Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP authentication and Authorization #1016

Open
emi65 opened this issue Jan 7, 2025 · 1 comment
Open

LDAP authentication and Authorization #1016

emi65 opened this issue Jan 7, 2025 · 1 comment
Labels
Question

Comments

@emi65
Copy link

emi65 commented Jan 7, 2025

Hi
I'm Using Nagios Core 4.4.14 on the red hat 7.9 linux system
I defined a contact HO27720 and

I have configured user authentication by LDAP (windows env)
The user can see all nagios monitored host
I'm able to authenticate the user HO27720 by LDAP and see all

In the conf file of the nagios http site file I have configured the rules to Upper the user name so I expect
to see the same data when I make LDAP connection by the user ho27720 (lower case)

The authentication works but I CAN'T see anythig

nagios,conf

Rule to convert to Uppercase REMOTE_USER

RewriteMap toUppercase int:toupper
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} .
RewriteRule ^.* - [E=REMOTE_USER:${toUppercase:%{LA-U:REMOTE_USER}}]
#SET the environment VAR to uppercase
SetEnvIf Remote_Username "(.*)" REMOTE_USER=1
CustomLog /var/log/httpd/access_log combined
LogFormat "%h %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{REMOTE_USER}e"" combined

ScriptAlias /nagios/cgi-bin "/usr/lib64/nagios/cgi-bin/"

<Directory "/usr/lib64/nagios/cgi-bin/">
Options FollowSymLinks ExecCGI
AllowOverride None
Order allow,deny
Allow from all

LDAP Authentication

AuthType Basic
AuthBasicProvider ldap
AuthName "LDAP Authentication : USARE MATRICOLA in maiuscolo"
AuthLDAPURL ldap://ldap-sedi.sedi-direzioni.group:389/DC=sedi-direzioni,DC=group?sAMAccountName?sub?(objectClass=person)
AuthLDAPBindDN "CN=sa_XXXX,OU=Servizi,OU=Area Tecnica,DC=sistemi,DC=group"
AuthLDAPBindPassword "XXXXXXXXXXXXXXXXXXXXXX"
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require valid-user

# LDAP Group requirements
Require ldap-group cn=ggUtentiDire3437,OU=DIRE3437,OU=DIREZIONEHO,DC=sedi-direzioni,DC=group
Require ldap-group cn=ggUtentiEsterni3437,OU=DIRE3437,OU=DIREZIONEHO,DC=sedi-direzioni,DC=group
Require ldap-group cn=ggUtentiDire3369,OU=DIRE3369,OU=DIREZIONEHO,DC=sedi-direzioni,DC=group
Require ldap-group cn=ggUtentiEsterni3369,OU=DIRE3369,OU=DIREZIONEHO,DC=sedi-direzioni,DC=group

in the Access Log file I saw
172.16.69.46 ho27720 [07/Jan/2025:16:02:07 +0100] "GET /nagios/images/tacenabled.png HTTP/1.1" 304 - "http://nagiostest.intranet.servizi/nagios/cgi-bin/tac.cgi" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" "HO27720"

LogFormat "%h %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{REMOTE_USER}e""
%u is ho27720 and REMOTE_USER is HO27720

Inside Nagios (i.e. Tactical Status OverView) I see "Logged in as ho27720"
I attache the image

Why don't see HO27720 ?
Is there a way to get the same authorization of the use HO27720 or I have to define to user
HO27720 and ho27720 ?

nagios nagios1 nagios2

Regard and Thanks for you help
@aaronagios
Copy link
Contributor

LDAP is case in-sensitive, Nagios username is case sensitive. This is the heart of the issue.

It seems like you were hoping your rewrite rule would effectively make Nagios username case in-sensitive on your system as well, but it seems not to have done so.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emi65 @aaronagios