auth_ldap

Markus Teichmann jmt at brian.han.de
Wed Aug 20 16:49:41 MSD 2008


On Tue, Aug 19, 2008 at 06:39:54PM -0400, Michael wrote:
> On Tue, Aug 19, 2008 at 23:52:13, Markus Teichmann said...
> 
> > here is another version. It supports an user for searching the required dn. 
> > The config statements are auth_ldap_bind_dn and auth_ldap_bind_passwd.
> > E.g.:
> >
> > http {
> >     auth_ldap_uri "ldap://127.0.0.1";
> >     auth_ldap_bind_dn "cn=Manager,dc=chaos,dc=jmt";
> >     auth_ldap_bind_passwd "xxxxxxx";
> 
> Wouldn't it be better to do the bind as the user authenticating?  There's no
> need to do the extra step of performing an administrator bind, then look up the
> user in an additional operation.

The look up is needed if the user authenticates not with it's dn.
Sometimes the uid is used for authenticating. Therefore the lookup is
needed.
The additionl bind should solve some active directory issues. At least
that's how I understands Kon's mail...

Best regards,

Markus Teichmann

--
Markus Teichmann                                Tel: +49  172 301 31 56
Knebelweg 16
31135 Hildesheim                                Email: jmt at brian.han.de






More information about the nginx mailing list