Merge pull request #16 from yirkha/master

Persistent asynchronous connections, credentials cache etc.
main
Valery 11 years ago
commit dc27cccaa1
  1. 1
      LICENSE
  2. 28
      README.md
  3. 2
      config
  4. 1764
      ngx_http_auth_ldap_module.c

@ -1,5 +1,6 @@
/** /**
* Copyright (C) 2011-2013 Valery Komarov <komarov@valerka.net> * Copyright (C) 2011-2013 Valery Komarov <komarov@valerka.net>
* Copyright (C) 2013 Jiri Hruska <jirka@fud.cz>
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without

@ -1,10 +1,28 @@
# LDAP Authentication module for nginx # About this repository
LDAP module for nginx which supports authentication against multiple LDAP servers.
This is a fork of the original nginx LDAP HTTP authentication module with the following improvements:
+ Uses asynchronous LDAP operations through nginx's event-driven framework
+ Creates configurable number of persistent connections to each server per each worker
+ Supports configurable cache per worker process for improved performance of consecutive requests
+ Transfers only the DN when searching, not the whole entry (several KB)
+ Allows only one LDAP (bind) operation per request when the whole user DN can be composed using variables
+ Has cleaner code and debug log messages
+ Contains other minor bug fixes
I made these changes for a project of a company I don't work for anymore and I am no longer able or willing to continue developing or maintaining the code, because I have no use for it. The project goes on (and naturally will be the next big thing!!1), but I don't know how or whether at all will my successor publish further additions or fixes. So anybody interested is welcome to fork the repository and make it into a proper stable and respected nginx module, finally.
#Warning A brief TODO list, just off the top of my head:
This module blocks whole nginx worker while communicating with ldap servers, so it can easily make "bad apache" out of your awesome nginx. But is might be useful if you don't have apache in your stack and don't want to add it, but need ldap auth on separate host (say backoffice or admin panel). + Test, test, test everything and test it thoroughly. An automated test suite might be a good idea.
+ Configurable timeouts of various events, currently hardcoded
+ Some global code review after the quick and dirty development
+ Better documentation
So use carefully and consider the drawbacks. Good luck!
---
# LDAP Authentication module for nginx
LDAP module for nginx which supports authentication against multiple LDAP servers.
# How to install # How to install

@ -2,4 +2,4 @@ ngx_addon_name=ngx_http_auth_ldap_module
HTTP_MODULES="$HTTP_MODULES ngx_http_auth_ldap_module" HTTP_MODULES="$HTTP_MODULES ngx_http_auth_ldap_module"
NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_ldap_module.c" NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_ldap_module.c"
CORE_LIBS="$CORE_LIBS -lldap" CORE_LIBS="$CORE_LIBS -lldap"
CFLAGS="$CFLAGS -DLDAP_DEPRECATED" CFLAGS="$CFLAGS"

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save