Closed wanggaolin closed 7 years ago
Thank you for sharing an example of extending authentication scheme. As I noted earlier, there may be thousands of organisation specific rules, which may need to be enforced: some want user to be in particular groups, others require additional requirements for such groups and so on. This repository shows basic example, starting from which you may setup your own authentication logic. Attempt to add every possible scheme with configuration will lead to overcomplicated code and configuration that will fail to serve idea: demonstration of principles of external authentication with LDAP. Again, thank you for sharing your experience - other people may find it useful. Closing now,
vi nginx-ldap-auth-daemon.py
delete code
add code
in “'cookiename': ('X-CookieName', args.cookie) ” right add code:
,'group': ('X-Ldap-Group', args.cookie)
nginx config:
proxy_set_header X-Ldap-Group "group2;group2";