nginx-auth-ldap icon indicating copy to clipboard operation
nginx-auth-ldap copied to clipboard

Published 20 hours ago verified publisher icon kvspb

any examples of using nesting within `require group` ?

Open ibexmonj opened this issue 6 years ago • 1 comments

Currently, If i specify the ldap url like so with the "require valid_user" param it works.

url "ldaps://ldap.test.domain.com/OU=Users,DC=test,DC=domain,DC=com?sAMAccountNam e?sub?(&(memberOf:1.2.840.113556.1.4.1941:=CN=testgroup,OU=LDAP,OU=Groups,DC=test,DC=domain,DC=com)(objectClass=person))"; binddn "...."; binddn_passwd "...."; group_attribute member; group_attribute_is_dn on; satisfy any; require valid_user;

But, if i use the same group with the "require group attribute" like below i am unable to authenticate. Is the ldap rule chain (memberOf:1.2.840.113556.1.4.1941) supported with "require group" - is that what is missing here ?

url "ldaps://ldap.test.domain.com/OU=Users,DC=test,DC=domain,DC=com?sAMAccountNam e?sub?(objectClass=person)"; binddn "...."; binddn_passwd "...."; group_attribute member; group_attribute_is_dn on; satisfy any; require group "CN=testgroup,OU=LDAP,OU=Groups,DC=test,DC=domain,DC=com";

ibexmonj avatar Apr 02 '18 19:04 ibexmonj

Try this:

        group_attribute "member:1.2.840.113556.1.4.1941:";

which works for me.

onovy avatar Jun 10 '20 19:06 onovy