nginx-auth-ldap icon indicating copy to clipboard operation
nginx-auth-ldap copied to clipboard

Published 20 hours ago verified publisher icon kvspb

Multiple LDAP server settings are invalid

Open ehryhy opened this issue 4 years ago • 1 comments
trafficstars

I made the following settings, but the request to the "ad_2 "did not go through.

ldap_server ad_1 {
  url "ldap://<LDAP SERVER IP ADDRESS1>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
  binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
  binddn_passwd <PUT Operator's PASSWORD HERE>;
  group_attribute member;
  group_attribute_is_dn on;
  require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
}
ldap_server ad_2 {
  url "ldap://<LDAP SERVER IP ADDRESS2>:3268/OU=Offices,DC=company,DC=com?sAMAccountName?sub?(objectClass=person)";
  binddn "CN=Operator,OU=Service Accounts,DC=company,DC=com";
  binddn_passwd <PUT Operator's PASSWORD HERE>;
  group_attribute member;
  group_attribute_is_dn on;
  require group "CN=Admins,OU=My Security Groups,DC=company,DC=com";
}

server {
    listen       8000;
    server_name  localhost;
    auth_ldap "Forbidden";
    auth_ldap_servers ad_1;
    auth_ldap_servers ad_2 ;

    location / {
        root   html;
        index  index.html index.htm;
    }
}

The authentication for "ad_1" passes, but "ad_2" does not. If I comment out the following setting, it works fine, is it a bug caused by this setting?

auth_ldap_cache_enabled on;
auth_ldap_cache_expiration_time 10000;
auth_ldap_cache_size 1000;

ehryhy avatar Oct 25 '21 04:10 ehryhy

Don't specify IP addresses. Refer to the servers using a properly configured SRV RR.

AnrDaemon avatar Nov 09 '23 01:11 AnrDaemon