I have successfully installed nagios, and it provides authentication through apache2 which contacts a kerberos authentication server to authenticate users.
Now, users are authenticated, but they don't have any authorization as authorization is configured on cgi.cfg
and I don't want to configure all my users one by one manually, or give all rights to each authenticated user.
I would like to know if groups can be set on the cgi.cfg
file (such as nagios_reader, with right to watch web interface, host and services status, and nagios_writer, with the ability to run external commands) instead of on the user, and if these groups can be extracted from LDAP.
Best Answer
I'm afraid that the answer is no. Nagios hasn't supported this feature yet. The value of
authorized_
options must be a comma-delimited list of names of authenticated users. But if, as you said, "these groups can be extracted from a LDAP", so you can add every members in a group with a little shell script.Nagios has the
authorized_for_read_only
option to configure a list of usernames that have read-only rights in the CGIs. Assuming that thenagios_reader.ldif
contains:You can configure all the members of this group as a value of
authorized_for_read_only
variable by using: