R: R: R: ldap authentication

guillaume LOHEZ guillaume.lohez at linagora.com
Wed Apr 27 13:25:51 CEST 2005
Previous message: Monitoring Sybase database
Next message: Proforming MS-SQL Querys
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ok

Check your LDAP tree to be sure that you have an attribut "uid" for your
user

the form of the dn is: uid=toto,ou=staff,o=it.net
or cn=toto,ou=staff,o=it.net, if it is this one, is there an attribut
uid in for the user ??

Are your users directly in "ou=staff" or is there a subtree in staff ???
Because if there is a subtree ( ex: cn=toto,ou=admins,ou=staff,.... )
you should put a "sub" in your request for recursion !!

You should tell in the request what attribut you are looking for if it
is not uid

so the request should be:

AuthLDAPURL ldap://ldapma.intra.it.net:389/ou=staff,o=it.net?cn?sub



Regards
Guillaume


Marco Borsani a écrit :

>Well,
>
>right now I write file .htaccess like this:
>AuthName "Marco Nagios Access"
>AuthType Basic
>AuthLDAPEnabled on
>AuthLDAPURL ldap://ldapma.intra.it.net:389/ou=staff,o=it.net
>require valid-user
>
>on web server (nagios) I have this error message:
>[Wed Apr 27 12:18:34 2005] [warn] [client 10.212.0.9] [6197] auth_ldap
>authenticate: user m.borsani authentication failed; URI / [User not
>found][No such object]
>
>but , on ldap server I see this log
>27/Apr/2005:12:40:17 +0200] conn=8858 op=8 SRCH base="ou=staff,o=it.net"
>scope=2 filter="(&(objectclass=*)(uid=m.borsani))"
>[27/Apr/2005:12:40:17 +0200] conn=8858 op=8 RESULT err=0 tag=101 nentries=0
>etime=0
>
>Any idea ?
>
>Marco
>
>-}-----Messaggio originale-----
>-}Da: nagios-users-admin at lists.sourceforge.net
>-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di guillaume
>-}LOHEZ
>-}Inviato: mercoledì 27 aprile 2005 10.56
>-}A: nagios-users at lists.sourceforge.net
>-}Oggetto: Re: R: R: [Nagios-users] ldap authentication
>-}
>-}
>-}Yes, they are needed...
>-}Maybe, you can remove lines: AuthLDAPBindDn and AuthLDAPBindPassword if
>-}your ldap server doesn't need to be authentified to browse it.
>-}
>-}You should replace the "requiere group" by a "require valid-user" so
>-}apache has just to match login/passwd the grant access !!
>-}As it is done in the standard .htaccess of Nagios with the file
>-}htpasswd.users
>-}
>-}All chars are OK
>-}"," are to specify the dn
>-}"?" are to separate fields for search
>-}"*" is to tell apache to look for any objectclass
>-}
>-}Regards
>-}Guillaume
>-}
>-}
>-}
>-}Marco Borsani a écrit :
>-}
>-}>Are all fields necessary ?
>-}>For example: if I don't use TFTP I won't write last raw "require
>-}group...."?
>-}>I know only first two (AuthName and AuthType).
>-}>
>-}>The char "?", "(", "*" and ")" are real or depend on the "cut and paste"?
>-}>
>-}>sorry about this questions but I am newbie on apache and ldap!
>-}>
>-}>
>-}>Marco
>-}>
>-}>-}-----Messaggio originale-----
>-}>-}Da: nagios-users-admin at lists.sourceforge.net
>-}>-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di guillaume
>-}>-}LOHEZ
>-}>-}Inviato: mercoledì 27 aprile 2005 10.24
>-}>-}A: nagios-users at lists.sourceforge.net
>-}>-}Oggetto: Re: R: [Nagios-users] ldap authentication
>-}>-}
>-}>-}
>-}>-}Here is a little example
>-}>-}Not especially for Nagios but example for LDAPAuth with Apache 2 !!
>-}>-}
>-}>-}        AuthName "Acces TFTPD"
>-}>-}        AuthType Basic
>-}>-}        AuthLDAPEnabled on
>-}>-}        AuthLDAPBindDN "cn=visu,o=europa,dc=net"
>-}>-}        AuthLDAPBindPassword "someverysecretpassword"
>-}>-}        AuthLDAPURL
>-}>-}ldap://intranet.pointcom.fr:389/ou=utilisateurs,o=europa,dc=net?ui
>-}>-}d?sub?(objectClass=*)
>-}>-}        require group cn=acces_tftpd,ou=apache,o=europa,dc=net
>-}>-}
>-}>-}Some comments:
>-}>-}    - Name of the auth
>-}>-}    - type of the auth
>-}>-}    - enable ldap
>-}>-}    - a dn which have read access to the LDAP base
>-}>-}    - the password of this dn
>-}>-}    - the url : the name of the server, the port, the dn where your
>-}>-}users resides, what your are looking for (uid), if the query is
>-}>-}recursive or not (sub) and any objectclass
>-}>-}    - what the auth require to grant acces (if the login and passwd
>-}>-}match), here the user needs to be in the group acces_tftpd
>-}>-}
>-}>-}I hope, it will help you and some other guys here !! ;-)
>-}>-}
>-}>-}Regards
>-}>-}Guillaume
>-}>-}
>-}>-}
>-}>-}Marco Borsani a écrit :
>-}>-}
>-}>-}>Yes, If you colud send me some examples should be great!
>-}>-}>
>-}>-}>My apache server support ldap so, probably, I don't need to install
>-}>-}>"libapache-ldapauth or something like that", but I have not idea :
>-}>-}>- how to change .htaccess
>-}>-}>- ..others changes to perform on Nagios
>-}>-}>- setting ldap.conf in Apache (probably just a line like this
>-}>-}"AuthLDAPURL
>-}>-}>ldap://hostname:389/ou=group,o=org.net")
>-}>-}>
>-}>-}>Thank you
>-}>-}>Marco
>-}>-}>
>-}>-}>-}-----Messaggio originale-----
>-}>-}>-}Da: nagios-users-admin at lists.sourceforge.net
>-}>-}>-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto
>-}di guillaume
>-}>-}>-}LOHEZ
>-}>-}>-}Inviato: mercoledì 27 aprile 2005 9.59
>-}>-}>-}A: nagios-users at lists.sourceforge.net
>-}>-}>-}Oggetto: Re: [Nagios-users] ldap authentication
>-}>-}>-}
>-}>-}>-}
>-}>-}>-}Hi,
>-}>-}>-}
>-}>-}>-}To use LDAP auth with Nagios:
>-}>-}>-}    - you have to install libapache-ldapauth or something like that
>-}>-}>-}    - change the .htaccess to point to your ldap server
>-}>-}>-}Some configuration examples may be found on httpd.apache.org
>-}>-}>-}You have to point to the ldap server, give a login/passwd if need to
>-}>-}>-}bind to your ldap and specify the criteria to allow access
>-}>-}>-}For example, if a user give the good login/passwd, he must be
>-}>-}in a group
>-}>-}>-}"nagios" for example to have access...
>-}>-}>-}
>-}>-}>-}If i remember, ldapauth for apache doesn't support ldaps !!
>-}>-}>-}
>-}>-}>-}I can send you config example if you want...
>-}>-}>-}
>-}>-}>-}Regards
>-}>-}>-}Guillaume
>-}>-}>-}
>-}>-}>-}
>-}>-}>-}Marco Borsani a écrit :
>-}>-}>-}
>-}>-}>-}>Hi all
>-}>-}>-}>
>-}>-}>-}>I have installed an Apache that support the LDAP authentication.
>-}>-}>-}>
>-}>-}>-}>May I configure Nagios to use an LDAP server to view the
>-}>-}WEB/CGI pages?
>-}>-}>-}>
>-}>-}>-}>I read the manual "NAGIOS Version 1.0 Documentaion" but it
>-}>-}>-}explains only how
>-}>-}>-}>to use the htpasswd.user file.
>-}>-}>-}>
>-}>-}>-}>regards
>-}>-}>-}>
>-}>-}>-}>Marco
>-}>-}>-}>
>-}>-}>-}>
>-}>-}>-}>
>-}>-}>-}>-------------------------------------------------------
>-}>-}>-}>SF.Net email is sponsored by: Tell us your software
>-}development plans!
>-}>-}>-}>Take this survey and enter to win a one-year sub to SourceForge.net
>-}>-}>-}>Plus IDC's 2005 look-ahead and a copy of this survey
>-}>-}>-}>Click here to start!
>-}http://www.idcswdc.com/cgi-bin/survey?id=105hix
>-}>-}>-}>_______________________________________________
>-}>-}>-}>Nagios-users mailing list
>-}>-}>-}>Nagios-users at lists.sourceforge.net
>-}>-}>-}>https://lists.sourceforge.net/lists/listinfo/nagios-users
>-}>-}>-}>::: Please include Nagios version, plugin version (-v) and OS
>-}>-}>-}when reporting any issue.
>-}>-}>-}>::: Messages without supporting info will risk being sent
>-}to /dev/null
>-}>-}>-}>
>-}>-}>-}>
>-}>-}>-}>
>-}>-}>-}
>-}>-}>-}
>-}>-}>-}--
>-}>-}>-}Guillaume LOHEZ
>-}>-}>-}Administrateur Systemes & Reseaux
>-}>-}>-}Portable: +33 (0)6 72 23 20 16
>-}>-}>-}E-mail: guillaume.lohez at linagora.com
>-}>-}>-}------------------------------------
>-}>-}>-}LINAGORA
>-}>-}>-}30 Rue Saint Augustin, PARIS 2eme
>-}>-}>-}Telephone: +33 (0)1 58 18 68 28
>-}>-}>-}
>-}>-}>-}
>-}>-}>-}
>-}>-}>-}
>-}>-}>-}-------------------------------------------------------
>-}>-}>-}SF.Net email is sponsored by: Tell us your software
>-}development plans!
>-}>-}>-}Take this survey and enter to win a one-year sub to SourceForge.net
>-}>-}>-}Plus IDC's 2005 look-ahead and a copy of this survey
>-}>-}>-}Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
>-}>-}>-}_______________________________________________
>-}>-}>-}Nagios-users mailing list
>-}>-}>-}Nagios-users at lists.sourceforge.net
>-}>-}>-}https://lists.sourceforge.net/lists/listinfo/nagios-users
>-}>-}>-}::: Please include Nagios version, plugin version (-v) and OS
>-}>-}>-}when reporting any issue.
>-}>-}>-}::: Messages without supporting info will risk being sent
>-}to /dev/null
>-}>-}>
>-}>-}>
>-}>-}>
>-}>-}>
>-}>-}
>-}>-}
>-}>-}--
>-}>-}Guillaume LOHEZ
>-}>-}Administrateur Systemes & Reseaux
>-}>-}Portable: +33 (0)6 72 23 20 16
>-}>-}E-mail: guillaume.lohez at linagora.com
>-}>-}------------------------------------
>-}>-}LINAGORA
>-}>-}30 Rue Saint Augustin, PARIS 2eme
>-}>-}Telephone: +33 (0)1 58 18 68 28
>-}>-}
>-}>-}
>-}>-}
>-}>-}
>-}>-}-------------------------------------------------------
>-}>-}SF.Net email is sponsored by: Tell us your software development plans!
>-}>-}Take this survey and enter to win a one-year sub to SourceForge.net
>-}>-}Plus IDC's 2005 look-ahead and a copy of this survey
>-}>-}Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
>-}>-}_______________________________________________
>-}>-}Nagios-users mailing list
>-}>-}Nagios-users at lists.sourceforge.net
>-}>-}https://lists.sourceforge.net/lists/listinfo/nagios-users
>-}>-}::: Please include Nagios version, plugin version (-v) and OS
>-}>-}when reporting any issue.
>-}>-}::: Messages without supporting info will risk being sent to /dev/null
>-}>
>-}>
>-}>
>-}>
>-}
>-}
>-}--
>-}Guillaume LOHEZ
>-}Administrateur Systemes & Reseaux
>-}Portable: +33 (0)6 72 23 20 16
>-}E-mail: guillaume.lohez at linagora.com
>-}------------------------------------
>-}LINAGORA
>-}30 Rue Saint Augustin, PARIS 2eme
>-}Telephone: +33 (0)1 58 18 68 28
>-}
>-}
>-}
>-}
>-}-------------------------------------------------------
>-}SF.Net email is sponsored by: Tell us your software development plans!
>-}Take this survey and enter to win a one-year sub to SourceForge.net
>-}Plus IDC's 2005 look-ahead and a copy of this survey
>-}Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
>-}_______________________________________________
>-}Nagios-users mailing list
>-}Nagios-users at lists.sourceforge.net
>-}https://lists.sourceforge.net/lists/listinfo/nagios-users
>-}::: Please include Nagios version, plugin version (-v) and OS
>-}when reporting any issue.
>-}::: Messages without supporting info will risk being sent to /dev/null
>
>
>  
>


-- 
Guillaume LOHEZ
Administrateur Systemes & Reseaux
Portable: +33 (0)6 72 23 20 16
E-mail: guillaume.lohez at linagora.com
------------------------------------
LINAGORA
30 Rue Saint Augustin, PARIS 2eme
Telephone: +33 (0)1 58 18 68 28




-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Monitoring Sybase database
Next message: Proforming MS-SQL Querys
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list