Open manas86 opened 7 years ago
This is the configuration that I have in my conf file
ldap_server server1 {
url "ldap://<url>/DC=something,DC=company,DC=com?sAMAccountName?sub?(&(memberOf:1.2.***.******:=CN=devops,OU=servergroups,OU=mgmnt,DC=something,DC=company,DC=com)(objectClass=*))";
binddn "cn=some-bind-user,ou=specialaccounts,ou=accounts,ou=mgmnt,dc=something,dc=company,dc=com";
binddn_passwd "<password>";
require valid_user;
}
For different ldap groups
ldap_server ldap {
url "ldaps://XXX:636/CN=devops,OU=project,OU=services,OU=groups,o=orgname?uniqMember?sub?(objectclass=*)"
require valid_user;"
}
ldap_server **ldap1** {
url "ldaps://XXX:636/CN=new-devops,OU=project,OU=services,OU=groups,o=orgname?uniqMember?sub?(objectclass=*)"
require valid_user;"
}
and in location tag
location / {
#auth_basic "Restricted Content";
#auth_basic_user_file /etc/nginx/pass/.htpasswd;
auth_ldap "Closed content";
auth_ldap_servers ldap;
root html;
index index.html index.htm;
}
location /test {
#auth_basic "Restricted Content";
#auth_basic_user_file /etc/nginx/pass/.htpasswd;
auth_ldap "Closed content";
auth_ldap_servers **ldap1**;
root html;
index index.html index.htm;
}
thanks, it's working fine now.
@trueCii can I ask you a question?
I will appreciate any direction towards the solving and assist me to reach the goal for centos7. I'm following and using https://github.com/kvspb/nginx-auth-ldap using docker. So my docker file looks like this. RUN cd ~ && git clone https://github.com/kvspb/nginx-auth-ldap && git clone https://github.com/nginx/nginx && cd /root/nginx && /root/nginx/auto/configure --add-module=/root/nginx-auth-ldap --with-http_ssl_module --with-debug --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/sbin/nginx --pid-path=/var/log/nginx/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-stream --with-stream_ssl_module --with-debug --with-file-aio --with-threads --with-http_gunzip_module --with-http_gzip_static_module --with-http_v2_module --with-http_auth_request_module && make install && cd .. && rm -rf nginx-auth-ldap && rm -rf nginx now i have difficulty in setting of nginx.conf, basically what I want to achieve is as soon as the login window pop up users will give their own credentials including user name and password which will eventually validated against LDAP (CN=devops,OU=project,OU=services,OU=groups,o=orgname) or ((CN=users,OU=project,OU=services,OU=groups,o=orgname). So that means I can't have the password stored in my config file. Can you help me to build the setup for different filters ?
at this moment, I setup my config file like this for one filter, which gives me below error
NGINX: [emerg] https_auth_ldap: Invalid or missing scope string in /etc/nginx/nginx.conf:26
under http tag: ldap_server ldap { url "ldaps://XXX:636/CN=devops,OU=project,OU=services,OU=groups,o=orgname?uniqMember?sub?(objectclass=*)" require valid_user;" } and in location tag location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/pass/.htpasswd;
auth_ldap "Closed content"; auth_ldap_servers ldap; root html; index index.html index.htm; }
and then how can I achieve 2 filters ?
May be attached LDAP image will help.... https://user-images.githubusercontent.com/30902765/29176575-813b3592-7dec-11e7-9949-683f679e4c38.png
Regards, Manas