Nginx ldap需要组

时间:2017-06-19 13:28:01

标签: nginx ldap

我编译并配置了nginx以使用ldap和我们的ActiveDirectory。所有都适用于此配置:

ldap_server MyAD {
   url ldap://100.100.100.11:3268/DC=<mydomain>,DC=<myext>?sAMAccountName?sub?(objectClass=user);
    binddn "<user>";
    binddn_passwd <password>;
    group_attribute member;
    group_attribute_is_dn on;
    require valid_user;
  }

我的网站需要身份验证,只有ActiveDirectory中的用户才能访问。 现在我试图只允许特定ActiveDirectory组中的用户,但没有成功,任何人都可以帮我修复网址查询吗?

2 个答案:

答案 0 :(得分:0)

Try this :

url ldap://100.100.100.11:3268/DC=<mydomain>,DC=<myext>?sAMAccountName?sub?(&(objectClass=user)(memberOf=<DN OF THE GROUP>));

The filter search for entries which are at the same time :

  • of the user type
  • member of the group defined by the entry <DN OF THE GROUP>

答案 1 :(得分:0)

除了require valid_user之外,您还可以添加require group "dn_of_the_group"