Hi all,<br><br>I'm facing problems while trying to enable LDAP authentication on a Nagios 3.2.1 install (using htpasswd.users everything works fine).<br>This is how I've configured Apache:<br><br><Directory /usr/share/nagios/><br>
AuthType Basic<br> AuthName "Nagios - Ldap"<br> AuthBasicProvider ldap<br> AuthLDAPUrl ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid<br> AuthLDAPBindDN "cn=authuser,dc=sky,dc=local"<br>
AuthLDAPBindPassword oaj5Phum<br> Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local<br> Require ldap-user gandolfim<br> AuthLDAPGroupAttributeIsDN off<br> Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local<br>
Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local<br> AuthLDAPGroupAttribute memberUid<br></Directory><br><Directory "/usr/lib/nagios/cgi"><br> AuthType Basic<br> AuthName "Nagios - Ldap - CGI"<br>
AuthBasicProvider ldap<br> AuthLDAPUrl ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid<br> AuthLDAPBindDN "cn=authuser,dc=sky,dc=local"<br> AuthLDAPBindPassword oaj5Phum<br>
Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local<br> Require ldap-user gandolfim<br> AuthLDAPGroupAttributeIsDN off<br> Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local<br> Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local<br>
AuthLDAPGroupAttribute memberUid<br></Directory><br><br>I've defined my username as a contact<br><br>define contact {<br> use email-contact<br> contact_name gandolfim<br> alias Mattia Gandolfi<br>
email <a href="mailto:mattia.gandolfi@xxxxxxx.com">mattia.gandolfi@xxxxxxx.com</a><br> pager none<br>}<br><br>and I've set the following options in cgi.cfg<br><br>use_authentication=1<br>
use_ssl_authentication=0<br>authorized_for_system_information=gandolfim<br>authorized_for_configuration_information=gandolfim<br>authorized_for_system_commands=gandolfim<br>authorized_for_all_services=gandolfim<br>authorized_for_all_hosts=gandolfim<br>
authorized_for_all_service_commands=gandolfim<br><br>Authentication works fine, and I see "Logged in as <i>gandolfim"</i> on top of the Tactical Monitoring Overview page.<br>However, as soon as I try to access the cgi, for example to disable notifications for a service, I get "Sorry, but you are not authorized to commit the specified command."<br>
<br>What am I missing?<br><br>Thanks<br><br>Mattia<br><br>