Comments (4)
Enid,
You can hardcode a part of a filter. Or use nginx configuration map block to restrict that.
So yes, you can limit auth to a group/user.
from nginx-ldap-auth.
@oxpa
Thank you for your reply:
I see that we can use this header:
proxy_set_header X-Ldap-Template "(&(cn=%(username)s)(memberOf=cn=group1,cn=Users,dc=example,dc=com))";
which does what I need but unfortunately it uses memberOf
attribute on ldap server which in my case it is not enabled/configured and it is a bit difficult to do it now as I do not have all freedom to do it on a live system.
Question is if I can use any other filter than memberOf
which can correlate user to group during authentication?
Thanks
from nginx-ldap-auth.
Enid,
You can change the filter to whatever you need. 'memberOf' is just an example.
Usually, what you want to do, is to build a filter using 'ldapsearch' or another program and then use the result as a template in nginx.
from nginx-ldap-auth.
Hi,
In my case it was the issue with the current ldap server setup where posixAccount/posixGroup
is used instead of organizationalPerson/groupOfNames
method of user/group creation where we can use memberOf
attributes of each user thus making the filter an easy thing to use.
It is not possible for me to apply this change so I was looking towards any nginx config map block if it is possible to apply some limitation in this way. I want to use LDAP authenticated users and not auth_basic method with htpasswd.
Any help on how I can achieve this is appreciated.
Thank you
from nginx-ldap-auth.
Related Issues (20)
- Unable to initiate TLS with LDAP site server
- nginx.com reports a security vulnerability: Addressing Security Weaknesses in the NGINX LDAP Reference Implementation HOT 2
- Missing proxy_cache_key if README.md ? HOT 1
- Push image on docker hub HOT 2
- LDAP filter authorization
- Successfully installed the nginx-ldap-auth module but errors when i execute
- Is there any way we can avoid providing X-Ldap-BindPass as plain text. HOT 2
- Manage auth result (Session based or Token Based authentication) HOT 1
- Docker needs to expose port
- Stopped working with Actve Directory HOT 1
- $remote_user not showing up in access logs
- Docker image won't build (python-ldap issue) HOT 1
- /auth returning 200, but looping back to /login
- Query inject attack / security vulnerability HOT 5
- Error when search result DN contains unicode characters HOT 1
- Query inject attack / security vulnerability HOT 4
- Unable to push logs of py daemon to a separate file HOT 4
- For a company like nginx, this "reference implementation" is a shame HOT 1
- 401 unauthorized HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nginx-ldap-auth.