[icinga-users] unable to pass http basic authentication with icinga2go

Fri, 16 May 2014 07:06:05 -0700 

Hi,
i am trying to connect with icinga2go (https://www.icinga.org/about/icinga-mobile/) to our icinga-web instances. 

The problem that i encounter is, that all these intances are protected
with HTTP basic authentication. I guess, this is not completely
unusual. But icinga2go only allows to enter an URL and the authkey.

So after i entered the authkey and the url, icinga-mobile only
dispays "request failed".

A look into the access log proves, that  all requests to the api are
answered with a 401. Not surprising  as i did not provided a username
and a password.

My next idea was to disable HTTP basic authenticiation for URIs that
match the pattern /icinga-web/web/api. But i did not managed to achieve
this goal.

Ther vhost config looks like this:

--
ServerName myicingaserver.company.net

Include /etc/icinga-web/apache2.conf

DocumentRoot /var/www

<Location /icinga-web>
  AuthName "myicingaserver.company.net"
  AuthType Basic
  AuthBasicProvider ldap
  AuthLDAPBindDN cn=httpd,ou=system,o=company
  AuthLDAPBindPassword auth$ldap
  AuthLDAPURL "ldap://ldap.company.net/ou=people,o=company?uid?sub";
  Require ldap-group cn=foobar,ou=access
</Location>

RewriteEngine on

RewriteRule ^/$         /icinga-web                     [R,L]

RewriteCond %{HTTPS} !^on$

RewriteRule .* https://myicingaserver.company.net%{REQUEST_URI} 
[QSA,R,L]

--


A standard method would be to add

<Location /icinga-web/web/api>
Satisfy Any
Allow from all
</Location>

But this fails, probably because the Icinga rewrite rules are applied
before mod_auth can do its job. A bit strange, because the section
starting with <Location /icinga-web> works obviously.

I have also tried to do somethings like this:

SetEnvIf Request_URI ^/icinga-web/web/api noauth=1

<Location />
Allow from env=noauth
..
LDAPAuthSection
...
Satisfy Any
</Location>

But that didn't work either.

Has anyone an idea what i am missing here? I would deeply grateful if
someone could post a working Apache config here. Or could give hint
that points me into he right direction.

kind regards
Chris



_______________________________________________
icinga-users mailing list
icinga-users@lists.icinga.org
https://lists.icinga.org/mailman/listinfo/icinga-users






















					Reply via email to