search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
739 stars 253 forks source link

any examples of using nesting within `require group` ? #202

Open ibexmonj opened 6 years ago

ibexmonj commented 6 years ago

Currently, If i specify the ldap url like so with the "require valid_user" param it works.

url "ldaps://ldap.test.domain.com/OU=Users,DC=test,DC=domain,DC=com?sAMAccountNam e?sub?(&(memberOf:1.2.840.113556.1.4.1941:=CN=testgroup,OU=LDAP,OU=Groups,DC=test,DC=domain,DC=com)(objectClass=person))"; binddn "...."; binddn_passwd "...."; group_attribute member; group_attribute_is_dn on; satisfy any; require valid_user;

But, if i use the same group with the "require group attribute" like below i am unable to authenticate. Is the ldap rule chain (memberOf:1.2.840.113556.1.4.1941) supported with "require group" - is that what is missing here ?

url "ldaps://ldap.test.domain.com/OU=Users,DC=test,DC=domain,DC=com?sAMAccountNam e?sub?(objectClass=person)"; binddn "...."; binddn_passwd "...."; group_attribute member; group_attribute_is_dn on; satisfy any; require group "CN=testgroup,OU=LDAP,OU=Groups,DC=test,DC=domain,DC=com";

onovy commented 4 years ago

Try this:

        group_attribute "member:1.2.840.113556.1.4.1941:";

which works for me.