<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br></blockquote>
I'm using that one to authenticate my users.<br>
<br>
auth_ldap_cache_enabled on;<br>
ldap_server my_ldap_server {<br>
url ldaps://<a href="http://ldap.example.org/dc=users,dc=mybase?uid?sub" rel="noreferrer" target="_blank">ldap.example.org/dc=u<wbr>sers,dc=mybase?uid?sub</a>;<br>
binddn cn=nginx,dc=mybase;<br>
binddn_passwd ...;<br>
require valid_user;<br>
}<br>
<br>
server {<br>
...<br>
location / {<br>
auth_ldap "foobar";<br>
auth_ldap_servers "my_ldap_server";<br>
<br>
root /srv/www/...;<br>
}<br>
}<br></blockquote><div><br></div><div>Thanks having a config to compare against is always helpful for me.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
this is like documented on <a href="https://github.com/kvspb/nginx-auth-ldap" rel="noreferrer" target="_blank">https://github.com/kvspb/nginx<wbr>-auth-ldap</a> exept my auth_ldap statements are inside the location.<br>
while docs suggest them outside.<br>
Q: does that matter?<br></blockquote><div><br></div><div>From my understanding of Nginx, no, since location is lower in the hierarchy it will just override any auth_ldap directives outside of it.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I found it useful to explicit set "auth_ldap_cache_enabled on" but cannot remember the detailed reasons.<br>
Finally: it's working as expected for me (basic auth, no Kerberos)<br></blockquote><div><br></div><div>Any chance anybody has played around with Kerberos auth? Currently my SSO environment uses GSSAPI for most authentication.</div><div><br></div><div>Thanks,</div><div>Joshua Schaeffer</div><div> </div></div><br></div></div>