Skip to content
Snippets Groups Projects
Unverified Commit b60024a9 authored by Liam Crilly's avatar Liam Crilly Committed by GitHub
Browse files

Security improvements

parent ef8d3130
No related branches found
No related tags found
No related merge requests found
......@@ -78,10 +78,10 @@ http {
proxy_set_header X-Ldap-URL "ldap://example.com";
# (Optional) Establish a TLS-enabled LDAP session after binding to the
# LDAP server.
# LDAP server. Set the value to "true: to enable.
# This is the 'proper' way to establish encrypted TLS connections, see
# http://www.openldap.org/faq/data/cache/185.html
#proxy_set_header X-Ldap-Starttls "true";
proxy_set_header X-Ldap-Starttls ""; # Optional, do not comment
# (Required) Set the Base DN, by replacing the value enclosed in
# double quotes.
......@@ -96,30 +96,30 @@ http {
# (Required) The following directives set the cookie name and pass
# it, respectively. They are required for cookie-based
# authentication. Comment them out if using HTTP basic
# authentication.
# authentication. Set to empty value if using HTTP basic
# authentication (do not comment).
proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth;
# (Required if using Microsoft Active Directory as the LDAP server)
# Set the LDAP template by uncommenting the following directive.
#proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
# Set the LDAP template with "(sAMAccountName=%(username)s)"
proxy_set_header X-Ldap-Template ""; # Optional, do not comment
# (May be required if using Microsoft Active Directory and
# (Set to "true" if using Microsoft Active Directory and
# getting "In order to perform this operation a successful bind
# must be completed on the connection." errror)
#proxy_set_header X-Ldap-DisableReferrals "true";
# (Optional if using OpenLDAP as the LDAP server) Set the LDAP
# template by uncommenting the following directive and replacing
# '(cn=%(username)s)' which is the default set in
# nginx-ldap-auth-daemon.py.
#proxy_set_header X-Ldap-Template "(cn=%(username)s)";
# (Optional) Set the realm name, by uncommenting the following
# directive and replacing 'Restricted' which is the default set
# in nginx-ldap-auth-daemon.py.
#proxy_set_header X-Ldap-Realm "Restricted";
proxy_set_header X-Ldap-DisableReferrals ""; # Optional, do not comment
# (Optional)
# Set to "(sAMAccountName=%(username)s)" if using Microsoft Active
# Directory as the LDAP server.
# Set to "(cn=%(username)s)" if using OpenLDAP as the LDAP server,
# which is the default set in nginx-ldap-auth-daemon.py.
proxy_set_header X-Ldap-Template ""; # Optional, do not comment
# (Optional) Set the realm name, e.g. "Restricred", which is the
# default set in nginx-ldap-auth-daemon.py.
proxy_set_header X-Ldap-Realm ""; # Optional, do not comment
}
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment