I’m dealing with authorization and I should replicate the same rules that they have in the old nagios ui, which afaik are the same implemented by icinga-classicui, which basically amount to the old “if I am a contact for the object then I should see the object in the web ui and be able to perform actions on it”. After some RTFM and googling time I admit I don’t even know if this is actually possible. I think I need something like "monitoring/filter/objects = <expression_that_says_current_user_is_contact>”, is that possible? Our plan B is to just stick with icinga-classicui until they decommission the old nagios monitoring and we can start breaking compatibility with it in the monitoring configuration… but of course I’d like to avoid it. Any help, example or pointers to relevant documentation will be appreciated. thanks, -- Luca Lesinigo _______________________________________________ icinga-users mailing list icinga-users@lists.icinga.org https://lists.icinga.org/mailman/listinfo/icinga-users
