LDAP authentication and CGI authorization problem

Mattia Gandolfi matgand at gmail.com
Tue May 25 15:08:13 CEST 2010

Previous message: check_multi advice to check "Internet available"
Next message: LDAP authentication and CGI authorization problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I'm facing problems while trying to enable LDAP authentication on a Nagios
3.2.1 install (using htpasswd.users everything works fine).
This is how I've configured Apache:

<Directory /usr/share/nagios/>
    AuthType Basic
    AuthName "Nagios - Ldap"
    AuthBasicProvider ldap
    AuthLDAPUrl
ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid
    AuthLDAPBindDN "cn=authuser,dc=sky,dc=local"
    AuthLDAPBindPassword oaj5Phum
    Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local
    Require ldap-user gandolfim
    AuthLDAPGroupAttributeIsDN off
    Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local
    Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local
    AuthLDAPGroupAttribute memberUid
</Directory>
<Directory "/usr/lib/nagios/cgi">
    AuthType Basic
    AuthName "Nagios - Ldap - CGI"
    AuthBasicProvider ldap
    AuthLDAPUrl
ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid
    AuthLDAPBindDN "cn=authuser,dc=sky,dc=local"
    AuthLDAPBindPassword oaj5Phum
    Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local
    Require ldap-user gandolfim
    AuthLDAPGroupAttributeIsDN off
    Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local
    Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local
    AuthLDAPGroupAttribute memberUid
</Directory>

I've defined my username as a contact

define contact {
        use             email-contact
        contact_name    gandolfim
        alias           Mattia Gandolfi
        email           mattia.gandolfi at xxxxxxx.com
        pager           none
}

and I've set the following options in cgi.cfg

use_authentication=1
use_ssl_authentication=0
authorized_for_system_information=gandolfim
authorized_for_configuration_information=gandolfim
authorized_for_system_commands=gandolfim
authorized_for_all_services=gandolfim
authorized_for_all_hosts=gandolfim
authorized_for_all_service_commands=gandolfim

Authentication works fine, and I see "Logged in as *gandolfim"* on top of
the Tactical Monitoring Overview page.
However, as soon as I try to access the cgi, for example to disable
notifications for a service, I get "Sorry, but you are not authorized to
commit the specified command."

What am I missing?

Thanks

Mattia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20100525/abc09ca1/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------

-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_multi advice to check "Internet available"
Next message: LDAP authentication and CGI authorization problem
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list