mainnika/nginx-auth-ldap
1
0
Fork 0
mirror of https://github.com/mainnika/nginx-auth-ldap.git synced 2026-05-22 15:53:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
81 Commits 1 Branch 1 Tag
4b7f98983128d8a9b1ae9ff215cd0a1000e19743
Commit Graph

81 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrii Moiseiev 4b7f989831 replacing tabs with spaces to fix example.conf formating 2015-01-12 14:10:42 -05:00
Andrii Moiseiev c8a1b733c3 replacing tabs with spaces to fix example.conf formating 2015-01-12 14:07:10 -05:00
Andrii Moiseiev a54a7b8971 replacing tabs with spaces to fix example.conf formating 2015-01-12 14:05:37 -05:00
Andrii Moiseiev d1dbca7d0d fixing auth failure issue when CN of user or group doesn't exist 2015-01-12 14:02:44 -05:00
Valery cc76ecbd33 Merge pull request #58 from nyoxi/master 
Fix: Passed incorrect pointer to SSL handshake handler.
 2014-09-19 21:43:08 +04:00
Tomáš Golembiovský fae9e215c6 Passed incorrect pointer to SSL handshake handler. 2014-09-18 14:16:58 +02:00
Valery 7aa2414c76 Merge pull request #45 from nyoxi/master 
Removed recursion during ssl handshake (should fix #34)
 2014-09-17 21:48:37 +04:00
Valery 8a2e128ba7 Merge pull request #54 from huangsam/patch-1 
config: Fix compilation for Linux
 2014-09-17 21:47:46 +04:00
Samuel Huang eaae4dac6f config: Fix compilation for Linux 
Attempt to resolve https://github.com/kvspb/nginx-auth-ldap/issues/23
 2014-09-08 23:55:23 -07:00
Valery 8f2b5f86f4 Merge pull request #39 from pmenglund/readme 
updated README
 2014-06-09 15:15:45 +04:00
Valery a8a5cd233e Merge pull request #41 from davidjb/master 
Fix authentication for user/group validations - passwords fail to be checked
 2014-06-09 15:13:52 +04:00
Valery 687b0a5af0 Merge pull request #37 from prune998/patch-1 
Update ngx_http_auth_ldap_module.c
 2014-06-09 15:12:55 +04:00
Tomáš Golembiovský 930918b6c9 Fixed compilation without SSL (fixes #22) 2014-05-15 19:56:27 +02:00
Tomáš Golembiovský 5d82c4a6e5 Removed recursion during ssl handshake (should fix #34) 2014-05-15 19:22:26 +02:00
David Beitey 0cc183bedd Fix authentication for user/group validations 
This fixes issue #40.  User passwords should *always* be checked during authentication (except when a user fails to satisfy given requirements).  Previously, the PHASE_CHECK_BIND step of authentication would not check passwords in any LDAP configuration where ``require valid_user`` was not specified (eg using ``require user`` or ``require group``).
 2014-03-19 15:44:20 +10:00
Martin Englund c0a1383220 updated README 2014-03-05 11:04:08 -08:00
Prune 97a992b700 Update ngx_http_auth_ldap_module.c 
added a rebind as privileged user in the same function as the user bind to reset the connextion to a usable state
 2014-02-27 10:18:54 -05:00
Valery 93cd9f094a Merge pull request #31 from nyoxi/master 
Several unrelated fixes
 2014-02-10 06:54:39 +03:00
Tomáš Golembiovský f344b0164d Fixed event handling when SSL is used with something else then epoll 2014-01-28 17:38:49 +01:00
Tomáš Golembiovský 4530170886 Fixed compilation on Solaris 2014-01-28 17:38:49 +01:00
Tomáš Golembiovský 27bc70be13 Fixing authentization process 2014-01-17 14:43:03 +01:00
Tomáš Golembiovský eac8408c82 Allow include directive in ldap block 2014-01-16 18:25:42 +01:00
Valery bb74441c52 Merge pull request #24 from rdnelson/master 
Fixed #21 by rebinding to server's binddn after each bind.
 2013-10-23 00:15:55 -07:00
Valery 5909f47d89 Merge pull request #18 from nyoxi/master 
bugfix: User gets authenticated when satisfy is 'any' and no group matches.
 2013-10-23 00:12:43 -07:00
Robert Nelson 7248c9e257 Fixed #21 by rebinding to server's binddn after each bind. 2013-10-18 15:13:55 -04:00
Tomáš Golembiovský 59ef5fd1df bugfix: User gets authenticated when satisfy is 'any' and no group 
matches.
 2013-09-09 18:50:07 +02:00
Valery ee45bc4898 Merge pull request #17 from yirkha/master 
A few more fixes and SSL support
 2013-09-04 22:36:17 -07:00
Jiri Hruska f4d1da9bb7 Add support for ldaps:// SSL connections 2013-09-04 17:44:06 +02:00
Jiri Hruska 214de5be41 Avoid duplicate error message when server closes the connection 2013-09-04 13:37:36 +02:00
Jiri Hruska 5cb46a08e7 Do not crash on startup when no servers have been defined 2013-09-03 19:12:29 +02:00
Jiri Hruska 6eea22868d Initialize ngx_http_auth_ldap_server_t structure fields properly 2013-09-03 17:59:28 +02:00
Valery 8d03e56550 Update README.md 2013-08-30 10:11:00 +04:00
Valery dc27cccaa1 Merge pull request #16 from yirkha/master 
Persistent asynchronous connections, credentials cache etc.
 2013-08-29 23:01:08 -07:00
Jiri Hruska 941022a521 Merge remote-tracking branch 'upstream/master' 2013-08-30 07:32:40 +02:00
Jiri Hruska 20abfeae74 Update README.md 2013-08-30 07:29:14 +02:00
Jiri Hruska 007ef91db1 Implement reconnect when LDAP connection goes down 2013-08-30 07:17:56 +02:00
Jiri Hruska 9b192fee53 Fix intermittent authentication failures 
Sometimes the authentication handler got called again just after the
search operation has been started, immediately failing because nothing
has been found yet. Added an extra safety check for these cases.
 2013-08-30 07:17:56 +02:00
Jiri Hruska eb313ca473 Open configurable amount of connections to all servers 
Only one connection to the first server was opened up to now.
 2013-08-30 07:17:56 +02:00
Jiri Hruska afda839edb Handle LDAP operations asynchronously using nginx event architecture 
A connection is opened using nginx framework and then fed to OpenLDAP using
ldap_init_fd() call with custom SockBuf IO handlers. When some credentials
need to be validated, ngx_http_auth_ldap_authenticate() is called multiple
times, returning NGX_AGAIN each time the process is waiting for the LDAP
server to reply.

(Note: This only an initial implementation and as such, it is of course
very buggy and limited. Further work is needed to make it useful.)
 2013-08-30 07:17:56 +02:00
Jiri Hruska 7acf3b4a98 Unification and small cleanup of log messages 
Most importantly, all messages start with "http_auth_ldap: " now.
 2013-08-30 07:17:49 +02:00
Jiri Hruska 16c3452ec0 Minor code formatting cleanup 2013-08-30 04:46:49 +02:00
Jiri Hruska 1b6ee8e0c1 Clean function order a bit before further big changes 2013-08-30 04:46:29 +02:00
Jiri Hruska c8d76769d4 Add contribution notice to the licenses 2013-08-30 04:46:29 +02:00
Jiri Hruska 8b2dcc7522 Implement a per-process cache for increased performance 
A configured number of cached (server,username,password) entries is held
for a configured amount of time to avoid repeated authentications for
each of several requests quickly following each other.
 2013-08-09 15:44:33 +02:00
Jiri Hruska bd4959918c Allow specifying the full user DN to avoid searching the LDAP 
The configuration can now contain a directive like this
  require valid_user cn=$remote_user,dc=example,dc=com
which will result in the bind as the respective user to be the
only command sent to the server, skipping the search request.
 2013-08-09 15:13:52 +02:00
Jiri Hruska a043544e2d Resolve server names only once during configuration 2013-08-09 15:13:47 +02:00
Jiri Hruska 89f0f75592 Simplify processing of auth_ldap configuration directives 2013-08-09 15:04:11 +02:00
Jiri Hruska 4947e2047d Use ngx_http_complex_value_t instead of custom script handling 
Makes the code smaller and cleaner by just using the core functionality.
 2013-08-09 15:02:08 +02:00
Jiri Hruska 17fce4fe0a Remove ngx_ldap_userinfo and custom parsing of the Authorization header 
The core fills both decoded user name and password into r->headers_in.user
or r->headers_in.passwd, respectively, when ngx_http_auth_basic_user() is
called. Maybe it did not work like this before, but there is definitely no
need to handle the decoding ourselves now (nginx 1.4.1).
 2013-08-09 15:02:02 +02:00
Jiri Hruska 4228721e81 Minor refactoring and cleanup 
- Renamed ngx_ldap_server to ngx_http_auth_ldap_server_t.
- Used NGX_CONF_ANY instead of many NGX_CONF_TAKExxxx for the configuration
  option taking any number of arguments.
 2013-08-09 15:01:21 +02:00