Nagios and LDAP group membership

Arno Lehmann al at its-lehmann.de
Thu Jan 18 10:10:57 CET 2007

Previous message: Nagios and LDAP group membership
Next message: Nagios and LDAP group membership
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

On 1/18/2007 8:32 AM, Francois Pernet wrote:
> Hi,
> 
> We have Nagios 2.5 installed on a huge site. This site has a central
> LDAP directory. The goal is to manage people n this directory
> following their group membership. I know that Apache is responsible
> for the authentication and it works fine, but we would like to know
> if the following could be possible:
> 
> - a user is authenticated by LDAP in Apache and he has the permission
> to see Nagios following his group membership (that works because not
> lied to Nagios)

This should be possible using the ldap authentication / authorization 
stuff. I'm not really fluent in it, but I think I saw something like 
this revently. Not related to Nagios, but it solved the same problem. If 
I understood the ldap query correctly :-)

> - Nagios is able to give authorizations (cgi.cfg) based on group
> membership and not only user id

This would require changes to the cgi authorization code, and new 
configuration directives, I guess.

> - optional but really nice: Somehow Nagios is able to extract email
> address and in a file (contactldapgroups.cfg) we only declare
> notification period and commands (so it replaces the file
> contacts.cfg).

I do it differently, but with the same goal: I have contact information 
set up in a generic way - i.e. 24x7, all states, some contact identifier.

The Nagios users have all their settings in theit ldap directory 
entries, i.e. when, about what, and how they are notified. The 
notification program gets that info from ldap, sees if it has to send a 
notification, and does so according to what the user configured.

> Using this way it would be possible to manage entirely Nagios people
> through the directory and not being obliged to declare each person
> under Nagios...

In my setup, having group authetication is not necessary because the 
users need to have the notifications set up individually, and thus the 
web browser has the means to determine who is allowed to acces the 
nagios pages on a per-user basis.

> Tell me if I am the only one to request for such a enhancement ?

Well, much of what you want can alredy be done by setting up the right 
notification commands.

Arno

> Many thanks in advance
> 
> Francois
> 
> 
> 
> -------------------------------------------------------------------------
>  Take Surveys. Earn Cash. Influence the Future of IT Join
> SourceForge.net's Techsay panel and you'll get the chance to share
> your opinions on IT & business topics through brief surveys - and
> earn cash 
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>  _______________________________________________ Nagios-devel mailing
> list Nagios-devel at lists.sourceforge.net 
> https://lists.sourceforge.net/lists/listinfo/nagios-devel

-- 
IT-Service Lehmann                    al at its-lehmann.de
Arno Lehmann                  http://www.its-lehmann.de

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

Previous message: Nagios and LDAP group membership
Next message: Nagios and LDAP group membership
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list