Nginx ldap auth login by different attributes -
i need configure nginx sign in 2 kinds dn :
cn=appname,ou=applications,o=example.com uid=username,ou=people,o=example.com
here piece of code ldap server:
ldap_server ldapserver { url ldaps://ldap.example.com/o=example.com?uid,cn?sub?(..filter search...) }
however, username can signed in, appname can't. if switch position of uid , cn url, like
url ldaps://ldap.example.com/o=example.com?cn,uid?sub?(..filter search...)
then appname can used sign, username can't.
is nginx-ldap-auth's bug?
from looking @ source, module appears designed in way; it'll consider first attribute in comma-separated list though ldap_url_parse
function (what module uses under hood) supports specifying multiple attributes.
i add feature request / issue @ https://github.com/kvspb/nginx-auth-ldap/issues.
in meantime, can use multiple ldap_server
blocks define 2 different configurations, 1 one attribute , 1 other, such as:
ldap_server ldapserver_one { url ldaps://ldap.example.com/o=hp.com?uid?sub?(..filter search...) } ldap_server ldapserver_two { url ldaps://ldap.example.com/o=hp.com?cn?sub?(..filter search...) } location / { auth_ldap "authorised only"; auth_ldap_servers ldapserver_one; auth_ldap_servers ldapserver_two; ... }
it'll require making 2 separate connections ldap server, it'll work.
Comments
Post a Comment