Configure LDAP Autentication using group

We want to configure autentication using ldap and assing a role to each user based on member-of ldap field.
It is posible in icinga?
Can anyone help us ?

Best regards,
Emilio J.


this is what I found in the docs, maybe those could be a starting point?
Resources - Icinga Web 2 and Authentication - Icinga Web 2

I have finally managed to configure it.
Need to do three steps:

  1. Import Users from LDAP ( Configuration → Application → Authentication → User backend )
  2. Import Groups from LDAP. (in previous page choose User Group Backend) Key point is LDAP Group Member Attribute that define whitch user are in this group
    3.- Define roles. (Configuration → Autentication → Roles ) The problem is that for each module the way to restrict the object that a role can use is diferent:
    A.- Monitoring: you can fill monitoring/​filter/​objects with a value like _host_tenant=AAA
    B.- director: you must include host in hostgroup and use director/​filter/​hostgroups

Best regards,
Emilio J.

Hello Emilo,
I am at the same point with less success.
Can you clarify with some examples the points 2 and 3?

I managed to load the groups from AD, but inside the group are not users but roles.

group_member_attribute : LDAP attribute where a group’s members are stored.
Defaults to member.

What did you use here?

How can I assign groups from the AD to the Roles in Icinga?

Saludos/ Regards,

Hey @chanti, a late welcome to the forum

Please open a new topic for issues that you are experiencing.
If you comment under older topics, especially if they have been solved already, chances are that your message will be overlooked (like it probably has been) are pretty high.
You can always link back to the relating topic by just adding a link to it in the description.

I hope you managed to resolve your issue by now, if now - feel free to open a new topic!