|
|
|
worker_processes 1;
|
|
|
|
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
|
|
include mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
|
|
|
|
sendfile on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
|
|
|
|
# define ldap server
|
|
|
|
ldap_server ad_1 {
|
|
|
|
# user search base.
|
|
|
|
url "ldap://<YOUR LDAP SERVER>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
|
|
|
|
# bind as
|
|
|
|
binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
|
|
|
|
# bind pw
|
|
|
|
binddn_passwd <PUT Operator's PASSWORD HERE>;
|
|
|
|
# group attribute name which contains member object
|
|
|
|
group_attribute member;
|
|
|
|
# search for full DN in member object
|
|
|
|
group_attribute_is_dn on;
|
|
|
|
# matching algorithm (any / all)
|
|
|
|
satisfy any;
|
|
|
|
# list of allowed groups
|
|
|
|
require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
|
|
|
|
require group "CN=New York Users,OU=My Security Groups,DC=company,DC=com";
|
|
|
|
# list of allowed users
|
|
|
|
# require 'valid_user' cannot be used together with 'user' as valid user is a superset
|
|
|
|
# require valid_user;
|
|
|
|
require user "CN=Batman,OU=Users,OU=New York Office,OU=Offices,DC=company,DC=com";
|
|
|
|
require user "CN=Robocop,OU=Users,OU=New York Office,OU=Offices,DC=company,DC=com";
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 8081;
|
|
|
|
server_name localhost;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
# adding ldap authentication
|
|
|
|
auth_ldap "Closed content";
|
|
|
|
auth_ldap_servers ad_1;
|
|
|
|
|
|
|
|
root html;
|
|
|
|
index index.html index.htm;
|
|
|
|
}
|
|
|
|
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
|
|
|
|
location = /50x.html {
|
|
|
|
root html;
|
|
|
|
}
|
|
|
|
}
|