Update nginx-ldap-auth.conf
Tweak wording in comments, mostly for style. Changes to comments about setting the Bind DN and Base DN are required for accuracy.
This commit is contained in:
tmauro-nginx
parent
9340c2771b
commit
1b38e653be
|
|
@ -35,7 +35,7 @@ http {
|
|||
location = /auth-proxy {
|
||||
internal;
|
||||
|
||||
# (Required) Set the IP address where the authorization daemon
|
||||
# (Required) Set the IP address where the authentication daemon
|
||||
# is running, by replacing '127.0.0.1' with the appropriate
|
||||
# value. The authentication daemon listens on port 8888 as
|
||||
# configured in the Python script.
|
||||
|
|
@ -49,13 +49,12 @@ http {
|
|||
# The following directive adds the cookie to the cache key
|
||||
proxy_cache_key "$http_authorization$cookie_nginxauth";
|
||||
|
||||
|
||||
# By default, the reference implementation communicates with an
|
||||
# OpenLDAP server, passing in the following parameters to specify
|
||||
# which user account to authenticate. To eliminate the need to
|
||||
# modify the Python code, this file contains 'proxy_set_header'
|
||||
# directives that correspond to the parameters. Set or change them
|
||||
# as instructed in the comments.
|
||||
# The auth daemon in the reference implementation communicates
|
||||
# with an OpenLDAP server, passing in the following parameters
|
||||
# to specify which user account to authenticate. To eliminate the
|
||||
# need to modify the Python code, this file contains
|
||||
# 'proxy_set_header' directives that correspond to the parameters.
|
||||
# Set or change them as instructed in the comments.
|
||||
#
|
||||
# Parameter Proxy header
|
||||
# ----------- ----------------
|
||||
|
|
@ -71,22 +70,21 @@ http {
|
|||
# by replacing 'example.com' and '636' with the appropriate values.
|
||||
proxy_set_header X-Ldap-URL "ldaps://example.com:636";
|
||||
|
||||
# (Required) Set the Base DN, by replacing 'Users', 'test', and
|
||||
# 'local' with the appropriate values.
|
||||
# (Required) Set the Base DN, by replacing the value enclosed in
|
||||
# double quotes.
|
||||
proxy_set_header X-Ldap-BaseDN "cn=Users,dc=test,dc=local";
|
||||
|
||||
# (Required) Set the Bind DN, by replacing 'root', 'test', and
|
||||
# 'local' with the appropriate values.
|
||||
# (Required) Set the Bind DN, by replacing the value enclosed in
|
||||
# double quotes.
|
||||
proxy_set_header X-Ldap-BindDN "cn=root,dc=test,dc=local";
|
||||
|
||||
# (Required) Set the Bind password, by replacing 'secret'
|
||||
# with the appropriate value.
|
||||
proxy_set_header X-Ldap-BindPass "secret";
|
||||
|
||||
# (Required) The following directives set the cookie name and pass
|
||||
# it, respectively. They are required if you are using
|
||||
# cookie-based authentication. Comment them out if using HTTP
|
||||
# basic authentication.
|
||||
# it, respectively. They are required for cookie-based
|
||||
# authentication. Comment them out if using HTTP basic
|
||||
# authentication.
|
||||
proxy_set_header X-CookieName "nginxauth";
|
||||
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
|
||||
|
||||
|
|
@ -96,13 +94,12 @@ http {
|
|||
|
||||
# (Optional if using OpenLDAP as the LDAP server) Set the LDAP
|
||||
# template by uncommenting the following directive and replacing
|
||||
# '(cn=%(username)s)' (the default set in the Python script) with
|
||||
# the appropriate value:
|
||||
# '(cn=%(username)s)' (the default set in the Python script):
|
||||
#proxy_set_header X-Ldap-Template "(cn=%(username)s)";
|
||||
|
||||
# (Optional) Set the realm name, by uncommenting the following
|
||||
# directive and replacing 'Restricted' (the default set in the
|
||||
# Python script) with the appropriate value.
|
||||
# Python script).
|
||||
#proxy_set_header X-Ldap-Realm "Restricted";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue