difference between auth_basic and auth_ldap
A. Schulze
sca at andreasschulze.de
Fri Jan 1 19:39:01 UTC 2021
Hello & happy new year!
my goal is to configure nginx to deny access from most client-ip but allow access from special ip's
for authenticated users. This work for basic_authentication as expect but behave different with auth_ldap
I use https://github.com/kvspb/nginx-auth-ldap.
simplified configuration with no allowed IPs at all:
server {
listen *:80;
deny all;
location /auth_basic {
auth_basic "auth_basic";
auth_basic_user_file /path/to/auth_basic_user_file;
}
}
$ curl -v http://nginx/auth_basic
$ curl -v -u user:pass http://nginx/auth_basic
$ curl -v -u user:wrong http://nginx/auth_basic
all three calls return "403 Forbidden", which is ok and acceptable to me.
switching to auth_ldap the results are different:
ldap_server ldap-server {
url ldap://ldap-server/dc=example?cn?sub?(objectclass=top);
require valid_user;
}
server {
listen *:80;
deny all;
location /auth_ldap {
auth_ldap "auth_ldap";
auth_ldap_servers "ldap-server";
}
}
$ curl -v http://nginx/auth_ldap
$ curl -v -u user:wrong http://nginx/auth_ldap
return "401 Unauthorized" expected: "403 Forbidden"
$ curl -v -u user:pass http://nginx/auth_ldap
return "403 Forbidden"
Is there anything wrong with my configuration or is the unexpected request for authentication
a result of how https://github.com/kvspb/nginx-auth-ldap is written?
Andreas
-> return "403 Forbidden"
More information about the nginx
mailing list