mainnika/nginx-auth-ldap
1
0
Fork 0
mirror of https://github.com/mainnika/nginx-auth-ldap.git synced 2026-05-23 00:03:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
52 Commits 1 Branch 1 Tag
5cb46a08e7b54828a2d57975ffedbb302a45f6d3
Commit Graph

52 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jiri Hruska 5cb46a08e7 Do not crash on startup when no servers have been defined 2013-09-03 19:12:29 +02:00
Jiri Hruska 6eea22868d Initialize ngx_http_auth_ldap_server_t structure fields properly 2013-09-03 17:59:28 +02:00
Valery 8d03e56550 Update README.md 2013-08-30 10:11:00 +04:00
Valery dc27cccaa1 Merge pull request #16 from yirkha/master 
Persistent asynchronous connections, credentials cache etc.
 2013-08-29 23:01:08 -07:00
Jiri Hruska 941022a521 Merge remote-tracking branch 'upstream/master' 2013-08-30 07:32:40 +02:00
Jiri Hruska 20abfeae74 Update README.md 2013-08-30 07:29:14 +02:00
Jiri Hruska 007ef91db1 Implement reconnect when LDAP connection goes down 2013-08-30 07:17:56 +02:00
Jiri Hruska 9b192fee53 Fix intermittent authentication failures 
Sometimes the authentication handler got called again just after the
search operation has been started, immediately failing because nothing
has been found yet. Added an extra safety check for these cases.
 2013-08-30 07:17:56 +02:00
Jiri Hruska eb313ca473 Open configurable amount of connections to all servers 
Only one connection to the first server was opened up to now.
 2013-08-30 07:17:56 +02:00
Jiri Hruska afda839edb Handle LDAP operations asynchronously using nginx event architecture 
A connection is opened using nginx framework and then fed to OpenLDAP using
ldap_init_fd() call with custom SockBuf IO handlers. When some credentials
need to be validated, ngx_http_auth_ldap_authenticate() is called multiple
times, returning NGX_AGAIN each time the process is waiting for the LDAP
server to reply.

(Note: This only an initial implementation and as such, it is of course
very buggy and limited. Further work is needed to make it useful.)
 2013-08-30 07:17:56 +02:00
Jiri Hruska 7acf3b4a98 Unification and small cleanup of log messages 
Most importantly, all messages start with "http_auth_ldap: " now.
 2013-08-30 07:17:49 +02:00
Jiri Hruska 16c3452ec0 Minor code formatting cleanup 2013-08-30 04:46:49 +02:00
Jiri Hruska 1b6ee8e0c1 Clean function order a bit before further big changes 2013-08-30 04:46:29 +02:00
Jiri Hruska c8d76769d4 Add contribution notice to the licenses 2013-08-30 04:46:29 +02:00
Jiri Hruska 8b2dcc7522 Implement a per-process cache for increased performance 
A configured number of cached (server,username,password) entries is held
for a configured amount of time to avoid repeated authentications for
each of several requests quickly following each other.
 2013-08-09 15:44:33 +02:00
Jiri Hruska bd4959918c Allow specifying the full user DN to avoid searching the LDAP 
The configuration can now contain a directive like this
  require valid_user cn=$remote_user,dc=example,dc=com
which will result in the bind as the respective user to be the
only command sent to the server, skipping the search request.
 2013-08-09 15:13:52 +02:00
Jiri Hruska a043544e2d Resolve server names only once during configuration 2013-08-09 15:13:47 +02:00
Jiri Hruska 89f0f75592 Simplify processing of auth_ldap configuration directives 2013-08-09 15:04:11 +02:00
Jiri Hruska 4947e2047d Use ngx_http_complex_value_t instead of custom script handling 
Makes the code smaller and cleaner by just using the core functionality.
 2013-08-09 15:02:08 +02:00
Jiri Hruska 17fce4fe0a Remove ngx_ldap_userinfo and custom parsing of the Authorization header 
The core fills both decoded user name and password into r->headers_in.user
or r->headers_in.passwd, respectively, when ngx_http_auth_basic_user() is
called. Maybe it did not work like this before, but there is definitely no
need to handle the decoding ourselves now (nginx 1.4.1).
 2013-08-09 15:02:02 +02:00
Jiri Hruska 4228721e81 Minor refactoring and cleanup 
- Renamed ngx_ldap_server to ngx_http_auth_ldap_server_t.
- Used NGX_CONF_ANY instead of many NGX_CONF_TAKExxxx for the configuration
  option taking any number of arguments.
 2013-08-09 15:01:21 +02:00
Jiri Hruska 2d30d6e4ae Remove forgotten "auth_basic" from ngx_http_auth_basic_create_loc_conf() 2013-08-09 14:33:42 +02:00
Jiri Hruska 04ed544f49 Fix a typo in Pavel Brylov's configuration refactoring 2013-08-09 14:33:33 +02:00
Valery 594ab64404 Update README.md 2013-07-30 08:37:11 +04:00
Valery 476e6bf981 Merge pull request #12 from pavelbrylov/master 
Added support for multiple ldap servers, contains non-backwards compatible changes to configuration
 2013-07-20 02:02:48 -07:00
Pavel Brylov 48f11c2eec Added support for multiple ldap servers, contains non-backwards compatible changes to configuration 2013-07-17 19:03:16 +03:00
Valery b3a0b659c1 Merge pull request #10 from chaoranxie/patch-1 
need ; after the password input, or else it give an error
 2013-05-28 12:36:14 -07:00
Chao 80fe157bac need ; after the password input, or else it give an error 
need ; after the password input, or else it give an error "invalid number of arguments in "auth_ldap_binddn_passwd" directive in /etc/nginx/nginx.conf"
 2013-05-28 15:15:54 -03:00
Valery f93c8d82b8 Create LICENSE 2013-05-28 14:15:26 +04:00
Valery 6aa1e7148c Add Licence to source 2013-05-28 14:14:45 +04:00
Valery c4dc7c9153 Merge pull request #6 from exelnet/master 
Avoid exiting when tls option fails, keep going
 2013-01-18 00:07:27 -08:00
Jan Marc Hoffmann ef6b924ffb The tls allow option will cause problems when no ldap.conf is defined on the client system. If the certificate option fails, warn and keep going. 2013-01-18 01:42:58 +01:00
Valery 420be94b32 Merge pull request #4 from harveyzh/master 
fix memory length for the search filter
 2012-11-24 00:42:56 -08:00
harveyzh 7e33e928c1 fix memory length for the search filter 2012-11-23 16:40:11 +08:00
Valery 3831deea1d Update README.md 
fix FreeBSD install
 2012-10-17 10:27:42 +04:00
Valery 2beeb7c179 Update README.md 2012-10-17 09:23:33 +04:00
Valery Komarov 8026eac01e fix clone source in README 2012-09-25 00:15:14 +04:00
Valery Komarov 3a7f9e3cf3 add README.md 2012-09-24 23:31:57 +04:00
Valery Komarov c2c3d5ea49 fix Issue 8 v0.1 2011-11-16 13:25:35 +03:00
Valery Komarov 6d8f79e876 Fix Issue 9 2011-11-16 11:53:06 +03:00
Valery Komarov a395a59040 merge with issue6 2011-09-22 21:14:12 +04:00
Valery Komarov 440428e3c0 Issue 6 2011-09-21 22:42:14 +04:00
Valery Komarov 4e617f9794 Fix: Issue 5 2011-09-20 23:33:56 +04:00
Valery Komarov 649eba3171 Fix: Issue 3 2011-07-26 12:57:16 +04:00
Valery Komarov 56f958df32 Security fix: auth_ldap_require 2011-05-17 11:55:46 +04:00
Valery Komarov 624172c978 Source format 2011-05-17 11:28:21 +04:00
Valery Komarov 4e1ad9585e add auth_ldap_require valid_user 2011-05-16 23:41:15 +04:00
Valery Komarov 29ca665654 Fix Issue 2 2011-04-11 16:20:09 +04:00
Valery Komarov 79cf28ec93 ldaps:// 2011-03-28 19:19:00 +04:00
Valery Komarov 40fc8711b4 New: commands auth_ldap_group_attribute, auth_ldap_group_attribute_is_dn + fixes 2011-03-16 23:56:40 +03:00