Hi all,<br><br>I'm facing problems while trying to enable LDAP authentication on a Nagios 3.2.1 install (using htpasswd.users everything works fine).<br>This is how I've configured Apache:<br><br><Directory /usr/share/nagios/><br>
    AuthType Basic<br>    AuthName "Nagios - Ldap"<br>    AuthBasicProvider ldap<br>    AuthLDAPUrl ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid<br>    AuthLDAPBindDN "cn=authuser,dc=sky,dc=local"<br>
    AuthLDAPBindPassword oaj5Phum<br>    Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local<br>    Require ldap-user gandolfim<br>    AuthLDAPGroupAttributeIsDN off<br>    Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local<br>
    Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local<br>    AuthLDAPGroupAttribute memberUid<br></Directory><br><Directory "/usr/lib/nagios/cgi"><br>    AuthType Basic<br>    AuthName "Nagios - Ldap - CGI"<br>
    AuthBasicProvider ldap<br>    AuthLDAPUrl ldaps://unixautmi-ese01.sky.local:636,unixautca-ese01.sky.local:636/ou=people,dc=sky,dc=local?uid<br>    AuthLDAPBindDN "cn=authuser,dc=sky,dc=local"<br>    AuthLDAPBindPassword oaj5Phum<br>
    Require ldap-dn uid=gandolfim,ou=people,dc=sky,dc=local<br>    Require ldap-user gandolfim<br>    AuthLDAPGroupAttributeIsDN off<br>    Require ldap-group cn=systemadminmi,ou=groups,dc=sky,dc=local<br>    Require ldap-group cn=infosec,ou=groups,dc=sky,dc=local<br>
    AuthLDAPGroupAttribute memberUid<br></Directory><br><br>I've defined my username as a contact<br><br>define contact {<br>        use             email-contact<br>        contact_name    gandolfim<br>        alias           Mattia Gandolfi<br>
        email           <a href="mailto:mattia.gandolfi@xxxxxxx.com">mattia.gandolfi@xxxxxxx.com</a><br>        pager           none<br>}<br><br>and I've set the following options in cgi.cfg<br><br>use_authentication=1<br>
use_ssl_authentication=0<br>authorized_for_system_information=gandolfim<br>authorized_for_configuration_information=gandolfim<br>authorized_for_system_commands=gandolfim<br>authorized_for_all_services=gandolfim<br>authorized_for_all_hosts=gandolfim<br>
authorized_for_all_service_commands=gandolfim<br><br>Authentication works fine, and I see "Logged in as <i>gandolfim"</i> on top of the Tactical Monitoring Overview page.<br>However, as soon as I try to access the cgi, for example to disable notifications for a service, I get "Sorry, but you are not authorized to commit the specified command."<br>
<br>What am I missing?<br><br>Thanks<br><br>Mattia<br><br>