Nginx nginx-auth-ldap认证
官方网站:
https://github.com/kvspb/nginx-auth-ldap
环境:
CentOS 7.1
nginx-1.10.0
openldap-2.4.44


请参看LNMP源码安装配置
OpenLDAP 2.4.x源码安装配置
一.添加nginx-auth-ldap
nginx模块
编译nginx-auth-ldap模块需要ldap.h头文件,所以需要先安装ldap库
yum -y install openldap-devel
在编译nginx时,添加上模块编译参数,如
cd /usr/local/src
git clone https://github.com/kvspb/nginx-auth-ldap.git
--add-module=/usr/local/src/nginx-auth-ldap
二.配置ldap认证
http {
     
  ldap_server openldap {
     
  url
ldap://192.168.192.20:389/dc=example,dc=com?uid?sub?(&(objectClass=account));
     
  binddn "cn=Manager,dc=example,dc=com";
     
  binddn_passwd "secret";
     
  group_attribute memberuid;
     
  group_attribute_is_dn on;
     
  require valid_user;
     
}
}
server {
     
 location /status {
     
     
stub_status on;
     
      access_log
off;
   
     
  auth_ldap "Restricted Space";
   
     
  auth_ldap_servers openldap;
     
  }
}
注意:
不同的ldap实现,相关的objectClass可能不一样,直接套用nginx-auth-ldap的示例配置直接在openldap上就通不过,解决方法参看https://github.com/kvspb/nginx-auth-ldap/issues/129
2016/07/04 17:07:40 [error] 33552#0: *9 http_auth_ldap: Could
not find user DN, client: 192.168.192.1, server: www.jlive.com,
request: "GET /status HTTP/1.1", host: "192.168.192.20"