0

I've set up a Nagios Core server on CentOS and I want people to be able to use their AD credentials to log into the web interface. At the moment, the httpd configuration is:

    AuthBasicProvider ldap
    AuthType Basic
    AuthName "Active Directory Login"
    AuthLDAPURL "ldap://[servername].[domainname].inc:3268/dc=[domainname],dc=inc?sAMAccountName?sub" NONE
    AuthLDAPBindDN "[Username]@[domainname].inc"
    AuthLDAPBindPassword "[Password]"
    Require valid-user

Trying to log in, though, yields this message:

[Thu Oct 24 15:18:13.029425 2019] [auth_basic:error] [pid 311] [client 10.121.XX.XX:52740] AH01617: user [username]: authentication failure for "/nagios/": Password Mismatch

I imagine I'm doing something wrong with either AuthLDAPURL or AuthLDAPBindPassword, as I'll admit I had some trouble understanding the documentation for those.

Thank you very much.

TechnicallyTrue
  • 1
  • 2

2 Answers2

0

Good day !

Kindly check the cgi.cfg configuration and verify the same .

use_authentication set to 1

abbas peace
  • 1
0

I've figured it out! The issue was with AuthLDAPBindDN. I saw the [username]@[domain].[TLD] format suggested a few places, but from what I can tell it does not work. Perhaps it's for an older version of Apache. Instead, the username should be formatted as follows:

CN=[username],OU=[AD folder containing username],[more entries as needed],DC=[domain],DC=[TLD]

Essentially, the comma-separated list is a path from the user object you're using up to the top-level domain. So if your directory structure looked like this...

company.com
  location1
  location2
    users
      alice
      bob
      charlie
    computers
  location3

...and you wanted to bind to the domain using Alice's user account, the value for AuthLDAPBindDN should be:

AuthLDAPBindDN "CN=alice,OU=users,OU=location2,dc=company,dc=com"

Hopefully this helps anyone who is confused like I was.

TechnicallyTrue
  • 1
  • 2