如何使用ldap对nginx进行身份验证?

时间:2018-07-03 08:26:44

标签: nginx ldap

我遵循此参考文献https://github.com/kvspb/nginx-auth-ldap/blob/master/README.md,并尝试集成nginx和LDAP。

我的nginx.conf设置:

NHibernate

conf.d / default.conf 

user  nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
}

http {
        ldap_server ldap_local {
        url "ldap://localhost/cn=Manager,dc=xinhua?uid?sub?(objectClass=posixAccount)";
        binddn "cn=Manager,dc=xinhua,dc=org";
        binddn_passwd "xxxxxx";
        require group "cn=config,ou=People,dc=xinhua,dc=org";
        group_attribute "memberUid";
        group_attribute_is_dn off;
        require valid_user;
        satisfy all;
}
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}

我的问题是如何对LDAP中的用户名和密码进行身份验证。

这是我第一次使用LDAP。

现在,我不知道用户名和密码是什么。

当我尝试使用server { listen 8000; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; auth_ldap "Forbidden"; auth_ldap_servers ldap_local; location / { root /usr/share/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } } 中的用户名和密码时。它不起作用。

1 个答案:

答案 0 :(得分:0)

为什么不通过https://github.com/nginxinc/nginx-ldap-auth?它是守护进程,使用类似

     location = /auth-proxy {
        internal;
        proxy_pass_request_body off;
        proxy_set_header Content-Length "";
        proxy_pass http://127.0.0.1:8888;
        proxy_set_header X-Ldap-URL "ldap://127.0.0.1:389";
        proxy_set_header X-Ldap-Template "(uid=%(username)s)";
        proxy_set_header X-Ldap-BaseDN "dc=example,dc=com";
    }
    location /private-storage {
        auth_request /auth-proxy;
        proxy_pass http://application-backend;
    }
相关问题
最新问题