我已经在这里的Nagios上运行了对我的LDAP服务器进行身份验证的服务器(带有Apache 2.2.3-22.el5.centos的CentOS 5.3),并且一切正常。但是,我希望某些IP无需身份验证即可查看Nagios状态页面。Nagios具有此选项,可将用户分配给未认证的用户:
authorized_for_read_only=guest
default_user_name=guest
听起来不错,但这并不能解决Apache身份验证问题。我当前的apache配置如下所示:
<Directory "/usr/lib64/nagios/cgi">
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/misc/htpasswd.users
Require valid-user
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthBasicAuthoritative On
AuthLDAPGroupAttribute LDAPmember
AuthLDAPURL (my server stuff)
Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>
那行得通,但我想以某种方式说“这里的IP,他可以跳过身份验证”。Apache Satisfy指令看起来可以正常工作,因此我尝试了以下操作:
<Directory "/usr/lib64/nagios/cgi">
AllowOverride None
Order allow,deny
Allow from (IP) <---- changed
Deny from all <---- changed
Satisfy any <---- changed
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /etc/nagios/misc/htpasswd.users
Require valid-user
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthBasicAuthoritative On
AuthLDAPGroupAttribute LDAPmember
AuthLDAPURL (my server stuff)
Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>
但这并没有改变网站的行为。有什么想法吗?“为我工作”?指向适当的升级说明的指针说,如果可以升级服务器,就可以解决此问题吗?:)
----更新有答案----
我拿出了文件或LDAP的东西,满意地为我工作。我可能在那儿做错了什么,但是无论如何,现在可以了。这是我最终的配置:
<Directory "/usr/lib64/nagios/cgi">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from 192.168.42.213
Satisfy any
AuthName "Nagios Access"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthBasicAuthoritative On
AuthLDAPGroupAttribute LDAPmember
AuthLDAPURL (my server stuff)
Require ldap-group CN=nagios,ou=groups,DC=local
</Directory>