环境:
centos 6 64bit
nginx 1.8.1
openssl 1.0.2h
nginx-auth-ldap
编译安装:
yum install openldap-clients
开启DEBUG方便调试
./configure --prefix=/usr/local/nginx1.8.1 --with-http_stub_status_module --add-module=../nginx-auth-ldap --with-openssl=../openssl-1.0.2h
配置:
1).http段:
ldap_server openldap {
url ldap://172.17.0.252:3268/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*);
binddn "mydomain\\test01"; # 域名\\用户 (不需要管理员权限)
binddn_passwd "!QAZ2wsx"; # 密码
#group_attribute member;
#group_attribute_is_dn on;
require valid_user;
}
2.)server段:
server {
listen 80;
server_name aaa.test.com;
access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
auth_ldap "Restricted Space"; //自定义
auth_ldap_servers openldap; //同http段名称一样
}
error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
检查是否能在本机上获取活动目录信息:
ldapsearch -x -W -D "CN=test01,OU=group01,DC=mydomain,DC=com" -b "DC=mydomain,DC=com" -h 172.17.0.252
访问里,直接输入用户名和密码,不需要前缀。
附件扩展名改为.tgz,放到centos里用tar解压。
转载于:https://blog.51cto.com/20988902/1830037