public_git
/
nginx-ldap-auth
mirror of https://github.com/nginxinc/nginx-ldap-auth.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Merge branch 'master' of https://github.com/nginxinc/nginx-ldap-auth

This commit is contained in:
Timo Stark 2022-04-17 22:38:40 +02:00
parent 0aab49006d 763f23b297
commit e00e31d949
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -90,6 +90,9 @@ http {
location = /auth-proxy { location = /auth-proxy {
proxy_pass http://<strong>127.0.0.1</strong>:8888; proxy_pass http://<strong>127.0.0.1</strong>:8888;
proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length "";
proxy_cache <strong>auth_cache</strong>; # Must match the name in the proxy_cache_path directive above proxy_cache <strong>auth_cache</strong>; # Must match the name in the proxy_cache_path directive above
proxy_cache_valid 200 <strong>10m</strong>; proxy_cache_valid 200 <strong>10m</strong>;
@ -127,11 +130,12 @@ proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=User
The search filters can be combined from less complex filters using boolean operations and can be rather complex. The search filters can be combined from less complex filters using boolean operations and can be rather complex.
The reference implementation uses cookie-based authentication. If you are using HTTP basic authentication instead, comment out the following directives as shown: The reference implementation uses cookie-based authentication. If you are using HTTP basic authentication instead, comment out the following directives, and enable the Authorization header as shown:
<pre> <pre>
<strong>#</strong>proxy_set_header X-CookieName "nginxauth"; <strong>#</strong>proxy_set_header X-CookieName "nginxauth";
<strong>#</strong>proxy_set_header Cookie nginxauth=$cookie_nginxauth; <strong>#</strong>proxy_set_header Cookie nginxauth=$cookie_nginxauth;
<strong>proxy_set_header Authorization $http_authorization;</strong>
</pre> </pre>
## Customization ## Customization

4
nginx-ldap-auth.conf
View File

@ -47,6 +47,7 @@ http {
proxy_pass http://127.0.0.1:8888; proxy_pass http://127.0.0.1:8888;
proxy_pass_request_body off; proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length ""; proxy_set_header Content-Length "";
proxy_cache auth_cache; proxy_cache auth_cache;
proxy_cache_valid 200 10m; proxy_cache_valid 200 10m;
@ -101,6 +102,9 @@ http {
proxy_set_header X-CookieName "nginxauth"; proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth; proxy_set_header Cookie nginxauth=$cookie_nginxauth;
# (Optional) Uncomment if using HTTP basic authentication
#proxy_set_header Authorization $http_authorization;
# (Required if using Microsoft Active Directory as the LDAP server) # (Required if using Microsoft Active Directory as the LDAP server)
# Set the LDAP template by uncommenting the following directive. # Set the LDAP template by uncommenting the following directive.
#proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)"; #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";