search

kvspb / nginx-auth-ldap

LDAP authentication module for nginx
BSD 2-Clause "Simplified" License
731 stars 251 forks source link

LDAP syntax error #206

Closed shadowman50k closed 6 years ago

shadowman50k commented 6 years ago

Hello I have configured NGINX to act as front end reverse proxy with ldap authentication to connect to Oxidized. I need to auth users belonging to a specific group (could be nested group). NGINX and Oxidized are running on Ubuntu Xenial. NGINX version 1.14.0 Here's my config files: /etc/nginx/nginx.conf

worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
      auth_ldap_cache_enabled on;
      auth_ldap_cache_expiration_time 10000;
      auth_ldap_cache_size 1000;
      ldap_server LDAP1 {
          url "ldaps://[IP of DC]/DC=[related_domain],DC=[related_sub_domain]?sAMAccountName?sub?(objectClass=person));          
      binddn '[Domain]\\[used_account_for nginx]';
          binddn_passwd [account password];
          connect_timeout 5s;
          bind_timeout 5s;
          request_timeout 5s;
      require group 'CN=[AD_group],OU=[related_OU] ,OU=[related_Account],DC=[related_domain],DC=[related_sub_domain]';
          group_attribute member;
          group_attribute_is_dn on;
          require valid_user;
          satisfy all;
            }
    sendfile        on;
    keepalive_timeout  65;
    include /etc/nginx/conf.d/*.conf;
}

/etc/nginx/conf.d/proxy.conf

 server
 {
      listen         80;
       server_name    [Server_name]  [IP];
       return         301 https://$server_name$request_uri;
}
server  {
  listen  443;
  server_name  Server_name]  [IP];
  ssl on;
  ssl_certificate     /etc/nginx/ssl/nginx.crt;
  ssl_certificate_key /etc/nginx/ssl/nginx.key;
  access_log  /var/log/nginx/host.access.log;
  auth_ldap "ACCES INTERDIT AUX PERSONNES NON-AUTORISEES";
  auth_ldap_servers LDAP1;
  location / {
         root   html;
        index  index.html index.htm;
    proxy_pass http://[Oxidized_server_name]:8080/;
       } 
}

I can't get it working, when I check config files with command: service nginx configtest I only get this type of error: 2018/06/11 15:14:11 [emerg] 17382#0: unexpected end of file, expecting ";" or "}" in /etc/nginx/nginx.conf:48

Suspecting a conversion error since I'm working in Wondows environment with WinSCP & Putty, I've tried a dos2unix conversion, but the error is still here ... Any help would be appreciated...

shadowman50k commented 6 years ago

Am I the only one to experience such issue ?

flooopro commented 6 years ago

There is a missing " at the end of line 12 in your nginx.conf. Maybe that's the issue? image

shadowman50k commented 6 years ago

I'll check tomorrow when back to office, but I think it's a copy/paste error ... Nevertheless, thanks for helping !

I noticed, yesterday when I commented the ldap-auth section, the configtest was OK ... As soon as I un-commented it, there was this error

flooopro commented 6 years ago

I use vim with nginx markdown via SSH. That's very useful because of some syntax errors or forgotten quotes. On Windows, Notepad++ is also good to create config files for nginx but mind the EOL setting. image

There are special characters in the name of your AD groups, password or so? I use single or double quote ( ' or " ) to prevent syntax errors.

shadowman50k commented 6 years ago

You were right, I just checked and the double quote was missing ... thanks for your help !