oxpa
commented
1 year ago Enid, You can hardcode a part of a filter. Or use nginx configuration map block to restrict that. So yes, you can limit auth to a group/user.
Open enidvrenozaj opened 1 year ago
oxpa
commented
1 year ago Enid, You can hardcode a part of a filter. Or use nginx configuration map block to restrict that. So yes, you can limit auth to a group/user.
enidvrenozaj
commented
1 year ago @oxpa
Thank you for your reply:
I see that we can use this header:
proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=Users,dc=example,dc=com))";
which does what I need but unfortunately it uses memberOf attribute on ldap server which in my case it is not enabled/configured and it is a bit difficult to do it now as I do not have all freedom to do it on a live system.
Question is if I can use any other filter than memberOf which can correlate user to group during authentication?
Thanks
oxpa
commented
1 year ago Enid, You can change the filter to whatever you need. 'memberOf' is just an example. Usually, what you want to do, is to build a filter using 'ldapsearch' or another program and then use the result as a template in nginx.
enidvrenozaj
commented
1 year ago Hi,
In my case it was the issue with the current ldap server setup where posixAccount/posixGroup is used instead of organizationalPerson/groupOfNames method of user/group creation where we can use memberOf attributes of each user thus making the filter an easy thing to use.
It is not possible for me to apply this change so I was looking towards any nginx config map block if it is possible to apply some limitation in this way. I want to use LDAP authenticated users and not auth_basic method with htpasswd.
Any help on how I can achieve this is appreciated.
Thank you
Hi, Is there any possibility that we can limit the ldap authentication to some specific group or user? Is this even possible with
nginx-ldap-authdaemon?Sth simmilar to:
X-Ldap-Allowed-Usr/X-Ldap-Allowed-Grpor any other configuration/headersThanks