nginx-auth-ldap
nginx-auth-ldap copied to clipboard
kvspb
LDAP authentication module for nginx
How do I auth only users who are a "memberOf" `CN=*ABY (ITS),OU=Groups,OU=Messaging,OU=North America,DC=example,DC=com` my URL: `url "ldap://ldap.example.com/dc=example,dc=com?sAMAccountName?sub?(objectClass=person)"; ` my require group (doesnt work): `require group "CN=*ABY (ITS),OU=Groups,OU=Messaging,OU=North America,DC=example,DC=com"` I've also...
Is there any way to replace the 401 Authorization Required response when failing an LDAP authorization? I've tried setting error_page 401 without any luck.
It seems, that the 'require' option works only within a 'ldap_server' block. Would it be possible to allow that directive in 'server', 'http', or a 'location' block? This would enable...
I want to record the login failed user and password,How to expand? help me ,thanks
Hello, I'm running nginx as a media server with ldap restricting access. Here's my nginx configuration (anonymized): " ... auth_ldap_cache_enabled on; auth_ldap_cache_expiration_time 28800000; auth_ldap_cache_size 10000; ... ldap_server my_ldap { url...
I was asked to review this code before we put it into our production environment. Here are the issues I found: 1. The code is not thread safe. Why? All...
For example, we have the following configuration file: ``` ldap_server test1 { url ldaps://LDAPSERVER:3269/DC=domain,DC=local?sAMAccountName?sub?(objectClass=person); binddn "DOMAIN\\user"; binddn_passwd p@sSwOrd; group_attribute member; group_attribute_is_dn on; require group "CN=MyGroup,OU=Groups,OU=Global,DC=domain,DC=local"; } ``` Create a group...
Is there an option to use nested Groups with Active Directory?
This should fix the OPENSSL_VERSION errors detailed in #125 and #123 -- essentially, it was trying to compare the OPENSSL_VERSION_NUMBER variable, which isn't present without the opensslv.h header file being...
I dont know if i misconfigured something, but the module seems to cache a bit too much the addresses of the ldap servers. Although this module works pretty flawlessly since...
