nginx-auth-ldap icon indicating copy to clipboard operation
nginx-auth-ldap copied to clipboard

Published 20 hours ago verified publisher icon kvspb

Improve documentation

Open orodbhen opened this issue 9 years ago • 4 comments

Just a cordial request for documentation to at least explain the meaning of the configuration parameters. It's very difficult to determine what the values should be, as some of them are non-standard parameters that can't be found in any of the documentation for LDAP.

Also, I wouldn't want to suggest changes that will break backward compatibility. But please consider at least providing as an option, configuration using the parameters typical of most other applications that support LDAP authentication. Namely:

  • host/server (LDAP server)
  • port
  • auth method
  • base dn
  • uid
  • bind dn
  • bind password

I realize some of these are provided, I just wanted to list them all. I don't know if anonymous bind is supported, but it doesn't appear to be based on my attempts to use it. It would be nice to have that. The URL field is a bit unusual, as most applications require only a simple URL, and provide additional fields for the other parameters.

I realize this issue description seems a bit broad, but I believe it's all coherent in the sense that the use of atypical configuration fields is what makes additional documentation so necessary. If more typical fields were used, the documentation could be less verbose.

orodbhen avatar Oct 25 '16 13:10 orodbhen

I agree. Using an administrative bind is a terrible security practice. I am not sure about other LDAP servers, but OpenLDAP supports a "find and bind" operation that attempts to bind using the provided credentials. If the authorization is sucessful, it binds, otherwise return failure. This obviates the need to keep administrative credentials stored on the webserver.

markhamb avatar Nov 09 '16 22:11 markhamb

Me too,I want to know what the filter string should be? In pythonic it will be "(&(objectclass=posixAccount)(uid=%(username)s)), %(username)s) represent the username the client input, So what string is it?

Ostaer avatar Jan 12 '17 01:01 Ostaer

Even I want to use anonymous bind but not sure how to use it.

ankurga avatar Jul 15 '22 05:07 ankurga

Doesnt look like this project is being maintained.

I would recommend this as an alternative https://github.com/authelia/authelia

dont recall if allows anonymous bind, but it’s certainly much better for protecting your frontends

davama avatar Jul 15 '22 11:07 davama