Igor Sysoev is at
Wed Aug 20 17:57:45 MSD 2008

On Wed, Aug 20, 2008 at 09:47:12AM -0400, Michael wrote:

> On Wed, Aug 20, 2008 at 14:49:41, Markus Teichmann said...
> > > Wouldn't it be better to do the bind as the user authenticating?  There's no
> > > need to do the extra step of performing an administrator bind, then look up
> > > the user in an additional operation.
> > 
> > The look up is needed if the user authenticates not with it's dn.
> > Sometimes the uid is used for authenticating. Therefore the lookup is
> > needed.
> Ah yes, that's a good point, I tend to use unix usernames as the dn myself.
> I'm doing this (on apache) this way now.
> You should also consider adding a filter, like apache does this, eg:
> Require ldap-filter |(employeeType=Staff)(employeeType=Freelance)

I do not know LDAP syntax, but in nginx style it's better to use variables:


Igor Sysoev

More information about the nginx mailing list