search

nginxinc / nginx-ldap-auth

Example of LDAP authentication using ngx_http_auth_request_module
BSD 2-Clause "Simplified" License
686 stars 202 forks source link

Add optional group limit #57

Closed colinleroy closed 9 months ago

colinleroy commented 5 years ago

Hello,

I've been faced with a request at work where a domain had to be login-protected, and have used nginx-ldap-auth to be able to use our LDAP server.

Another request asked me to limit some of this domain's subdirectories to members of different departments.

This patch adds support for group limiting in nginx-ldap-auth. It uses a group fetch and checks the user's presence in the memberUid field of the LDAP group. I made this choice because some LDAP servers (including mine) badly support the memberOf overlay.

I hope it helps and you'll consider upstreaming that patch!

Colin

vl-homutov commented 5 years ago

If you still want to proceed with this, please provide tests. The testsuite is here: https://github.com/nginxinc/nginx-ldap-auth/tree/master/t Also, a good example for the doc would be nice with description of which case for group auth is covered.

colinleroy commented 5 years ago

Hello, @vl-homutov I'm very sorry for the delay, but other priorities came up at work. I've pushed one more commit to allow for multiple groups limit, and two more commits to address the documentation and the test suite.

I hope this helps !

Derioss commented 2 years ago

Hi, I have this script version on nginx server (more or less in production...) And I'm very interested in closing this MR. What do you need for ?