mainnika/nginx-auth-ldap
1
0
Fork 0
mirror of https://github.com/mainnika/nginx-auth-ldap.git synced 2026-05-22 15:53:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #66 from amoiseiev/master

Browse Source 
Treating LDAP_NO_SUCH_OBJECT as soft error, updating example.conf
This commit is contained in:
Valery
2015-01-19 17:46:57 +03:00
parent 8d95546cf2 4b7f989831
commit 7de94294e6
2 changed files with 44 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
example.conf
+43 -27
View File
@@ -11,32 +11,48 @@ http {
sendfile on;
keepalive_timeout 65;
auth_ldap_url ldap://ldap.example.com/dc=example,dc=com?uid?sub?(objectClass=person);
auth_ldap_binddn cn=nginx,ou=service,dc=example,dc=com;
auth_ldap_binddn_passwd mYsUperPas55W0Rd;
auth_ldap_group_attribute uniquemember; # default 'member'
auth_ldap_group_attribute_is_dn on; # default on
server {
listen 8081;
server_name localhost;
location / {
auth_ldap "Closed content";
#auth_ldap_require valid_user;
auth_ldap_require user 'cn=Super User,ou=user,dc=example,dc=com';
auth_ldap_require group 'cn=admins,ou=group,dc=example,dc=com';
auth_ldap_require group 'cn=user,ou=group,dc=example,dc=com';
auth_ldap_satisfy any;
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# define ldap server
ldap_server ad_1 {
# user search base.
url "ldap://<YOUR LDAP SERVER>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
# bind as
binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
# bind pw
binddn_passwd <PUT Operator's PASSWORD HERE>;
# group attribute name which contains member object
group_attribute member;
# search for full DN in member object
group_attribute_is_dn on;
# matching algorithm (any / all)
satisfy any;
# list of allowed groups
require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
require group "CN=New York Users,OU=My Security Groups,DC=company,DC=com";
# list of allowed users
# require 'valid_user' cannot be used together with 'user' as valid user is a superset
# require valid_user;
require user "CN=Batman,OU=Users,OU=New York Office,OU=Offices,DC=company,DC=com";
require user "CN=Robocop,OU=Users,OU=New York Office,OU=Offices,DC=company,DC=com";
}
}
server {
listen 8081;
server_name localhost;
location / {
# adding ldap authentication
auth_ldap "Closed content";
auth_ldap_servers ad_1;
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
ngx_http_auth_ldap_module.c
+1 -1
View File
@@ -1898,7 +1898,7 @@ ngx_http_auth_ldap_check_group(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *
ctx->outcome = OUTCOME_ALLOW;
return NGX_OK;
}
} else if (ctx->error_code == LDAP_COMPARE_FALSE || ctx->error_code == LDAP_NO_SUCH_ATTRIBUTE) {
} else if (ctx->error_code == LDAP_COMPARE_FALSE || ctx->error_code == LDAP_NO_SUCH_ATTRIBUTE || ctx->error_code == LDAP_NO_SUCH_OBJECT) {
if (ctx->server->satisfy_all == 1) {
ctx->outcome = OUTCOME_DENY;
return NGX_DECLINED;