Ldap authentication passing to tomcat

lilyevsky nginx-forum at nginx.us
Thu May 30 20:40:25 UTC 2013

I am using nginx 1.4.1 as reverse proxy for tomcat 7.0.33. Using LDAP for
user authentication.
Everything works fine except one critical thing: the authenticated user ID
does not get to tomcat. I see it in the Tomcat's access log: it shows "-"
where the ID is supposed to be.

I tried to set various header elements in nginx.conf, see below a fragment
of it (I experimented with them, turning them on and off).
Using tcpdump, I confirmed that all the elements that I set indeed go to the
HTTP request.

The same thing with Apache HTTPD works properly, but there we use AJP.

What am I missing? Any other header field I need to set? 
Also, can anybody tell me how Tomcat retrieves the authenticated user ID
from the request header? What is that field exact name?

auth_ldap_url ............................
    auth_ldap_binddn eciadmin at mooncapital.corp;
    auth_ldap_binddn_passwd .............;
    auth_ldap "Enter your Windows/Network Login To Access MoonWeb";
    auth_ldap_require valid_user;

    server {
        listen mcny14.mooncapital.corp:8880;
        server_name mcny14.mooncapital.corp;

        location /moon/ {

            #proxy_pass_header       Set-Cookie;
            #proxy_ignore_headers    Expires Cache-Control;
            proxy_redirect          off;
            proxy_buffering         off;
            proxy_set_header        X-Real-IP $remote_addr;
            proxy_set_header        X-Forwarded-Host $host;
            proxy_set_header        Host $host;
            proxy_set_header        X-Forwarded-Server $host;
            proxy_set_header        X-Forwarded-For
            proxy_set_header        X-Forwarded-User $remote_user;
            proxy_set_header        Remote-User $remote_user;
            proxy_set_header        User $remote_user;
            proxy_set_header        REMOTE_USER $remote_user;
            proxy_set_header        X-URL-SCHEME https;
            #proxy_set_header        Authorization "";

          root mdocs;
          proxy_pass http://mcny14:8801;

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239703,239703#msg-239703

More information about the nginx mailing list