687b0a5af0
Merge pull request #37 from prune998/patch-1
...
Update ngx_http_auth_ldap_module.c
11 years ago
97a992b700
Update ngx_http_auth_ldap_module.c
...
added a rebind as privileged user in the same function as the user bind to reset the connextion to a usable state
11 years ago
93cd9f094a
Merge pull request #31 from nyoxi/master
...
Several unrelated fixes
11 years ago
f344b0164d
Fixed event handling when SSL is used with something else then epoll
11 years ago
4530170886
Fixed compilation on Solaris
11 years ago
27bc70be13
Fixing authentization process
11 years ago
eac8408c82
Allow include directive in ldap block
11 years ago
bb74441c52
Merge pull request #24 from rdnelson/master
...
Fixed #21 by rebinding to server's binddn after each bind.
12 years ago
5909f47d89
Merge pull request #18 from nyoxi/master
...
bugfix: User gets authenticated when satisfy is 'any' and no group matches.
12 years ago
7248c9e257
Fixed #21 by rebinding to server's binddn after each bind.
12 years ago
59ef5fd1df
bugfix: User gets authenticated when satisfy is 'any' and no group
...
matches.
12 years ago
ee45bc4898
Merge pull request #17 from yirkha/master
...
A few more fixes and SSL support
12 years ago
f4d1da9bb7
Add support for ldaps:// SSL connections
12 years ago
214de5be41
Avoid duplicate error message when server closes the connection
12 years ago
5cb46a08e7
Do not crash on startup when no servers have been defined
12 years ago
6eea22868d
Initialize ngx_http_auth_ldap_server_t structure fields properly
12 years ago
8d03e56550
Update README.md
12 years ago
dc27cccaa1
Merge pull request #16 from yirkha/master
...
Persistent asynchronous connections, credentials cache etc.
12 years ago
941022a521
Merge remote-tracking branch 'upstream/master'
12 years ago
20abfeae74
Update README.md
12 years ago
007ef91db1
Implement reconnect when LDAP connection goes down
12 years ago
9b192fee53
Fix intermittent authentication failures
...
Sometimes the authentication handler got called again just after the
search operation has been started, immediately failing because nothing
has been found yet. Added an extra safety check for these cases.
12 years ago
eb313ca473
Open configurable amount of connections to all servers
...
Only one connection to the first server was opened up to now.
12 years ago
afda839edb
Handle LDAP operations asynchronously using nginx event architecture
...
A connection is opened using nginx framework and then fed to OpenLDAP using
ldap_init_fd() call with custom SockBuf IO handlers. When some credentials
need to be validated, ngx_http_auth_ldap_authenticate() is called multiple
times, returning NGX_AGAIN each time the process is waiting for the LDAP
server to reply.
(Note: This only an initial implementation and as such, it is of course
very buggy and limited. Further work is needed to make it useful.)
12 years ago
7acf3b4a98
Unification and small cleanup of log messages
...
Most importantly, all messages start with "http_auth_ldap: " now.
12 years ago
16c3452ec0
Minor code formatting cleanup
12 years ago
1b6ee8e0c1
Clean function order a bit before further big changes
12 years ago
c8d76769d4
Add contribution notice to the licenses
12 years ago
8b2dcc7522
Implement a per-process cache for increased performance
...
A configured number of cached (server,username,password) entries is held
for a configured amount of time to avoid repeated authentications for
each of several requests quickly following each other.
12 years ago
bd4959918c
Allow specifying the full user DN to avoid searching the LDAP
...
The configuration can now contain a directive like this
require valid_user cn=$remote_user,dc=example,dc=com
which will result in the bind as the respective user to be the
only command sent to the server, skipping the search request.
12 years ago
a043544e2d
Resolve server names only once during configuration
12 years ago
89f0f75592
Simplify processing of auth_ldap configuration directives
12 years ago
4947e2047d
Use ngx_http_complex_value_t instead of custom script handling
...
Makes the code smaller and cleaner by just using the core functionality.
12 years ago
17fce4fe0a
Remove ngx_ldap_userinfo and custom parsing of the Authorization header
...
The core fills both decoded user name and password into r->headers_in.user
or r->headers_in.passwd, respectively, when ngx_http_auth_basic_user() is
called. Maybe it did not work like this before, but there is definitely no
need to handle the decoding ourselves now (nginx 1.4.1).
12 years ago
4228721e81
Minor refactoring and cleanup
...
- Renamed ngx_ldap_server to ngx_http_auth_ldap_server_t.
- Used NGX_CONF_ANY instead of many NGX_CONF_TAKExxxx for the configuration
option taking any number of arguments.
12 years ago
2d30d6e4ae
Remove forgotten "auth_basic" from ngx_http_auth_basic_create_loc_conf()
12 years ago
04ed544f49
Fix a typo in Pavel Brylov's configuration refactoring
12 years ago
594ab64404
Update README.md
12 years ago
476e6bf981
Merge pull request #12 from pavelbrylov/master
...
Added support for multiple ldap servers, contains non-backwards compatible changes to configuration
12 years ago
48f11c2eec
Added support for multiple ldap servers, contains non-backwards compatible changes to configuration
12 years ago
b3a0b659c1
Merge pull request #10 from chaoranxie/patch-1
...
need ; after the password input, or else it give an error
12 years ago
80fe157bac
need ; after the password input, or else it give an error
...
need ; after the password input, or else it give an error "invalid number of arguments in "auth_ldap_binddn_passwd" directive in /etc/nginx/nginx.conf"
12 years ago
f93c8d82b8
Create LICENSE
12 years ago
6aa1e7148c
Add Licence to source
12 years ago
c4dc7c9153
Merge pull request #6 from exelnet/master
...
Avoid exiting when tls option fails, keep going
12 years ago
ef6b924ffb
The tls allow option will cause problems when no ldap.conf is defined on the client system. If the certificate option fails, warn and keep going.
12 years ago
420be94b32
Merge pull request #4 from harveyzh/master
...
fix memory length for the search filter
12 years ago
7e33e928c1
fix memory length for the search filter
12 years ago
3831deea1d
Update README.md
...
fix FreeBSD install
13 years ago
2beeb7c179
Update README.md
13 years ago
Valery
Prune
Tomáš Golembiovský
Robert Nelson
Tomáš Golembiovský
Jiri Hruska
Pavel Brylov
Chao
Jan Marc Hoffmann
harveyzh