add auth_ldap_require valid_user

main
Valery Komarov 14 years ago
parent 29ca665654
commit 4e1ad9585e
  1. 2
      example.conf
  2. 23
      ngx_http_auth_ldap_module.c

@ -24,6 +24,8 @@ http {
location / { location / {
auth_ldap "Closed content"; auth_ldap "Closed content";
#auth_ldap_require valid_user;
auth_ldap_require user 'cn=Super User,ou=user,dc=example,dc=com'; auth_ldap_require user 'cn=Super User,ou=user,dc=example,dc=com';
auth_ldap_require group 'cn=admins,ou=group,dc=example,dc=com'; auth_ldap_require group 'cn=admins,ou=group,dc=example,dc=com';
auth_ldap_require group 'cn=user,ou=group,dc=example,dc=com'; auth_ldap_require group 'cn=user,ou=group,dc=example,dc=com';

@ -33,6 +33,7 @@ typedef struct {
ngx_array_t *require_group; ngx_array_t *require_group;
ngx_array_t *require_user; ngx_array_t *require_user;
ngx_flag_t require_valid_user;
ngx_flag_t satisfy_all; ngx_flag_t satisfy_all;
} ngx_http_auth_ldap_loc_conf_t; } ngx_http_auth_ldap_loc_conf_t;
@ -81,7 +82,7 @@ static ngx_command_t ngx_http_auth_ldap_commands[] = {
NULL }, NULL },
{ {
ngx_string("auth_ldap_require"), ngx_string("auth_ldap_require"),
NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE2, NGX_HTTP_MAIN_CONF | NGX_HTTP_SRV_CONF | NGX_HTTP_LOC_CONF | NGX_HTTP_LMT_CONF | NGX_CONF_TAKE12,
ngx_http_auth_ldap_require, ngx_http_auth_ldap_require,
NGX_HTTP_LOC_CONF_OFFSET, NGX_HTTP_LOC_CONF_OFFSET,
0, 0,
@ -244,6 +245,10 @@ ngx_http_auth_ldap_require(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) {
} }
} }
if (ngx_strcmp(value[1].data, "valid_user") == 0) {
alcf->require_valid_user=1;
}
if (ngx_strcmp(value[1].data, "user") == 0) { if (ngx_strcmp(value[1].data, "user") == 0) {
rule = ngx_array_push(alcf->require_user); rule = ngx_array_push(alcf->require_user);
if (rule == NULL) { if (rule == NULL) {
@ -273,6 +278,7 @@ ngx_http_auth_basic_create_loc_conf(ngx_conf_t *cf) {
return NULL; return NULL;
} }
conf->satisfy_all = NGX_CONF_UNSET; conf->satisfy_all = NGX_CONF_UNSET;
conf->require_valid_user = NGX_CONF_UNSET;
conf->group_attribute_dn = NGX_CONF_UNSET; conf->group_attribute_dn = NGX_CONF_UNSET;
return conf; return conf;
} }
@ -291,6 +297,7 @@ ngx_http_auth_ldap_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) {
ngx_conf_merge_str_value(conf->bind_dn_passwd, prev->bind_dn_passwd, ""); ngx_conf_merge_str_value(conf->bind_dn_passwd, prev->bind_dn_passwd, "");
ngx_conf_merge_str_value(conf->group_attribute, prev->group_attribute, "member"); ngx_conf_merge_str_value(conf->group_attribute, prev->group_attribute, "member");
ngx_conf_merge_value(conf->require_valid_user, prev->require_valid_user,0);
ngx_conf_merge_value(conf->satisfy_all, prev->satisfy_all,0); ngx_conf_merge_value(conf->satisfy_all, prev->satisfy_all,0);
ngx_conf_merge_value(conf->group_attribute_dn, prev->group_attribute_dn,1); ngx_conf_merge_value(conf->group_attribute_dn, prev->group_attribute_dn,1);
@ -380,9 +387,7 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
LDAPURLDesc *ludpp = conf->ludpp; LDAPURLDesc *ludpp = conf->ludpp;
int version = LDAP_VERSION3; int version = LDAP_VERSION3;
struct berval bvalue; struct berval bvalue;
struct timeval timeOut = { struct timeval timeOut = {10, 0};
10,
0 };
int reqcert = LDAP_OPT_X_TLS_ALLOW; int reqcert = LDAP_OPT_X_TLS_ALLOW;
int rc; int rc;
@ -524,16 +529,22 @@ ngx_http_auth_ldap_authenticate(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
} }
} }
if (pass == 1) { ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: result DN1 %d", conf->require_valid_user);
if (pass == 1 || (conf->require_valid_user == 1)) {
/// Bind user to the server /// Bind user to the server
rc = ldap_simple_bind_s(ld, dn, (const char *) uinfo->password.data); rc = ldap_simple_bind_s(ld, dn, (const char *) uinfo->password.data);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"LDAP: ldap_simple_bind_s error: %d, %s", rc, ldap_err2string(rc)); "LDAP: ldap_simple_bind_s error: %d, %s", rc, ldap_err2string(rc));
pass = 0; pass = 0;
} else
{
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"LDAP: User bind successful", NULL);
pass = 1;
} }
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "LDAP: User bind successful", NULL);
} }
} }
ldap_memfree(dn); ldap_memfree(dn);
} }

Loading…
Cancel
Save