Nagios Authenticating and Importing Users with AD and LDAP simplify user management of large infrastructures and standardize credentials.

As part of our Server Management Services, we assist our customers with several Nagios queries.

Today, let us see how to integrate Nagios Log Server with Active Directory (AD) or Lightweight Directory Access Protocol (LDAP).

Nagios Authenticating and Importing Users with AD and LDAP

Nagios Log Server is a clustered application, it consists of one or more instances of Nagios Log Server. However, it does not matter which instance a user connects to when logging into the web interface.

With this in mind, each instance of Nagios Log Server will need to be able to communicate with the AD or LDAP servers when authenticating user credentials.

Before we go ahead, our Support Engineers suggest having:

• Nagios Log Server installation
• A separate Microsoft Windows-based AD infrastructure that is accessible to the Nagios Log Server machine, or,
• A separate LDAP infrastructure (like OpenLDAP) that is accessible to the Nagios Log Server machine

Nagios Log Server DNS Resolution

Generally, the DNS settings for each of our Nagios Log Server instances use DNS servers that are:

• Domain Controllers (DC) in an AD domain, or,
• Capable of resolving the DNS entries used to contact the LDAP server(s)

If we are having issues we can edit the resolv.conf file to use a DNS server within the AD infrastructure as the primary name server.

• Edit the resolv.conf file in a text editor:

  vi /etc/resolv.conf

• Before all other lines starting with nameserver, enter the following:

  nameserver [IP address of DNS server]

Caching options in PHP may prevent changes to the resolv.conf from taking effect and require restarting the Apache service.

If we do edit the file, we will need to restart the Apache webserver:

RHEL 6|CentOS 6|Oracle Linux 6

# service httpd restart

RHEL 7|CentOS 7|Oracle Linux 7

# systemctl restart httpd.service

Ubuntu 14

# service apache2 restart

Debian|Ubuntu 16/18

# systemctl restart apache2.service

Be aware that the /etc/resolv.conf file can be automatically overwritten by the networking stack in RHEL/CentOS.

[Stuck with DNS Resolution? We’d be happy to assist you]

Authenticating and Importing Users with AD and LDAP

Moving ahead let us focus on the steps followed by our Support Engineers.

Configuring The Authentication Servers

First, we must configure the Authentication Server(s) that Nagios Log Server will use. Navigate to Admin > Management > LDAP/AD Integration.

To add an Authentication Server, click the Add Server button. There are different options for Active Directory and LDAP.

• Active Directory

We need to provide the following details:

Server Type: Active Directory
Enabled: Checked
Server Name: Provide a name to associate with this authentication method.
Base DN: An LDAP formatted string where the users are located.
Example: DC=BOX293,DC=local
Account Suffix: An @your-domain.suffix (the part of the full user identification after the username).
Example @BOX293.local
Domain Controllers: A comma-separated list of DC servers that Nagios Log Server can use to authenticate against. This can be a combination of IP addresses, short names, and fully qualified domain names.
Example: dc01.box293.local,dc02.box293.local
Encryption Method: Select the security method (or not) to use. Here we will choose None.

Once complete, we click the Create Server button.

• LDAP

We need to provide the following details:

Server Type: LDAP
Enabled: Checked
Server Name: Provide a name to associate with this authentication method.
Base DN: An LDAP formatted string where the users are located.
Example: dc=box293,dc=local
LDAP Host: The LDAP server that Nagios Log Server can use to authenticate against. This can be an IP address, short name, or fully qualified domain name
Example: ldap01.box293.local
LDAP Port: The TCP network port used to communicate with the LDAP server.
Example: 389
Encryption Method: Select the security method (or not) to use. Here we will choose None.

Once complete, we click the Create Server button.

Importing Users

The next step is to import users from Active Directory or LDAP. Once done, Nagios Log Server will query the DCs or LDAP server each time the user logs in to validate credentials.

The following steps are the same for Active Directory or LDAP:

1. Navigate to Admin > Management > User Management and click the Add Users from LDAP/AD button.
2. Then select the authentication server(s) we defined and provide credentials to connect to the server(s).
3. The account credentials we provide here are only to authenticate against AD / LDAP to retrieve the directory contents.
4. Then we click Next.
5. Once we authenticate successfully, we will have the node of our directory tree.
6. We select the Users node.
7. When we have chosen all the users to import, click the Add Selected Users button.
8. On the next screen, we have a list of the users we are going to import and a summary of how they are going to import.
9. Then we define the required fields for every user.
10. Click the Create Users button to continue. The user accounts will now import into Nagios Log Server.
11. Once done, we will return to the User Management screen.

This completes importing users into Nagios Log Server from AD/LDAP.

[Failed to import Users? We are available 24*7]

Linking Existing Nagios Log Server Users to Active Directory Users

If we already have Nagios Log Server users, we can easily link these local accounts to Active Directory accounts.

1. Navigate to Admin > Management > User Management.
2. Then click the Edit link for the user we want to update, the settings are on the External Authentication tab:

   Auth Type: Active Directory
   AD Server: Select the authentication server(s) you previously defined
   AD Username: Type the username for this user as it is configured in Active Directory
   Example: jane.doe

3. Now, click on the Save User button to save the changes.

Once done, the existing Nagios Log Server user will be able to login using their Active Directory credentials.

Linking Existing Nagios Log Server Users to LDAP Users

If we already have Nagios Log Server users, we can easily link these local accounts to LDAP accounts.

1. Navigate to Admin > Management > User Management.
2. Click the Edit link for the user we want to update, the settings are on the External Authentication tab:
   Auth Type: LDAP
LDAP Server: Select the authentication server you previously defined
Users Full DN: Type the full distinguished name (DN) for this user as it is defined in LDAP
Example: uid=bobsmith,ou=People,dc=box293,dc=local
3. Finally, click the Save User button to save the changes.

Once done, the existing Nagios Log Server user will be able to login using their LDAP credentials.

• LDAP Account Requirements:

The following details demonstrate the object classes and attributes that need to exist for an LDAP user. If these attributes do not exist it is likely that they will not appear in the list of users when performing an import from the LDAP server.

dn: uid=bobsmith,ou=People,dc=box293,dc=local
givenName: Bob
sn: Smith
cn: Bob Smith
uidNumber: 10004
gidNumber: 10004
mail: bobsmith@box293.local
homeDirectory: /home/bobsmith
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson

[Find it hard to import Users? Contact us now]

Conclusion

In short, we discussed how to integrate Nagios Log Server with Active Directory or LDAP to allow user authentication and validation with the Nagios Log Server interface.