auth_ldap
Michael
nginx at thismetalsky.org
Wed Aug 20 17:47:12 MSD 2008
On Wed, Aug 20, 2008 at 14:49:41, Markus Teichmann said...
> > Wouldn't it be better to do the bind as the user authenticating? There's no
> > need to do the extra step of performing an administrator bind, then look up
> > the user in an additional operation.
>
> The look up is needed if the user authenticates not with it's dn.
> Sometimes the uid is used for authenticating. Therefore the lookup is
> needed.
Ah yes, that's a good point, I tend to use unix usernames as the dn myself.
I'm doing this (on apache) this way now.
You should also consider adding a filter, like apache does this, eg:
Require ldap-filter |(employeeType=Staff)(employeeType=Freelance)
> The additionl bind should solve some active directory issues. At least
> that's how I understands Kon's mail...
Sure, if it solves problems like that, I'm all for it. I was just thinking in
terms of efficency, and from a unix/OpenLDAP perspective. I've no AD
experience.
--
Michael Stella | IT Systems Architect
PGP: 1024D/BC3FF6D4 2BC2 A79B 88D1 218A B32B ED7A 2EC2 1206 BC3F F6D4
"Ignorance killed the cat, sir. Curiosity was framed." ---C.J. Cherryh
More information about the nginx
mailing list