On Fri, 2005-12-09 at 11:17 +1300, Steve Shipway wrote: > We are running Nagios with LDAP here fine. We use mod_auth_ldap (in > Apache2), which is much better (I have no experience with authz_ldap, but I > tried the Muquit one before and it works OK). This returns the username as > whatever we define the uid parameter to be. We only need to put this: > > AuthLDAPUrl "ldap://ldap.auckland.ac.nz:389/ou=People,o=The University of > Auckland,c=NZ?uid" > > into our Apache httpd.conf and it will latch onto the correct server, use > ssl, and return the uid which we can then use within Nagios. > > To make the Muquit mod_auth_ldap work, you need more configuration, like: > > LDAP_Server ldap.auckland.ac.nz > LDAP_Port 389 > Base_DN "ou=People,o=The University of Auckland,c=NZ" > > since it will default to using the 'uid' parameter. > > For authz_ldap, I had to use this: > > AuthzLDAPServer ldap.auckland.ac.nz:389 > AuthzLDAPUserBase "ou=People,o=The University of Auckland,c=NZ" > AuthzLDAPUserKey uid > AuthzLDAPUserScope base > AuthzLDAPGroupBase "ou=Groups,o=The University of Auckland,c=NZ" > AuthzLDAPGroupKey cn > AuthzLDAPGroupScope base > > but it didn't work too well - and besides, we have standardised on the > mod_auth_ldap now. > > In all these cases, Apache reported just the uid attribute as the username, > so we only had to define users with that in Nagios. No need for all the > LDAP ou= stuff.
Sounds similar to what we're doing. We went a step further in our requirements. Folks that are accessing Nagios must be part of a particular group to authenticate as well as be defined in Nagios to see anything. Note, this is using mod_auth_ldap ScriptAlias /nagios/cgi-bin /usr/lib/nagios/cgi/ <Directory /usr/lib/nagios/cgi/> Options ExecCGI order deny,allow deny from all AuthType Basic AuthName "nagios" AuthLDAPUrl "ldap://ldap/ou=Users,ou=DoIT,o=Seattle?cn"; AuthLDAPGroupAttributeIsDN on AuthLDAPGroupAttribute member require group cn=Nagios,ou=Users,ou=DoIT,o=Seattle satisfy any </Directory> -Andy- ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
