slightly patched fork of LDAP authentication module for nginx
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
worker_processes 1;
|
|
|
|
|
|
|
|
events {
|
|
|
|
worker_connections 1024;
|
|
|
|
}
|
|
|
|
|
|
|
|
http {
|
|
|
|
include mime.types;
|
|
|
|
default_type application/octet-stream;
|
|
|
|
|
|
|
|
sendfile on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
|
|
|
|
auth_ldap_url ldap://ldap.example.com/dc=example,dc=com?uid?sub?(objectClass=person);
|
|
|
|
auth_ldap_binddn cn=nginx,ou=service,dc=example,dc=com;
|
|
|
|
auth_ldap_binddn_passwd mYsUperPas55W0Rd
|
|
|
|
|
|
|
|
auth_ldap_group_attribute uniquemember; # default 'member'
|
|
|
|
auth_ldap_group_attribute_is_dn on; # default on
|
|
|
|
|
|
|
|
server {
|
|
|
|
listen 8081;
|
|
|
|
server_name localhost;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
auth_ldap "Closed content";
|
|
|
|
|
|
|
|
#auth_ldap_require valid_user;
|
|
|
|
auth_ldap_require user 'cn=Super User,ou=user,dc=example,dc=com';
|
|
|
|
auth_ldap_require group 'cn=admins,ou=group,dc=example,dc=com';
|
|
|
|
auth_ldap_require group 'cn=user,ou=group,dc=example,dc=com';
|
|
|
|
auth_ldap_satisfy any;
|
|
|
|
root html;
|
|
|
|
index index.html index.htm;
|
|
|
|
}
|
|
|
|
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
location = /50x.html {
|
|
|
|
root html;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|