search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
731 stars 251 forks source link

Authentication timed out #204

Open AaronMuriel opened 6 years ago

AaronMuriel commented 6 years ago

when i setting nginx ldap, metting Authentication timed out error,

here is my nginx config: ldap_server ngldap { url ldap://**:389/DC=qianbaocard,DC=com?sAMAccountName?sub?(objectClass=user);

connections 30;

binddn "******";
    binddn_passwd "******";
#satisfy any;
    group_attribute memberuid;
    group_attribute_is_dn on;
    require valid_user;
}

server { listen 80 default; server_name localhost; access_log /var/log/nginx/www.abc.com.log; location / { root /usr/local/nginx/www/; index index.html index.htm; auth_ldap "Forbidden"; auth_ldap_servers ngldap; } }

nginx error log is below: 2018/04/04 13:23:21 [error] 29468#0: *1302 http_auth_ldap: Authentication timed out, client: , server: localhost, request: "GET /readme.txt HTTP/1.1", host: "" 2018/04/04 13:23:25 [error] 29467#0: *1301 http_auth_ldap: Authentication timed out, client: , server: localhost, request: "GET / HTTP/1.1", host: "" 2018/04/04 13:23:40 [error] 29468#0: *1303 http_auth_ldap: Authentication timed out, client: , server: localhost, request: "GET / HTTP/1.1", host: "" 2018/04/04 13:23:55 [error] 29467#0: *1305 http_auth_ldap: Authentication timed out, client: , server: localhost, request: "GET / HTTP/1.1", host: "" 2018/04/04 13:24:15 [error] 29467#0: *1306 http_auth_ldap: Authentication timed out, client: , server: localhost, request: "GET / HTTP/1.1", host: "" 2018/04/04 13:25:00 [error] 29468#0: *1308 http_auth_ldap: Authentication timed out, client: , server: localhost, request: "GET / HTTP/1.1", host: ""

Qteb commented 4 years ago

Port 389. This port is used for requesting information from the local domain controller. LDAP requests sent to port 389 can be used to search for objects only within the global catalog’s home domain. However, the requesting application can obtain all of the attributes for those objects. For example, a request to port 389 could be used to obtain a user’s department. Port 3268. This port is used for queries specifically targeted for the global catalog. LDAP requests sent to port 3268 can be used to search for objects in the entire forest. However, only the attributes marked for replication to the global catalog can be returned. For example, a user’s department could not be returned using port 3268 since this attribute is not replicated to the global catalog. Use 3268 port.

adeelahmadch commented 3 years ago

I ran into the same issue today with below mentioned nginx and nginx-auth-ldap version. But in my case I was not able to authenticate using LDAPS. I have to change my port from 636 to 3269 to make it work.

NGINX_VERSION: 1.19.6 NGINX_AUTH_LDAP_COMMIT: 83c059b73566c2ee9cbda920d91b66657cf120b7

ldap_server ldap_mycompany {
url "ldaps://abc.example.com:3269/dc=example,dc=com?samaccountname?sub?(objectClass=user)";
binddn "xxxxx@example.com";
binddn_passwd "XXXXXXXXX";
group_attribute member;
group_attribute_is_dn on;
require valid_user;
satisfy all;
}