episodeiv
commented
1 year ago For anyone finding this: @freultwah was nice enough to provide pull request #250 which works in my environment but hasn't been merged yet... Thanks, @freultwah :-)
Open freultwah opened 1 year ago
episodeiv
commented
1 year ago For anyone finding this: @freultwah was nice enough to provide pull request #250 which works in my environment but hasn't been merged yet... Thanks, @freultwah :-)
landryb
commented
2 months ago i have to admit that i'm puzzled, since im running this module on 1.24 and 1.26 without issues using this config:
ldap_server ldap1_main {
url ldap://db2/ou=users,dc=foo,dc=bar?uid?sub?(objectClass=*);
group_attribute member;
group_attribute_is_dn on;
satisfy all;
require group "cn=SOME_GROUP,ou=roles,dc=foo,dc=bar";
require valid_user;
}
ldap_server ldap1_extern_other {
url ldap://db2/ou=other,ou=wxs,dc=foo,dc=bar?uid?sub?(objectClass=*);
require valid_user;
}i've never seen crashes and many users are authenticating against the service... looking at the fix in #250 and #253 and https://github.com/kvspb/nginx-auth-ldap/pull/251/commits/221529ce444ba833150edc572225ade93d820345, it seems to be because i don't ask for any ldap attributes ?
freultwah
commented
2 months ago Perhaps you're running an already patched version. My config is even slightly simpler than yours, no (objectClass=*) and also no attributes requested.
landryb
commented
2 months ago well that's what surprises me because i run the master branch of that repo without patches, built as a debian package and dlopen'ed module at runtime by nginx upstream debian packages...
nginx 1.23 has apparently seen massive API changes, and while nginx-auth-ldap still builds, it does make nginx 1.23.* exit with signal 10 and signal 11 if enabled. Disabling the module makes nginx great again.
Any plans on addressing it?