search

nginxinc / nginx-ldap-auth

Example of LDAP authentication using ngx_http_auth_request_module
BSD 2-Clause "Simplified" License
677 stars 202 forks source link

How to get username from the form and pass it through nginx? #47

Closed Howard-Chang closed 6 years ago

Howard-Chang commented 6 years ago

Hi, I want to extract username from the login form, and pass it through nginx. the nginx-ldap-auth-daemon.py, backend-sample-app.py, nginx-ldap-auth-daemon-ctl-rh.sh are default. nginx.conf:

error_log logs/error.log debug;
events {
worker_connections 10240;
}
http {
    proxy_cache_path cache/  keys_zone=auth_cache:10m;
    upstream backend {
        server 127.0.0.1:9000;
        #server 127.0.0.1:5601;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    server {
        listen 8081;
        location / {
            auth_request /auth-proxy;
            error_page 401 =200 /login;
            proxy_set_header X-PROXY-USER $username;       //how to get the username in nginx?
            #proxy_pass http://backend/;
            proxy_pass http://localhost:5601;
        }
        location /login {
            proxy_pass http://backend/login;
            proxy_set_header X-Target $request_uri;
        }
        location = /auth-proxy {
            internal;
            proxy_pass http://127.0.0.1:8888;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_cache auth_cache;
            proxy_cache_valid 200 10m;
            proxy_cache_key "$http_authorization$cookie_nginxauth";
            proxy_set_header X-Ldap-URL      "ldap://localhost:389";
            proxy_set_header X-Ldap-BaseDN   "dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindDN   "cn=Manager,dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindPass "xxxxxx";
            proxy_set_header X-CookieName "nginxauth";
            proxy_set_header Cookie nginxauth=$cookie_nginxauth;
        }
    }
}

thank you in advance!

faisal-memon commented 6 years ago

Take a look at auth_request_set: http://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request_set

On Thu, Jul 5, 2018 at 9:24 PM, Howard-Chang notifications@github.com wrote:

Hi, I want to extract username from the login form, and pass it through nginx. the nginx-ldap-auth-daemon.py, backend-sample-app.py, nginx-ldap-auth-daemon-ctl-rh.sh are default. nginx.conf:

error_log logs/error.log debug; events { worker_connections 10240; } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; upstream backend { server 127.0.0.1:9000;

server 127.0.0.1:5601;

}
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
server {
    listen 8081;
    location / {
        auth_request /auth-proxy;
        error_page 401 =200 /login;
        **proxy_set_header X-PROXY-USER $username;**       //how to get the username in nginx?
        #proxy_pass http://backend/;
        proxy_pass http://localhost:5601;
    }
    location /login {
        proxy_pass http://backend/login;
        proxy_set_header X-Target $request_uri;
    }
    location = /auth-proxy {
        internal;
        proxy_pass http://127.0.0.1:8888;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_cache auth_cache;
        proxy_cache_valid 200 10m;
        proxy_cache_key "$http_authorization$cookie_nginxauth";
        proxy_set_header X-Ldap-URL      "ldap://localhost:389";
        proxy_set_header X-Ldap-BaseDN   "dc=xinhua,dc=org";
        proxy_set_header X-Ldap-BindDN   "cn=Manager,dc=xinhua,dc=org";
        proxy_set_header X-Ldap-BindPass "xxxxxx";
        proxy_set_header X-CookieName "nginxauth";
        proxy_set_header Cookie nginxauth=$cookie_nginxauth;
    }
}

}

thank you in advance!

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/nginxinc/nginx-ldap-auth/issues/47, or mute the thread https://github.com/notifications/unsubscribe-auth/ADUMj_JqtLghLHmkRO9tunX-BbkiDKLNks5uDuaRgaJpZM4VE3QN .

-- Faisal Memon Product Marketer Mobile: +1 (408) 425-5935 <//+1%20%28408%29%20425-5935> https://nginx.com https://www.linkedin.com/company/2962671 https://twitter.com/nginx https://www.facebook.com/nginxinc/

Howard-Chang commented 6 years ago

Hi @faisal-memon, thanks for your reply. I have researched for a long time, and still can't work. could you give me some hint : ) the form post field is "username". nginx.conf:

error_log logs/error.log debug;
events {
worker_connections 10240;
}
http {
    proxy_cache_path cache/  keys_zone=auth_cache:10m;
    upstream backend {
        server 127.0.0.1:9000;
        #server 127.0.0.1:5601;
    }
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    server {
        listen 8081;
        location / {
            auth_request /auth-proxy;
            error_page 401 =200 /login;
            auth_request_set $user $upstream_http_x_user;// I am not sure is it correct? or how to modified it
            proxy_set_header X-PROXY-USER $user;
            #proxy_pass http://backend/;
            proxy_pass http://localhost:5601;
        }
        location /login {
            proxy_pass http://backend/login;
            proxy_set_header X-Target $request_uri;
        }
        location = /auth-proxy {
            internal;
            proxy_pass http://127.0.0.1:8888;
            proxy_pass_request_body off;
            proxy_set_header Content-Length "";
            proxy_cache auth_cache;
            proxy_cache_valid 200 10m;
            proxy_cache_key "$http_authorization$cookie_nginxauth";
            proxy_set_header X-Ldap-URL      "ldap://localhost:389";
            proxy_set_header X-Ldap-BaseDN   "dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindDN   "cn=Manager,dc=xinhua,dc=org";
            proxy_set_header X-Ldap-BindPass "9ol./;p0";
            proxy_set_header X-CookieName "nginxauth";
            proxy_set_header Cookie nginxauth=$cookie_nginxauth;
        }
    }
}
faisal-memon commented 6 years ago

Is it passed as an arg?

On Fri, Jul 6, 2018 at 1:39 AM, Howard-Chang notifications@github.com wrote:

Hi @faisal-memon https://github.com/faisal-memon, thanks for your reply. I have researched for a long time, and still can't work. could you give me some hint : ) the form post field is "username". nginx.conf:

error_log logs/error.log debug; events { worker_connections 10240; } http { proxy_cache_path cache/ keys_zone=auth_cache:10m; upstream backend { server 127.0.0.1:9000;

server 127.0.0.1:5601;

}
log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';
server {
    listen 8081;
    location / {
        auth_request /auth-proxy;
        error_page 401 =200 /login;
        auth_request_set $user $upstream_http_x_user;// I am not sure is it correct? or how to modified it
        proxy_set_header X-PROXY-USER $user;
        #proxy_pass http://backend/;
        proxy_pass http://localhost:5601;
    }
    location /login {
        proxy_pass http://backend/login;
        proxy_set_header X-Target $request_uri;
    }
    location = /auth-proxy {
        internal;
        proxy_pass http://127.0.0.1:8888;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_cache auth_cache;
        proxy_cache_valid 200 10m;
        proxy_cache_key "$http_authorization$cookie_nginxauth";
        proxy_set_header X-Ldap-URL      "ldap://localhost:389";
        proxy_set_header X-Ldap-BaseDN   "dc=xinhua,dc=org";
        proxy_set_header X-Ldap-BindDN   "cn=Manager,dc=xinhua,dc=org";
        proxy_set_header X-Ldap-BindPass "9ol./;p0";
        proxy_set_header X-CookieName "nginxauth";
        proxy_set_header Cookie nginxauth=$cookie_nginxauth;
    }
}

}

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/nginxinc/nginx-ldap-auth/issues/47#issuecomment-402968113, or mute the thread https://github.com/notifications/unsubscribe-auth/ADUMj-skgBlZuA1MmvVaH1N5x5lGoutlks5uDyJCgaJpZM4VE3QN .

-- Faisal Memon Product Marketer Mobile: +1 (408) 425-5935 <//+1%20%28408%29%20425-5935> https://nginx.com https://www.linkedin.com/company/2962671 https://twitter.com/nginx https://www.facebook.com/nginxinc/

Howard-Chang commented 6 years ago

I solved the problem thx :)

user-yormen commented 4 years ago

Is there a way to get the user agents username, as in the name of the PC from nginx?

user-yormen commented 4 years ago

I solved the problem thx :)

How did you solve it?

davidnewhall commented 4 years ago

This is how I solved it. I don't like it because it sends a header to the client with their username. Not sure how to prevent that yet.

location /chronograf {
  auth_request       /auth-2;
  auth_request_set   $user $upstream_http_x_organizr_user;
  add_header         X-USER $user;
  proxy_pass         $chronograf$request_uri;
}

log_format oauth '$host $remote_addr - $sent_http_x_user [$time_local] '
  '"$request" $status $body_bytes_sent '
  '"$http_referer" "$http_user_agent"';
kjoth commented 3 years ago

@Howard-Chang how did you solve it? Can you brief it? I'm facing a similar situation for Nginx-LDAP authentication.

Also what should be provided in the nginx config for ? proxy_set_header X-Ldap-BindDN "cn=Manager,dc=xinhua,dc=org"; proxy_set_header X-Ldap-BindPass "9ol./;p0";