diff --git a/README.md b/README.md
index 531aff9..820449d 100644
--- a/README.md
+++ b/README.md
@@ -90,6 +90,9 @@ http {
location = /auth-proxy {
proxy_pass http://127.0.0.1:8888;
+ proxy_pass_request_body off;
+ proxy_pass_request_headers off;
+ proxy_set_header Content-Length "";
proxy_cache auth_cache; # Must match the name in the proxy_cache_path directive above
proxy_cache_valid 200 10m;
@@ -127,11 +130,12 @@ proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=User
The search filters can be combined from less complex filters using boolean operations and can be rather complex.
-The reference implementation uses cookie-based authentication. If you are using HTTP basic authentication instead, comment out the following directives as shown:
+The reference implementation uses cookie-based authentication. If you are using HTTP basic authentication instead, comment out the following directives, and enable the Authorization header as shown:
#proxy_set_header X-CookieName "nginxauth";
#proxy_set_header Cookie nginxauth=$cookie_nginxauth;
+proxy_set_header Authorization $http_authorization;
## Customization
diff --git a/nginx-ldap-auth.conf b/nginx-ldap-auth.conf
index 50dcc10..d9b1854 100644
--- a/nginx-ldap-auth.conf
+++ b/nginx-ldap-auth.conf
@@ -47,6 +47,7 @@ http {
proxy_pass http://127.0.0.1:8888;
proxy_pass_request_body off;
+ proxy_pass_request_headers off;
proxy_set_header Content-Length "";
proxy_cache auth_cache;
proxy_cache_valid 200 10m;
@@ -101,6 +102,9 @@ http {
proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
+ # (Optional) Uncomment if using HTTP basic authentication
+ #proxy_set_header Authorization $http_authorization;
+
# (Required if using Microsoft Active Directory as the LDAP server)
# Set the LDAP template by uncommenting the following directive.
#proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";