search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
731 stars 251 forks source link

nginx with ldap users to access elasticsearch indexes #179

Open karampuri opened 6 years ago

karampuri commented 6 years ago

Hello Team,

I installed nginx-auth-ldap module in my nginx server.I able to authenticate ldap users to access elasticsearch indexes. Here is the scenario that I am trying to achieve.

I have two roles configured in my LDAP. Level1 - Users under this role should have access to only perticular indexes. Level2 - Users under this role should have access to all the indexes.

how to specify above permissions in my nginx.conf file nginx.conf file as follows

events { worker_connections 1024; }

http { ldap_server LDAP1 { url "ldap://xxx.xxx.x.xxx/cn=xx,ou=yy,dc=test,dc=com?uid?sub?(objectClass=posixAccount)"; binddn "cn=xx,dc=test,dc=com"; binddn_passwd "xx"; group_attribute uid; group_attribute_is_dn on; require valid_user;

  }

upstream elasticsearch { ip_hash; server xxx.xxx.x.xxxx; } server { listen 80; auth_ldap "Please enter your ldap credentials"; auth_ldap_servers LDAP1;

location /{
  root   html;
  index  index.html index.htm;
  if ($request_method ~* "^(DELETE)$") {
    return 403;
  }

  proxy_pass http://elasticsearch;
  include /usr/local/nginx/conf/fastcgi_params;
}

} }

Please suggest me where I am going wrong.

Thanks, xxxxx

karampuri commented 6 years ago

Hello Team,

Please let me know any updates on this issue.

jsmouret commented 6 years ago

You can do something like that:

ldap_server level_1 {
  ...
  require group "cn=level_1,ou=groups,dc=example,dc=com";
}
ldap_server level_2 {
  ...
  require group "cn=level_2,ou=groups,dc=example,dc=com";
}

...

location /foo {
     auth_ldap_servers level_1;
     ...
}
location /bar {
     auth_ldap_servers level_2;
     ...
}