How to use complex query in X-Ldap-Template?

nginxinc / nginx-ldap-auth

Example of LDAP authentication using ngx_http_auth_request_module

BSD 2-Clause "Simplified" License

681 stars 202 forks source link

How to use complex query in X-Ldap-Template? #16

Closed strannick-ru closed 6 years ago

strannick-ru commented 7 years ago

Hello!

I need to check username and group of user. Try to use this: proxy_set_header X-Ldap-Template "(&(SAMAccountName=%(username))(memberof=CN=MyGroup,OU=Groups,DC=example,DC=local))""; but it not works.

How write my query right way?

DerfOh commented 7 years ago



Actually upon further research it appears that you can set an undocumented property called "auth_ldap_require group" within your configuration file.

See: [This Example](https://github.com/romicaraicu/nginx-ldap/blob/master/nginx-auth-ldap/example.conf#L30)
Also see: [This blog post](http://www.allgoodbits.org/articles/view/29)

I haven't tried it out on my configuration yet but it seems to be a step in the right direction for establishing access control per endpoint.

Hope this helps.

ghost commented 7 years ago

Perhaps you forgot "s" after %(username), it should be "%(username)s".

vl-homutov commented 6 years ago

Please do not create issues just to discuss related topics.