search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
735 stars 252 forks source link

Parse error problems on nginx restart and LDAP group issues #101

Open phlegx opened 9 years ago

phlegx commented 9 years ago

Hi there,

Adding the LDAP stuff as you suggest on your Wiki page does work fine. Authentication does work also with groups. However restarting nginx throws me some errors:

Starting nginx: nginx: [emerg] http_auth_ldap: parse_require in /etc/nginx/nginx.conf:39
nginx: [emerg] http_auth_ldap: Setting group in /etc/nginx/nginx.conf:39
nginx: [emerg] http_auth_ldap: parse_require in /etc/nginx/nginx.conf:40
nginx: [emerg] http_auth_ldap: Setting group in /etc/nginx/nginx.conf:40
nginx: [emerg] http_auth_ldap: parse_require in /etc/nginx/nginx.conf:41

Not sure why this happens. Also I have an issue with the second group. Somehow it is not recognized, it was working like that with apache httpd but not with Nginx LDAP module I'm afraid.

Here is my Nginx config file:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    ldap_server example_ldap {
      url ldaps://ldap.example.com:636/ou=People,dc=example,dc=com?mail?sub?(objectClass=*);
      binddn "cn=user,dc=example,dc=com";
      binddn_passwd PASSWORD;
      group_attribute uniquemember;
      group_attribute_is_dn on;
      require group 'cn=Administrators,ou=Groups,dc=example,dc=com';
      require group 'cn=NagiosUser,ou=Nagios,ou=Applications,dc=example,dc=com';
      require valid_user;
    }

    include /etc/nginx/sites-enabled/*.conf;     
}

If someone can help me that would be really great, thanks!

CorbanR commented 8 years ago

I am also getting that parse error.. Although it does seem to work regardless of the error.

bbigras commented 8 years ago

For the Setting group and parse_require messages, see #88

arubasu commented 8 years ago

I am also getting the same issue. _http_auth_ldap: parse_require in /etc/nginx/nginx.conf_

I am trying to use the following test server with my nginx. URL: http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/

   ldap_server test1 {
    url ldap://ldap.forumsys.com:389/ou=scientists,dc=example,dc=com?sAMAccountName?sub?(objectClass=person);
    binddn "tesla";
    binddn_passwd "password";
    group_attribute "scientists";
    group_attribute_is_dn on;
    require "tesla";
}

Can anyone please share the solution here. Thanks.