nginx-auth-ldap
nginx-auth-ldap copied to clipboard
kvspb
Group Authorization
After Update to latest Version group authorization isn´t working with OSX LDAP anymore:
nginx version: nginx/1.4.2 built by gcc 4.7.2 (Debian 4.7.2-5) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security' --with-ld-opt=-Wl,-z,relro --add-module=/usr/src/pagespeed/nginx-1.4.2/debian/modules/ngx_pagespeed --add-module=/usr/src/pagespeed/nginx-1.4.2/debian/modules/nginx-auth-ldap --with-ipv6
ldap_server example { url ldap://ldap.example.com/dc=example,dc=com?uid?sub?(objectclass=posixAccount)(objectclass=person); group_attribute memberUid; group_attribute_is_dn off; require group 'cn=testgroup,cn=groups,dc=example,dc=com'; satisfy any; }
As the README and example configuration aren´t up to date, has ther been any syntax change? Previous version and configuration was working with "auth_ldap_require group"!
Hi,
I just tested group authorization and is working for me, my config:
ldap_server example {
url "ldap://localhost/ou=Users,dc=mydc,dc=com?uid?sub?(objectClass=inetOrgPerson)";
binddn "cn=test,ou=Users,dc=mydc,dc=com";
binddn_passwd "password";
group_attribute memberUid;
group_attribute_is_dn off;
require group "cn=testgroup,ou=Groups,dc=mydc,dc=com"
require valid_user;
}
nginx version: nginx/1.4.4
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-mail --with-mail_ssl_module --add-module=/usr/src/nginx/nginx-1.4.4/debian/modules/nginx-auth-pam --add-module=/usr/src/nginx/nginx-1.4.4/debian/modules/nginx-dav-ext-module --add-module=/usr/src/nginx/nginx-1.4.4/debian/modules/nginx-echo --add-module=/usr/src/nginx/nginx-1.4.4/debian/modules/nginx-upstream-fair --add-module=/usr/src/nginx/nginx-1.4.4/debian/modules/ngx_http_substitutions_filter_module --add-module=/usr/src/nginx/nginx-1.4.4/debian/modules/nginx-auth-ldap
OS: Debian 7 (wheezy) Openldap-2.4.31
I think it was a timeout issue. Setting those undocumented values fixed the issue: https://github.com/kvspb/nginx-auth-ldap/issues/8#issuecomment-31442843
I think after two years this ticket is obselete, it´s working like it should.