mainnika
/
nginx-auth-ldap
mirror of https://github.com/mainnika/nginx-auth-ldap
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
slightly patched fork of LDAP authentication module for nginx
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
46 Commits
1 Branch
1 Tag
289 KiB
 
Tag: Branch: Tree: 20abfeae74
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '20abfeae74'
${ noResults }
Jiri Hruska 20abfeae74
Update README.md 		11 years ago
LICENSE Add contribution notice to the licenses 11 years ago
README.md Update README.md 11 years ago
config Handle LDAP operations asynchronously using nginx event architecture 11 years ago
example.conf need ; after the password input, or else it give an error 12 years ago
ngx_http_auth_ldap_module.c Implement reconnect when LDAP connection goes down 11 years ago

README.md

About this repository

This is a fork of the original nginx LDAP HTTP authentication module with the following improvements:

  • Uses asynchronous LDAP operations through nginx's event-driven framework
  • Creates configurable number of persistent connections to each server per each worker
  • Supports configurable cache per worker process for improved performance of consecutive requests
  • Transfers only the DN when searching, not the whole entry (several KB)
  • Allows only one LDAP (bind) operation per request when the whole user DN can be composed using variables
  • Has cleaner code and debug log messages
  • Contains other minor bug fixes

I made these changes for a project of a company I don't work for anymore and I am no longer able or willing to continue developing or maintaining the code, because I have no use for it. The project goes on (and naturally will be the next big thing!!1), but I don't know how or whether at all will my successor publish further additions or fixes. So anybody interested is welcome to fork the repository and make it into a proper stable and respected nginx module, finally.

A brief TODO list, just off the top of my head:

  • Test, test, test everything and test it thoroughly. An automated test suite might be a good idea.
  • Configurable timeouts of various events, currently hardcoded
  • Some global code review after the quick and dirty development
  • Better documentation

Good luck!

LDAP Authentication module for nginx

LDAP module for nginx which supports authentication against multiple LDAP servers.

How to install

FreeBSD

cd /usr/ports/www/nginx && make config install clean

Check HTTP_AUTH_LDAP options

[*] HTTP_AUTH_LDAP        3rd party http_auth_ldap module

Linux

cd ~ && git clone https://github.com/kvspb/nginx-auth-ldap.git

in nginx source folder

./configure --add-module=path_to_http_auth_ldap_module
make install

Example configuration

Define list of your LDAP servers with required user/group requirements:

    ldap_server test1 {
      url ldap://192.168.0.1:3268/DC=test,DC=local?sAMAccountName?sub?(objectClass=person);
      binddn "TEST\\LDAPUSER";
      binddn_passwd LDAPPASSWORD;
      group_attribute uniquemember;
      group_attribute_is_dn on;
      require user_valid;
    }

    ldap_server test2 {
      url ldap://192.168.0.2:3268/DC=test,DC=local?sAMAccountName?sub?(objectClass=person);
      binddn "TEST\\LDAPUSER";
      binddn_passwd LDAPPASSWORD;
      group_attribute uniquemember;
      group_attribute_is_dn on;
      require user_valid;
    }

And add required servers in correct order into your location/server directive:

    server {
        listen       8000;
        server_name  localhost;

        auth_ldap "Forbidden";
        auth_ldap_servers test1;
		auth_ldap_servers test2;

        location / {
            root   html;
            index  index.html index.htm;
        }

}