Connecting Nginx to LDAP/Kerberos

A. Schulze sca at
Mon Sep 12 19:22:03 UTC 2016

Am 12.09.2016 um 21:04 schrieb Joshua Schaeffer:
> -

I'm using that one to authenticate my users.

auth_ldap_cache_enabled         on;
ldap_server my_ldap_server {
     url                         ldaps://,dc=mybase?uid?sub;
     binddn                      cn=nginx,dc=mybase;
     binddn_passwd               ...;
     require                     valid_user;

server {
   location / {
     auth_ldap                   "foobar";
     auth_ldap_servers           "my_ldap_server";

     root                        /srv/www/...;

this is like documented on exept my auth_ldap statements are inside the location.
while docs suggest them outside.
Q: does that matter?

I found it useful to explicit set "auth_ldap_cache_enabled on" but cannot remember the detailed reasons.
Finally: it's working as expected for me (basic auth, no Kerberos)

BUT: I fail to compile this module with openssl-1.1.0
I send a message to some days ago but got no response till now.

the problem (nginx-1.11.3 + openssl-1.1.0 + nginx-auth-ldap)

cc -c -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall   -I src/core -I src/event -I src/event/modules -I src/os/unix -I /opt/local/include -I objs -I src/http -I src/http/modules -I src/http/v2 \
         -o objs/addon/nginx-auth-ldap-20160428/ngx_http_auth_ldap_module.o \
./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c: In function 'ngx_http_auth_ldap_ssl_handshake':
./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c:1325:79: error: dereferencing pointer to incomplete type
          int setcode = SSL_CTX_load_verify_locations(transport->ssl->connection->ctx,
./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c:1335:80: error: dereferencing pointer to incomplete type
        int setcode = SSL_CTX_set_default_verify_paths(transport->ssl->connection->ctx);
make[2]: *** [objs/addon/nginx-auth-ldap-20160428/ngx_http_auth_ldap_module.o] Error 1
objs/Makefile:1343: recipe for target 'objs/addon/nginx-auth-ldap-20160428/ngx_http_auth_ldap_module.o' failed

Maybe the list have a suggestion...

More information about the nginx mailing list