Connecting Nginx to LDAP/Kerberos
Joshua Schaeffer
jschaeffer0922 at gmail.com
Mon Sep 12 19:33:04 UTC 2016
>
>
>> I'm using that one to authenticate my users.
>
> auth_ldap_cache_enabled on;
> ldap_server my_ldap_server {
> url ldaps://ldap.example.org/dc=u
> sers,dc=mybase?uid?sub;
> binddn cn=nginx,dc=mybase;
> binddn_passwd ...;
> require valid_user;
> }
>
> server {
> ...
> location / {
> auth_ldap "foobar";
> auth_ldap_servers "my_ldap_server";
>
> root /srv/www/...;
> }
> }
>
Thanks having a config to compare against is always helpful for me.
>
> this is like documented on https://github.com/kvspb/nginx-auth-ldap exept
> my auth_ldap statements are inside the location.
> while docs suggest them outside.
> Q: does that matter?
>
>From my understanding of Nginx, no, since location is lower in the
hierarchy it will just override any auth_ldap directives outside of it.
>
> I found it useful to explicit set "auth_ldap_cache_enabled on" but cannot
> remember the detailed reasons.
> Finally: it's working as expected for me (basic auth, no Kerberos)
>
Any chance anybody has played around with Kerberos auth? Currently my SSO
environment uses GSSAPI for most authentication.
Thanks,
Joshua Schaeffer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160912/9e8b8a0b/attachment.html>
More information about the nginx
mailing list