I am running into an issue with my icingaweb2 where when I try to use the external autologin, I never actually get prompted for a password.
System: CentOS 7
IcingaWeb About Page:
Git commit 7cec28a31fdff0feb470ec001838bc1dec9c4b69
Git commit date 2017-09-28
I originally am trying to use LDAP without requiring a bind account. I can create a test web page in my Apache following these instructions. This web page works fine. I get prompted for login, I get authenticated, and I can see my empty little page.
So this block of code, dropped directly into the icingaweb2.conf, is not working.
- alias /icingaweb2 "/usr/share/icingaweb2/public"
- <Directory "/usr/share/icingaweb2/public">
- AuthType Basic
- AuthName "HTTPD LDAP AUTH"
- AuthBasicProvider ldap
- AuthLDAPURL ldaps://ldap.fqdn/ou=Users,dc=place,dc=boat,dc=thing?uid?one
- AuthLDAPGroupAttribute memberUid
- AuthLDAPGroupAttributeIsDN off
- Require valid-user
I try to do this to the icingaweb2.conf file, and I get straight to the blue login page, with a red error telling me that I have failed to authenticate within Apache. Then I go to the icingaweb2 auth tutorial for autologin, and try to set it up without using LDAP.
For me, even these instructions still fail. I still get to the blue page, with the error saying I failed to authenticate in Apache. Side note: You only get this failure error if your only authentication option is the autologin.
So, I am looking for any input at all as to why a the login prompt refuses to show for icingaweb2, but works for a little test page. If I can maybe solve the local access with a file, maybe I can work from there and fix the LDAP
I could go back to my LDAP guys and ask for a service account for the LDAP bind backend, but would rather try to fix it on the Apache side. And so here I am.
Alternatively, if there is a way to configure the LDAP resource in icingaweb2 to run without a BIND, I would take that.
Thanks for your advice