Nginx nginx-auth-ldap认证
官方网站:
环境:
CentOS 7.1
nginx-1.10.0
openldap-2.4.44
请参看
LNMP源码安装配置
一.添加nginx-auth-ldap nginx模块
编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库
yum -y install openldap-devel
在编译nginx时,添加上模块编译参数,如
cd /usr/local/src
git clone https://github.com/kvspb/nginx-auth-ldap.git
--add-module=/usr/local/src/nginx-auth-ldap
二.配置ldap认证
http {
ldap_server openldap {
url ldap://192.168.192.20:389/dc=example,dc=com?uid?sub?(&(objectClass=account));
binddn "cn=Manager,dc=example,dc=com";
binddn_passwd "secret";
group_attribute memberuid;
group_attribute_is_dn on;
require valid_user;
}
}
server {
location /status {
stub_status on;
access_log off;
auth_ldap "Restricted Space";
auth_ldap_servers openldap;
}
}
注意: 不同的ldap实现,相关的objectClass可能不一样,直接套用nginx-auth-ldap的示例配置直接在openldap上就通不过,解决方法参看
https://github.com/kvspb/nginx-auth-ldap/issues/129
2016/07/04 17:07:40 [error] 33552#0: *9 http_auth_ldap: Could not find user DN, client: 192.168.192.1, server: www.jlive.com, request: "GET /status HTTP/1.1", host: "192.168.192.20"