Version 1 (modified by jonmills, 8 years ago)



This page details how to authenticate & authorize which users can access your OMD/Check_MK/Nagios monitoring website. As usual, there's lots of pieces involved:


  • Authentication
    • httpd - uses the system's shared Apache daemon
    • mod_ssl -- uses the system-installed mod_ssl RPM package to secure the site
    • mod_authnz_ldap -- this apache module does the heavy lifting for us
    • auth.conf -- Requires custom editing of the file $OMD_ROOT/etc/apache/conf.d/auth.conf
  • Authorization
    • -- requires tweaks to this file
    • -- like with the old nagios cgi's, you need contact objects corresponding to the LDAP user names passed by Apache in the HTTP_USER var


  • This is an example $OMD_ROOT/etc/apache/conf.d/auth.conf file
    <Location "/myexample">
      SSLOptions +StdEnvVars
      order deny,allow
      deny from all
      AuthName "OMD Monitoring Site myexample"
      AuthType Basic
      AuthUserFile /omd/sites/myexample/etc/htpasswd
      AuthBasicProvider ldap
      AuthLDAPBindDN cn=proxy-user,dc=example,dc=org
      AuthLDAPBindPassword passw0rd
      AuthLDAPURL "ldap://,dc=example,dc=org?uid?sub?"
      AuthzLDAPAuthoritative on
      Require valid-user
      Satisfy any