How to allow Active Directory authenticated users use Nagios web interface?

I have put .htaccess files in the Nagios html root and CGI root directories, so in order to get access to the web interface, the users needs a valid Active Directory account.

The problem I have is in /etc/nagios/cgi.cfg which says

use_authentication=1

authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin

Setting use_authentication=0 "solves" the problem, but I have read

Also, disabling authentication causes all sorts of things to not work because the programmers don't want to be responsible for what happens It's best to use authentication and then set it up correctly ;-)

so I am not too keen on that.

It should be possible to replace nagiosadmin with a group according to

Basically all of these "authorized_for_" stuff is to permit "administrative" users to access the system.

One convenience that they don't tell you is that you can put group names instead of user accounts, so if you've got an IT Admin group defined, put that instead of all of the members of the group

Question

How do I define such group when the users authenticate through htaccess with Apache's mod_authz_ldap.so?


Solution 1:

This solved the problem.

sed -i 's/nagiosadmin/\*/g' /etc/nagios/cgi.cfg
sed -i 's/#default_user_name=guest/default_user_name=guest/g' /etc/nagios/cgi.cfg