public_git
/
nginx-ldap-auth
mirror of https://github.com/nginxinc/nginx-ldap-auth.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Merge db7345c76e into c98eb555f5

This commit is contained in:
Mathieu Rollet 2023-03-20 11:29:13 -07:00 committed by GitHub
parent c98eb555f5 db7345c76e
commit b3f9eff998
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -50,6 +50,10 @@ To install and configure the reference implementation, perform the following ste
```
docker build -t nginx-ldap-auth-daemon --build-arg PYTHON_VERSION=3 .
```
If you want to use a CA certification file for validating the LDAP authentication server when using TLS, you can set the `LDAP_CA_CERT` environment variable in the environment running the authentication daemon. With the Docker container, you can do:
```
docker run -e LDAP_CA_CERT='/path/to/cacert/file' nginx-ldap-auth-daemon
```
- **nginx-ldap-auth-daemon-ctl.sh** Sample shell script for starting and stopping the daemon. Install on the same host as the ldap-auth daemon.

4
nginx-ldap-auth-daemon.py
View File

@ -226,6 +226,10 @@ class LDAPAuthHandler(AuthHandler):
# Establish a STARTTLS connection if required by the
# headers.
if ctx['starttls'] == 'true':
cacert_file = os.getenv("LDAP_CA_CERT")
if cacert_file:
ldap_obj.set_option(ldap.OPT_X_TLS_CACERTFILE, cacert_file)
ldap_obj.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
ldap_obj.start_tls_s()
# See https://www.python-ldap.org/en/latest/faq.html