public_git
/
nginx-ldap-auth
mirror of https://github.com/nginxinc/nginx-ldap-auth.git
1
0
Fork 1
Code Issues Releases Wiki Activity

Merge 195f6981b1 into b5de9a539c

This commit is contained in:
Andrea Giardini 2017-10-25 09:18:08 +00:00 committed by GitHub
parent b5de9a539c 195f6981b1
commit eb8879a92b
2 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Dockerfile Normal file
View File

@ -0,0 +1,17 @@
FROM python:2-alpine
COPY nginx-ldap-auth-daemon.py /usr/src/app/
WORKDIR /usr/src/app/
# Install required software
RUN \
apk --no-cache add openldap-dev && \
apk --no-cache add --virtual build-dependencies build-base && \
pip install python-ldap && \
apk del build-dependencies
EXPOSE 8888
CMD ["python", "/usr/src/app/nginx-ldap-auth-daemon.py"]

20
nginx-ldap-auth-daemon.py
View File

@ -182,12 +182,12 @@ class LDAPAuthHandler(AuthHandler):
try: try:
# check that uri and baseDn are set # check that uri and baseDn are set
# either from cli or a request # either from cli or a request
if not ctx['url']: if not ctx['url']:
self.log_message('LDAP URL is not set!') self.log_message('LDAP URL is not set!')
return return
if not ctx['basedn']: if not ctx['basedn']:
self.log_message('LDAP baseDN is not set!') self.log_message('LDAP baseDN is not set!')
return return
ctx['action'] = 'initializing LDAP connection' ctx['action'] = 'initializing LDAP connection'
ldap_obj = ldap.initialize(ctx['url']); ldap_obj = ldap.initialize(ctx['url']);
@ -247,14 +247,14 @@ if __name__ == '__main__':
description="""Simple Nginx LDAP authentication helper.""") description="""Simple Nginx LDAP authentication helper.""")
# Group for listen options: # Group for listen options:
group = parser.add_argument_group("Listen options") group = parser.add_argument_group("Listen options")
group.add_argument('--host', metavar="hostname", group.add_argument('--host', metavar="hostname",
default="localhost", help="host to bind (Default: localhost)") default="localhost", help="host to bind (Default: localhost)")
group.add_argument('-p', '--port', metavar="port", type=int, group.add_argument('-p', '--port', metavar="port", type=int,
default=8888, help="port to bind (Default: 8888)") default=8888, help="port to bind (Default: 8888)")
# ldap options: # ldap options:
group = parser.add_argument_group(title="LDAP options") group = parser.add_argument_group(title="LDAP options")
group.add_argument('-u', '--url', metavar="URL", group.add_argument('-u', '--url', metavar="URL",
default="ldap://localhost:389", default="ldap://localhost:389",
help=("LDAP URI to query (Default: ldap://localhost:389)")) help=("LDAP URI to query (Default: ldap://localhost:389)"))
group.add_argument('-b', metavar="baseDn", dest="basedn", default='', group.add_argument('-b', metavar="baseDn", dest="basedn", default='',
help="LDAP base dn (Default: unset)") help="LDAP base dn (Default: unset)")
@ -262,18 +262,18 @@ if __name__ == '__main__':
help="LDAP bind DN (Default: anonymous)") help="LDAP bind DN (Default: anonymous)")
group.add_argument('-w', metavar="passwd", dest="bindpw", default='', group.add_argument('-w', metavar="passwd", dest="bindpw", default='',
help="LDAP password for the bind DN (Default: unset)") help="LDAP password for the bind DN (Default: unset)")
group.add_argument('-f', '--filter', metavar='filter', group.add_argument('-f', '--filter', metavar='filter',
default='(cn=%(username)s)', default='(cn=%(username)s)',
help="LDAP filter (Default: cn=%%(username)s)") help="LDAP filter (Default: cn=%%(username)s)")
# http options: # http options:
group = parser.add_argument_group(title="HTTP options") group = parser.add_argument_group(title="HTTP options")
group.add_argument('-R', '--realm', metavar='"Restricted Area"', group.add_argument('-R', '--realm', metavar='"Restricted Area"',
default="Resticted", help='HTTP auth realm (Default: "Restricted")') default="Resticted", help='HTTP auth realm (Default: "Restricted")')
group.add_argument('-c', '--cookie', metavar="cookiename", group.add_argument('-c', '--cookie', metavar="cookiename",
default="", help="HTTP cookie name to set in (Default: unset)") default="", help="HTTP cookie name to set in (Default: unset)")
args = parser.parse_args() args = parser.parse_args()
global Listen global Listen
Listen = (args.host, args.port) Listen = (args.host, args.port)
auth_params = { auth_params = {
'realm': ('X-Ldap-Realm', args.realm), 'realm': ('X-Ldap-Realm', args.realm),