Valery Komarov
a8b5948e0e
Merge pull request #75 from cryptogopher/master
...
Checking if ldap_server is defined before auth_ldap_servers.
10 years ago
cryptogopher
91f951ecd9
Checking if ldap_server is defined before auth_ldap_servers. Getting segfault without this check.
10 years ago
Valery
b365771d2a
Merge pull request #65 from pweiskircher/master
...
Authentication timeout and segmentation fault fix on multiple, concurrent requests being processed at the same time
10 years ago
Valery
7de94294e6
Merge pull request #66 from amoiseiev/master
...
Treating LDAP_NO_SUCH_OBJECT as soft error, updating example.conf
10 years ago
Valery
8d95546cf2
Merge pull request #68 from lucamilanesio/ldap-configurable-connection-timeout
...
Configurable timeouts on a per-LDAP server basis
10 years ago
Luca Milanesio
8e92526458
Configurable timeouts on a per-LDAP basis
...
Enable configure timeouts for LDAP connections and queries
on ldap_server section.
Example config:
ldap_server myldap {
url ldap://myldap.org/CN=users,CN=accounts,DC=myorg?uid?sub?(objectClass=person);
connections 10;
connect_timeout 30s;
reconnect_timeout 5s;
bind_timeout 15s;
request_timeout 20s;
require valid_user;
}
When timeout settings are not defined, the previous hardcoded values are used as
default : 5s (bind), 10s (connect, reconnect, request).
10 years ago
Andrii Moiseiev
4b7f989831
replacing tabs with spaces to fix example.conf formating
10 years ago
Andrii Moiseiev
c8a1b733c3
replacing tabs with spaces to fix example.conf formating
10 years ago
Andrii Moiseiev
a54a7b8971
replacing tabs with spaces to fix example.conf formating
10 years ago
Andrii Moiseiev
d1dbca7d0d
fixing auth failure issue when CN of user or group doesn't exist
10 years ago
Patrik Weiskircher
95d64f0797
don't return the connection after every LDAP reply.
...
This makes the connection more sticky to one request and prevents auth timeouts and lost requests.
10 years ago
Patrik Weiskircher
a471062903
remove quick and dirty hack to rebind to the search user. it has been implemented correctly already.
10 years ago
Patrik Weiskircher
20f279f0f9
Fix requests that were waiting on a LDAP connection getting lost and timing out after 10 seconds.
10 years ago
Valery
cc76ecbd33
Merge pull request #58 from nyoxi/master
...
Fix: Passed incorrect pointer to SSL handshake handler.
10 years ago
Tomáš Golembiovský
fae9e215c6
Passed incorrect pointer to SSL handshake handler.
10 years ago
Valery
7aa2414c76
Merge pull request #45 from nyoxi/master
...
Removed recursion during ssl handshake (should fix #34 )
10 years ago
Valery
8a2e128ba7
Merge pull request #54 from huangsam/patch-1
...
config: Fix compilation for Linux
10 years ago
Samuel Huang
eaae4dac6f
config: Fix compilation for Linux
...
Attempt to resolve https://github.com/kvspb/nginx-auth-ldap/issues/23
10 years ago
Valery
8f2b5f86f4
Merge pull request #39 from pmenglund/readme
...
updated README
11 years ago
Valery
a8a5cd233e
Merge pull request #41 from davidjb/master
...
Fix authentication for user/group validations - passwords fail to be checked
11 years ago
Valery
687b0a5af0
Merge pull request #37 from prune998/patch-1
...
Update ngx_http_auth_ldap_module.c
11 years ago
Tomáš Golembiovský
930918b6c9
Fixed compilation without SSL ( fixes #22 )
11 years ago
Tomáš Golembiovský
5d82c4a6e5
Removed recursion during ssl handshake (should fix #34 )
11 years ago
David Beitey
0cc183bedd
Fix authentication for user/group validations
...
This fixes issue #40 . User passwords should *always* be checked during authentication (except when a user fails to satisfy given requirements). Previously, the PHASE_CHECK_BIND step of authentication would not check passwords in any LDAP configuration where ``require valid_user`` was not specified (eg using ``require user`` or ``require group``).
11 years ago
Martin Englund
c0a1383220
updated README
11 years ago
Prune
97a992b700
Update ngx_http_auth_ldap_module.c
...
added a rebind as privileged user in the same function as the user bind to reset the connextion to a usable state
11 years ago
Valery
93cd9f094a
Merge pull request #31 from nyoxi/master
...
Several unrelated fixes
11 years ago
Tomáš Golembiovský
f344b0164d
Fixed event handling when SSL is used with something else then epoll
11 years ago
Tomáš Golembiovský
4530170886
Fixed compilation on Solaris
11 years ago
Tomáš Golembiovský
27bc70be13
Fixing authentization process
11 years ago
Tomáš Golembiovský
eac8408c82
Allow include directive in ldap block
11 years ago
Valery
bb74441c52
Merge pull request #24 from rdnelson/master
...
Fixed #21 by rebinding to server's binddn after each bind.
11 years ago
Valery
5909f47d89
Merge pull request #18 from nyoxi/master
...
bugfix: User gets authenticated when satisfy is 'any' and no group matches.
11 years ago
Robert Nelson
7248c9e257
Fixed #21 by rebinding to server's binddn after each bind.
11 years ago
Tomáš Golembiovský
59ef5fd1df
bugfix: User gets authenticated when satisfy is 'any' and no group
...
matches.
11 years ago
Valery
ee45bc4898
Merge pull request #17 from yirkha/master
...
A few more fixes and SSL support
11 years ago
Jiri Hruska
f4d1da9bb7
Add support for ldaps:// SSL connections
11 years ago
Jiri Hruska
214de5be41
Avoid duplicate error message when server closes the connection
11 years ago
Jiri Hruska
5cb46a08e7
Do not crash on startup when no servers have been defined
11 years ago
Jiri Hruska
6eea22868d
Initialize ngx_http_auth_ldap_server_t structure fields properly
11 years ago
Valery
8d03e56550
Update README.md
11 years ago
Valery
dc27cccaa1
Merge pull request #16 from yirkha/master
...
Persistent asynchronous connections, credentials cache etc.
11 years ago
Jiri Hruska
941022a521
Merge remote-tracking branch 'upstream/master'
11 years ago
Jiri Hruska
20abfeae74
Update README.md
11 years ago
Jiri Hruska
007ef91db1
Implement reconnect when LDAP connection goes down
11 years ago
Jiri Hruska
9b192fee53
Fix intermittent authentication failures
...
Sometimes the authentication handler got called again just after the
search operation has been started, immediately failing because nothing
has been found yet. Added an extra safety check for these cases.
11 years ago
Jiri Hruska
eb313ca473
Open configurable amount of connections to all servers
...
Only one connection to the first server was opened up to now.
11 years ago
Jiri Hruska
afda839edb
Handle LDAP operations asynchronously using nginx event architecture
...
A connection is opened using nginx framework and then fed to OpenLDAP using
ldap_init_fd() call with custom SockBuf IO handlers. When some credentials
need to be validated, ngx_http_auth_ldap_authenticate() is called multiple
times, returning NGX_AGAIN each time the process is waiting for the LDAP
server to reply.
(Note: This only an initial implementation and as such, it is of course
very buggy and limited. Further work is needed to make it useful.)
11 years ago
Jiri Hruska
7acf3b4a98
Unification and small cleanup of log messages
...
Most importantly, all messages start with "http_auth_ldap: " now.
11 years ago
Jiri Hruska
16c3452ec0
Minor code formatting cleanup
11 years ago