nagios使用ldap用户认证

2013年3月21日 发表评论 阅读评论

nagios和openldap都是非常优秀的开源软件, nagios在监控方面几乎已经成了一种业界标准,而openldap本身就遵循ldap标准,几乎一提到用户的统一认证,我们首先想到的就是openldap 。而在对nagios进行用户认证管理方面,我们完全可以通过openldap和公司的OA、mail、ftp、wiki等系统进行整合。

下面以apache为例,其关于nagios的配置文件如下:

NameVirtualHost *:80
<VirtualHost *:80>
    ServerAdmin admin@361way.com
    DocumentRoot "/App/nagios/share"
    ServerName   nagios.361way.com
    ErrorLog "/var/log/httpd/nagios-error_log"
    CustomLog "/var/log/httpd/nagios-access_log" common
  scriptAlias /nagios/cgi-bin "/App/nagios/sbin"
  <Directory "/App/nagios/sbin">
#    SSLRequireSSL
     Options ExecCGI
     AllowOverride None
     Order allow,deny
     Allow from all
#    Order deny,allow
#    Deny from all
#    Allow from 127.0.0.1
     AuthName "Nagios Access"
     AuthType Basic
     AuthBasicProvider  ldap
     AuthzLDAPAuthoritative    off
     AuthLDAPURL    ldap://127.0.0.1:389/ou=Users,domainName=361way.com,o=domains,dc=361way,dc=com?uid?sub?(&(objectclass=inetOrgPerson)(accountstatus=active)(memberofgroup=dept.support@361way.com))
     AuthLDAPBindDN     "cn=manager,dc=361way,dc=com"
     AuthLDAPBindPassword       "password"
     Require valid-user
  </Directory>
  Alias /nagios "/App/nagios/share"
  <Directory "/App/nagios/share">
#    SSLRequireSSL
     Options None
     AllowOverride None
     Order allow,deny
     Allow from all
#    Order deny,allow
#    Deny from all
#    Allow from 127.0.0.1
     AuthName "Nagios Access"
     AuthType Basic
     AuthBasicProvider  ldap
     AuthzLDAPAuthoritative    off
     AuthLDAPURL    ldap://127.0.0.1:389/ou=Users,domainName=361way.com,o=domains,dc=361way,dc=com?uid?sub?(&(objectclass=inetOrgPerson)(accountstatus=active)(memberofgroup=dept.support@361way.com))
     AuthLDAPBindDN     "cn=manager,dc=361way,dc=com"
     AuthLDAPBindPassword       "password"
     Require valid-user
  </Directory>
Alias /pnp4nagios "/App/pnp4nagios/share"
<Directory "/App/pnp4nagios/share">
        AllowOverride None
        Order allow,deny
        Allow from all
        AuthName "Nagios Access"
        AuthType Basic
        AuthBasicProvider  ldap
        AuthzLDAPAuthoritative    off
     AuthLDAPURL   ldap://127.0.0.1:389/ou=Users,domainName=361way.com,o=domains,dc=361way,dc=com?uid?sub?(&(objectclass=inetOrgPerson)(accountstatus=active)(memberofgroup=dept.support@361way.com))
        AuthLDAPBindDN     "cn=manager,dc=361way,dc=com"
        AuthLDAPBindPassword       "password"
        Require valid-user
        <IfModule mod_rewrite.c>
                # Turn on URL rewriting
                RewriteEngine On
                Options FollowSymLinks
                # Installation directory
                RewriteBase /pnp4nagios/
                # Protect application and system files from being viewed
                RewriteRule ^(application|modules|system) - [F,L]
                # Allow any files or directories that exist to be displayed directly
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteCond %{REQUEST_FILENAME} !-d
                # Rewrite all other URLs to index.php/URL
                RewriteRule .* index.php/$0 [PT,L]
        </IfModule>
</Directory>
</VirtualHost>

该配置中将nagios 和pnp4nagios的认证都使用了ldap认证。不过nagios的认证只在此处使用还不行,还需要在cgi.cfg文件中做相关的配置。修改/App/nagios/etc/cgi.cfg文件中的下列配置如下:

authorized_for_system_information=guest1,361way,guest2
authorized_for_configuration_information=361way
authorized_for_system_commands=361way
authorized_for_all_services=guest1,361way,guest2
authorized_for_all_hosts=guest1,361way,guest2
authorized_for_all_service_commands=361way
authorized_for_all_host_commands=361way

注:需要保证上面写的三个用户能在ldap的dept.support组中能查到。这样配置以后记得restart http和nagios服务使配置生效。生效后打开nagios.361way.com域名,就可以通过ldap认证过的用户名和密码访问nagios了。而且此处做了用户的二级管理,也增加了认证的安全性。用户不但要在ldap相关的组中存在,而且要在cgi.conf配置中存在。只有通过上面的两步认证才可以打开相关的URL。




本站的发展离不开您的资助,金额随意,欢迎来赏!

You can donate through PayPal.
My paypal id: itybku@139.com
Paypal page: https://www.paypal.me/361way

分类: 开源软件 标签: ,
  1. 本文目前尚无任何评论.
  1. 本文目前尚无任何 trackbacks 和 pingbacks.