Nginx nginx-auth-ldap認證

Nginx nginx-auth-ldap認證

官方網站:

https://github.com/kvspb/nginx-auth-ldap

環境:

CentOS 7.1

nginx-1.10.0

openldap-2.4.44

請參看 LNMP源碼安裝配置

OpenLDAP 2.4.x源碼安裝配置

一.添加nginx-auth-ldap nginx模塊

編譯nginx-auth-ldap模塊須要ldap.h頭文件,因此須要先安裝ldap庫

yum -y install openldap-devel

在編譯nginx時,添加上模塊編譯參數,如

cd /usr/local/src

git clone https://github.com/kvspb/nginx-auth-ldap.git

--add-module=/usr/local/src/nginx-auth-ldap

二.配置ldap認證

http {

        ldap_server openldap {

        url ldap://192.168.192.20:389/dc=example,dc=com?uid?sub?(&(objectClass=account));

        binddn "cn=Manager,dc=example,dc=com";

        binddn_passwd "secret";

        group_attribute memberuid;

        group_attribute_is_dn on;

        require valid_user;

      }

}

server {

        location /status {

            stub_status on;

            access_log off;

            auth_ldap "Restricted Space";

            auth_ldap_servers openldap;

        }

}

注意: 不一樣的ldap實現,相關的objectClass可能不同,直接套用nginx-auth-ldap的示例配置直接在openldap上就通不過,解決方法參看 https://github.com/kvspb/nginx-auth-ldap/issues/129

2016/07/04 17:07:40 [error] 33552#0: *9 http_auth_ldap: Could not find user DN, client: 192.168.192.1, server: www.jlive.com, request: "GET /status HTTP/1.1", host: "192.168.192.20"