# Authentication modules
Note:
All instructions below assume you are running OracleLinux8.X.
## Setting up an Authentication Module
1. Enter "**Manage**" -> "**Configure**" -> "**Authentication Modules**"
- Authentication can utilize following drivers:
- Default (local user files)
- LDAP
- Apache
### Default
Default authorization uses local user files, without any external software to verify the credentials. Essentially in this method, all users made in Energy Monitor GUI, are perfectly capable of logging in by themselves as long as credentials match the database entry.
### Apache
Setting up the module to utilize Apache only:
1. .htpasswd, this file must be present in /etc/naemon/
htpasswd
- Simplest way to add it is via shell:
- htpasswd -c /etc/naemon/htpasswd username
- replace username with a first desired user.
- any consequent users are added with:
- htpasswd /etc/naemon/htpasswd anotheruser
2. In your apache configuration file: /etc/httpd/conf.d
AuthType Basic
AuthName "Naemon Monitoring"
AuthUserFile /etc/naemon/htpasswd
Require valid-user
\
3. Restart Apache service:
systemctl restart httpd
### LDAP
LDAP authorizes via Apache server, it checks against LDAP directory using mod_authnz_ldap. This allows for a centralized approach, centralized user management.
Setting up the module to utilize Apache only:
1. Install Apache and LDAP modules
dnf install httpd mod_ldap mod_ssl
2. Enable the required modules:
systemctl enable --now httpd
systemctl start httpd
Note:
in OracleLinux 8.X these modules are usually already included with httpd server.
3. Configure Apache for LDAP authentication:
- Example of /etc/httpd/conf.d/naemon.conf
AuthType Basic
AuthName "Naemon Monitoring"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap.example.com/dc=example,dc=com?uid?sub"
Require valid-user
\
Note:
Replace ldap:// with your server IP or hostname and Distinguished Name.
LDAPS, if you support SSL, can be used as well: ldaps:// and port 636.
Ensure the vailidty of certificates
4. Restart Apache service:
systemctl restart httpd
### Combining both at once
The administrator can set the Apache to use both providers at the same time:
1. In your apache configuration file: /etc/httpd/conf.d
AuthType Basic
AuthName "Naemon Monitoring"
AuthBasicProvider file ldap
AuthUserFile /etc/naemon/htpasswd
AuthLDAPURL "ldap://ldap.example.com/dc=example,dc=com?uid?sub"
Require valid-user
\
Note:
AuthBasicProbvider is set to file and ldap.
2. Restart Apache service:
systemctl restart httpd
### 4. Optional, System-Level LDAP, to use with SSH or console, on OracleLinux8.X:
1. Install SSSD and LDAP tools:
dnf install sssd authselect
2. Configure authselect:
authselect select sssd with-ldap --force
3. Edit /etc/ssd/ssd.conf to point to your LDAP server
4. Configure /etc/nsswitch.conf to include ldap or sss for passwd and group:
passwd: files sss
group: files sss
5. Restart services:
systemctl restart sssd
Note:
AuthBasicProbvider is set to file and ldap.
2. Restart Apache service:
systemctl restart httpd
### Optional Improvements
In case of performance problems, the administrator can install PHP extensions to help mitigate this issue:
- **APC (Alternative PHP Cache)**
- This extension caches compiled PHP scripts, so they don't have to be recompiled on every request. It also stores application data in memory, reducing the need for repeated queries to the database.
- Key settings:
- **apc_ttl**
- "Time to live", determines how long the data is stored in the cache.
- **apc_store_prefix**:
- Defines a prefix for cached keys, preventing naming collisions between applications and modules.