Nginx nginx-auth-ldap认证

Nginx nginx-auth-ldap认证

官方网站:

https://github.com/kvspb/nginx-auth-ldap

环境:

CentOS 7.1

nginx-1.10.0

openldap-2.4.44

请参看LNMP源码安装配置

OpenLDAP 2.4.x源码安装配置

一.添加nginx-auth-ldap nginx模块

编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库

yum -y install openldap-devel

在编译nginx时,添加上模块编译参数,如

cd /usr/local/src

git clone https://github.com/kvspb/nginx-auth-ldap.git

--add-module=/usr/local/src/nginx-auth-ldap

二.配置ldap认证

http {

        ldap_server openldap {

        url ldap://192.168.192.20:389/dc=example,dc=com?uid?sub?(&(objectClass=account));

        binddn "cn=Manager,dc=example,dc=com";

        binddn_passwd "secret";

        group_attribute memberuid;

        group_attribute_is_dn on;

        require valid_user;

      }

}

server {

       location /status {

            stub_status on;

            access_log off;

            auth_ldap "Restricted Space";

            auth_ldap_servers openldap;

        }

}

注意: 不同的ldap实现,相关的objectClass可能不一样,直接套用nginx-auth-ldap的示例配置直接在openldap上就通不过,解决方法参看https://github.com/kvspb/nginx-auth-ldap/issues/129

2016/07/04 17:07:40 [error] 33552#0: *9 http_auth_ldap: Could not find user DN, client: 192.168.192.1, server: www.jlive.com, request: "GET /status HTTP/1.1", host: "192.168.192.20"