tiagoapimenta / nginx-ldap-auth Goto Github PK
View Code? Open in Web Editor NEWNginx authentication backend for LDAP
License: zlib License
Nginx authentication backend for LDAP
License: zlib License
Hi,
It's possible to generate different endpoint with different authentication configuration ?
For example.
nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555/config1
nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555/config2
So each endpoint has a different authentication filters.
Hi,
Thanks for this work. Is LDAP with STARTTLS supported?
Hi,
we have a problem with some characters in our AD, for example in the groups we have member: CN=Username\,Name
something like that and the problem is the \
and we got this error log 2019/05/13 14:04:45 Could not validate user <redacted>: LDAP Result Code 201 "Filter Compile Error": ldap: invalid characters for escape in filter
.
Maybe would be good to escape these characters (hashicorp/vault#1030 (comment)) using the function ldap.EscapeFilter
, I think the problem is on the id
variable, but this is because of my groups.
Regards
Hi,
seems like in the validate function at line 57
if ok || p.required == nil || len(p.required) == 0 { return err == nil, nil }
that "ok ||" causes groups check to be always skipped.
Hi,
I am trying to setup nginx-ldap-auth with nginx ingress 0.21.0 but as soon as I add the annotation to one ingress, Nginx returns a 500. The nginx log does not show any error and the pod log does not show anything either beside:
Loaded config "/etc/nginx-ldap-auth/config.yaml".
Serving...
I can reach the nginx-ldap auth service within the cluster on any pod so the url given to Nginx is correct. Any idea what could be the issue ?
Thanks in advance.
I do not find how to add the certificated needed to work with ldaps.
Hello,
If LDAP connection is temporary lost, nginx-ldap-auth seems unable to recover.
Steps to reproduce:
Loaded config "/etc/nginx-ldap-auth/config.yaml".
Serving...
2018/11/12 08:53:44 Could not validade user XXXXXX: LDAP Result Code 200 "Network Error": ldap: connection closed
I don't how to recover the ldap connection...
Regards,
Keep up the good job !
Http OPTIONS
requests typically skip authorization because credentials are always omitted in CORS requests -- is there a way we can configure this behavior?
Motivation:
I have two apps,
calls.example.com and calls-api.example.com and am trying to share credentials between them. Calls from the web to api fail on OPTIONS
requests because auth is required, but not permitted per the specification.
I have deployed nginx-ldap-auth
with nginx-ingress
controller on GKE. I have enabled group validation. When a valid username that is a member of the group is provided, password field can be left empty. This is a security issue and can grant access to anyone who knows a valid username.
how use with kubernetes dashboard
What could cause a situation like this? I successfully set up nginx-ladp-auth on a kubernetes cluster and everything seemed to work, random madeup usernames and passwords got rejected and existing users can auth and get to the backend-site.
But now I discovered, that any random password is accepted as long as the user exists.
How can I best debug this? Where/How are passwords checked against ldap?
Hi, this container is working perfectly ! Not sure if this is possible or easy, I was asked to add application that can handle authentication itself. So no need to use LDAP. One solution is to use another nginx-ingress. But I was just wondering if it was possible to onlt use LDAP AUTHENTICATION when label=nginx-ldap-auth in the service definition is et for example ? Oherwise, it works like a charm. Thanks/Frederic
Hello,
When required group list is `nil\ or empty, access is denied even on successful login.
nginx-ldap-auth/rule/service.go
Line 58 in ca6aab5
In my opinion, in that case, the return statement should be the one of the login step :
return err == nil, err
instead of
return err != nil, nil
thanks for the great job !
Regards
After upgrading to kubernetes 1.16 the system stopped to prompt the basic auth and automatically open the downstream service.
It looks like the nginx-ingress is totally ignoring the nginx.ingress.kubernetes.io/auth-url annotation.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.