[SOLVED] Need to set LDAP Auth in Apache to only allow users in a specific group

mosiac · 09-18-2014, 09:14 AM

Summary of the issue is I'm setting up and configuring a new nagios server and a request I had was to get user accounts authenticating through active directory, which isn't a big deal I found a simple guide and I got it to work.

Problem is anyone on our domain is able to login, they can't see anything unless I've set them to, but I'd rather they not login.

Here's the snippit from my httpd.conf file

Code:

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    AuthBasicProvider ldap
    AuthType Basic
    AuthzLDAPAuthoritative on
    AuthName "Active Directory Login"
    AuthLDAPURL "ldap://dcipaddress:3268/dc=domain,dc=com?sAMAccountName?sub"
    AuthLDAPBindDN "user@domain.com"
    AuthLDAPBindPassword "password"
    Require ldap-group cn=naggy_group
</Directory>

I feel like I"m just missing something really simple.

Thanks in advance

bathory · 09-18-2014, 11:36 AM

Quote:

Require ldap-group cn=naggy_group

I guess you have to specify the full dn of the group in question.
Something like

Code:

Require ldap-group cn=naggy_group, dc=domain,dc=com

mosiac · 09-18-2014, 11:44 AM

Quote:

Originally Posted by bathory

I guess you have to specify the full dn of the group in question.
Something like

Code:

Require ldap-group cn=naggy_group, dc=domain,dc=com

Tried this and it still didn't work.

It seems like no matter what i put in the Require fields, it doesn't care it just authenticates any user that can log in correctly.

mosiac · 09-18-2014, 12:43 PM

I did find out what the problem was. Httpd.conf was handling the AD portion and then nagios.conf was verifying users I didn't realize it would work that way but once I tried it
(moved all the Require fields over to nagios.conf) it worked fine