[Pkg-nagios-devel] Bug#758513: fails to authenticate if multiple LDAP results match, misleading error message

[Daniel Pocock]

Package: nagios3

Not sure if this log message comes from Apache or from Nagios, if it is
an Apache error then please re-assign to the Apache package.

Basically, my Nagios was working fine with Apache LDAP

In httpd.conf:

    AuthType bsic
    AuthBasicProvider ldap
    AuthName "test server"
    AuthLDAPURL "ldap://some-server/dc=example,dc=org"

One day, I found I could not log in to the web interface, the password
popup would keep appearing

Looking at the Apache error log file, I could see lines like this:

     user daniel not found: /nagios3/cgi-bin/status.cgi

Looking in Google, "not found" brings up all kinds of unrelated pages,
but I found a few other people with similar messages such as:

     user nagiosadmin not found: /nagios3/cgi-bin/status.cgi
     user root not found: /nagios/cgi-bin/status.cgi

In my case it turns out that somebody had changed the LDAP configuration
and created two users called "daniel", each in different sub-trees, e.g.

    uid=daniel,dc=test,dc=example,dc=org
    uid=daniel,dc=production,dc=example,dc=org

So the "not found" message is actually quite confusing, in my case, it
seems to indicate that two users were found and it didn't know which is
correct.  By refining my AuthLDAPURL to use
dc=production,dc=example,dc=org I got it working again.

Other people commented that disabling SELinux or fixing permissions on
the htpasswd file made this error go away in other situations.  In my
case, none of that feedback was relevant.