public_git
/
nginx-ldap-auth
mirror of https://github.com/nginxinc/nginx-ldap-auth.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Security improvements

This commit is contained in:
Liam Crilly 2022-04-12 00:32:47 +01:00 committed by GitHub
parent ef8d313042
commit b60024a970
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
nginx-ldap-auth.conf
View File

@ -78,10 +78,10 @@ http {
proxy_set_header X-Ldap-URL "ldap://example.com"; proxy_set_header X-Ldap-URL "ldap://example.com";
# (Optional) Establish a TLS-enabled LDAP session after binding to the # (Optional) Establish a TLS-enabled LDAP session after binding to the
# LDAP server. # LDAP server. Set the value to "true: to enable.
# This is the 'proper' way to establish encrypted TLS connections, see # This is the 'proper' way to establish encrypted TLS connections, see
# http://www.openldap.org/faq/data/cache/185.html # http://www.openldap.org/faq/data/cache/185.html
#proxy_set_header X-Ldap-Starttls "true"; proxy_set_header X-Ldap-Starttls ""; # Optional, do not comment
# (Required) Set the Base DN, by replacing the value enclosed in # (Required) Set the Base DN, by replacing the value enclosed in
# double quotes. # double quotes.
@ -96,30 +96,30 @@ http {
# (Required) The following directives set the cookie name and pass # (Required) The following directives set the cookie name and pass
# it, respectively. They are required for cookie-based # it, respectively. They are required for cookie-based
# authentication. Comment them out if using HTTP basic # authentication. Set to empty value if using HTTP basic
# authentication. # authentication (do not comment).
proxy_set_header X-CookieName "nginxauth"; proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth; proxy_set_header Cookie nginxauth=$cookie_nginxauth;
# (Required if using Microsoft Active Directory as the LDAP server) # (Required if using Microsoft Active Directory as the LDAP server)
# Set the LDAP template by uncommenting the following directive. # Set the LDAP template with "(sAMAccountName=%(username)s)"
#proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)"; proxy_set_header X-Ldap-Template ""; # Optional, do not comment
# (May be required if using Microsoft Active Directory and # (Set to "true" if using Microsoft Active Directory and
# getting "In order to perform this operation a successful bind # getting "In order to perform this operation a successful bind
# must be completed on the connection." errror) # must be completed on the connection." errror)
#proxy_set_header X-Ldap-DisableReferrals "true"; proxy_set_header X-Ldap-DisableReferrals ""; # Optional, do not comment
# (Optional if using OpenLDAP as the LDAP server) Set the LDAP # (Optional)
# template by uncommenting the following directive and replacing # Set to "(sAMAccountName=%(username)s)" if using Microsoft Active
# '(cn=%(username)s)' which is the default set in # Directory as the LDAP server.
# nginx-ldap-auth-daemon.py. # Set to "(cn=%(username)s)" if using OpenLDAP as the LDAP server,
#proxy_set_header X-Ldap-Template "(cn=%(username)s)"; # which is the default set in nginx-ldap-auth-daemon.py.
proxy_set_header X-Ldap-Template ""; # Optional, do not comment
# (Optional) Set the realm name, by uncommenting the following # (Optional) Set the realm name, e.g. "Restricred", which is the
# directive and replacing 'Restricted' which is the default set # default set in nginx-ldap-auth-daemon.py.
# in nginx-ldap-auth-daemon.py. proxy_set_header X-Ldap-Realm ""; # Optional, do not comment
#proxy_set_header X-Ldap-Realm "Restricted";
} }
} }
} }