How to Configure LDAP Authentication for Nagios on CentOS 5.5

This article assumes that you already installed the nagios server on LAMP CentOS server and also installed 389 directory server. In the previous tutorial, the user that is allowed to manage nagios is nagiosadmin which has been created using htpasswd. In this article, I will show you how to configure LDAP authentication for Nagios on CentOS 5.5.

Prerequisites

1. Configure nagios.conf and change it to your LDAP environment. Assume the following info is valid on LDAP server:

Server ip = 192.168.2.5
Suffix = dc=intranet, dc=local
LDAP user : user1 ( most of the time, this user is sytem administrator)
[root@server ~]# vi /etc/httpd/conf.d/nagios.conf
ScriptAlias /nagios/cgi-bin "/usr/lib/nagios/cgi"

<Directory "/usr/lib/nagios/cgi">
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthBasicProvider ldap
   AuthType Basic
   AuthzLDAPAuthoritative on
   AuthName " LDAP Authentication for Nagios Monitoring"
   AuthLDAPURL "ldap://192.168.2.5:389/DC=intranet,DC=local?uid?sub?(objectClass=*)" NONE
   Require user
</Directory>

Alias /nagios "/usr/share/nagios"

<Directory "/usr/share/nagios">
   Options None
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthBasicProvider ldap
   AuthType Basic
   AuthzLDAPAuthoritative on
   AuthName " LDAP Authentication for Nagios Monitoring"
   AuthLDAPURL "ldap://192.168.2.5:389/DC=intranet,DC=local?uid?sub?(objectClass=*)" NONE
   Require user
</Directory>

2. Replace all of the “nagiosadmin” entries with “*” in /etc/nagios/cgi.cfg. This is to prevent the error message in CGI authentication.

It appears as though you do not have permission to view information for any of the hosts you requested...

If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.
[root@server ~]# grep "nagiosadmin" /etc/nagios/cgi.cfg | grep -v "#"
authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin
[root@server ~]# vi /etc/httpd/conf.d/nagios.conf

Replace nagiosadmin to * as below:

authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*
[root@server ~]# grep "*" /etc/nagios/cgi.cfg | grep -v "#"
authorized_for_system_information=*
authorized_for_configuration_information=*
authorized_for_system_commands=*
authorized_for_all_services=*
authorized_for_all_hosts=*
authorized_for_all_service_commands=*
authorized_for_all_host_commands=*

3. Restart the nagios service

[root@server ~]# /etc/init.d/nagios restart
Stopping nagios:                                           [  OK  ]
Starting nagios:                                           [  OK  ]

4. Restart apache server

[root@server ~]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]