Version 2 (modified by jonmills, 8 years ago)



This page details how to authenticate & authorize which users can access your OMD/Check_MK/Nagios monitoring website. As usual, there's lots of pieces involved:


  • Authentication
    • httpd - uses the system's shared Apache daemon
    • mod_ssl -- uses the system-installed mod_ssl RPM package to secure the site
    • mod_authnz_ldap -- this apache module does the heavy lifting for us
    • auth.conf -- Requires custom editing of the file $OMD_ROOT/etc/apache/conf.d/auth.conf
  • Authorization
    • -- requires tweaks to this file
    • -- like with the old nagios cgi's, you need contact objects corresponding to the LDAP user names passed by Apache in the HTTP_USER var


  • This is an example $OMD_ROOT/etc/apache/conf.d/auth.conf file
    • Your ldapurl may vary ;-)
      <Location "/myexample">
        SSLOptions +StdEnvVars
        order deny,allow
        deny from all
        AuthName "OMD Monitoring Site myexample"
        AuthType Basic
        AuthUserFile /omd/sites/myexample/etc/htpasswd
        AuthBasicProvider ldap
        AuthLDAPBindDN cn=proxy-user,dc=example,dc=org
        AuthLDAPBindPassword passw0rd
        AuthLDAPURL "ldap://,dc=example,dc=org?uid?sub?"
        AuthzLDAPAuthoritative on
        Require valid-user
        Satisfy any