Skip to content
Snippets Groups Projects
Commit e00e31d9 authored by Timo Stark's avatar Timo Stark
Browse files

Merge branch 'master' of https://github.com/nginxinc/nginx-ldap-auth

parents 0aab4900 763f23b2
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
README.md
+ 5
1
View file @ e00e31d9
...@@ -90,6 +90,9 @@ http { ...@@ -90,6 +90,9 @@ http {
location = /auth-proxy { location = /auth-proxy {
proxy_pass http://<strong>127.0.0.1</strong>:8888; proxy_pass http://<strong>127.0.0.1</strong>:8888;
proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length "";
proxy_cache <strong>auth_cache</strong>; # Must match the name in the proxy_cache_path directive above proxy_cache <strong>auth_cache</strong>; # Must match the name in the proxy_cache_path directive above
proxy_cache_valid 200 <strong>10m</strong>; proxy_cache_valid 200 <strong>10m</strong>;
...@@ -127,11 +130,12 @@ proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=User ...@@ -127,11 +130,12 @@ proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=User
The search filters can be combined from less complex filters using boolean operations and can be rather complex. The search filters can be combined from less complex filters using boolean operations and can be rather complex.
The reference implementation uses cookie-based authentication. If you are using HTTP basic authentication instead, comment out the following directives as shown: The reference implementation uses cookie-based authentication. If you are using HTTP basic authentication instead, comment out the following directives, and enable the Authorization header as shown:
<pre> <pre>
<strong>#</strong>proxy_set_header X-CookieName "nginxauth"; <strong>#</strong>proxy_set_header X-CookieName "nginxauth";
<strong>#</strong>proxy_set_header Cookie nginxauth=$cookie_nginxauth; <strong>#</strong>proxy_set_header Cookie nginxauth=$cookie_nginxauth;
<strong>proxy_set_header Authorization $http_authorization;</strong>
</pre> </pre>
## Customization ## Customization
......
nginx-ldap-auth.conf
+ 4
0
View file @ e00e31d9
...@@ -47,6 +47,7 @@ http { ...@@ -47,6 +47,7 @@ http {
proxy_pass http://127.0.0.1:8888; proxy_pass http://127.0.0.1:8888;
proxy_pass_request_body off; proxy_pass_request_body off;
proxy_pass_request_headers off;
proxy_set_header Content-Length ""; proxy_set_header Content-Length "";
proxy_cache auth_cache; proxy_cache auth_cache;
proxy_cache_valid 200 10m; proxy_cache_valid 200 10m;
...@@ -101,6 +102,9 @@ http { ...@@ -101,6 +102,9 @@ http {
proxy_set_header X-CookieName "nginxauth"; proxy_set_header X-CookieName "nginxauth";
proxy_set_header Cookie nginxauth=$cookie_nginxauth; proxy_set_header Cookie nginxauth=$cookie_nginxauth;
# (Optional) Uncomment if using HTTP basic authentication
#proxy_set_header Authorization $http_authorization;
# (Required if using Microsoft Active Directory as the LDAP server) # (Required if using Microsoft Active Directory as the LDAP server)
# Set the LDAP template by uncommenting the following directive. # Set the LDAP template by uncommenting the following directive.
#proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)"; #proxy_set_header X-Ldap-Template "(sAMAccountName=%(username)s)";
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment