https://github.com/vkryuchenko/nginx-ldap-auth-go

LDAP authentication using ngx_http_auth_request_module. Alternative implementation of https://github.com/nginxinc/nginx-ldap-auth
https://github.com/vkryuchenko/nginx-ldap-auth-go

auth go ldap nginx

Last synced: 5 months ago
JSON representation

LDAP authentication using ngx_http_auth_request_module. Alternative implementation of https://github.com/nginxinc/nginx-ldap-auth

• Host: GitHub
• URL: https://github.com/vkryuchenko/nginx-ldap-auth-go
• Owner: vkryuchenko
• License: mit
• Created: 2021-05-05T10:55:51.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2023-05-12T11:08:41.000Z (about 3 years ago)
• Last Synced: 2024-11-15T03:20:36.580Z (over 1 year ago)
• Topics: auth, go, ldap, nginx
• Language: Go
• Homepage:
• Size: 11.7 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# nginx-ldap-auth-go

## Service for handle Nginx internal auth request with LDAP

How to use:

- build cmd/ldap-auth.go and put binary to /usr/local/sbin/ldap-auth

- create /etc/systemd/system/ldap-auth.service

      [Unit]

      Description=Nginx LDAP auth backend 

      After=network.target

      Requires=network.target

      

      [Service]

      Type=simple

      ExecStart=/usr/local/sbin/ldap-auth --config /etc/ldap-auth/config.yml

      Restart=always

      

      [Install]

      WantedBy=multi-user.target

- create /etc/ldap-auth/config.yml

      ---

      bind: "127.0.0.1:8888"

      cookieName: "ldap-auth"

      debug: no

      url: "/ldap-auth"

      ldap:

        address: "ldap1.srv:636"

        base: "OU=users,DC=domain,DC=srv"

        bind:

          user: "SRV\\ldap-servic-user"

          password: "ldap-servic-user-password"

        filter:

          user: "(sAMAccountName=%s)"

          group: ""

        ssl:

          use: yes

          skipTls: no

          skipVerify: yes

          serverName: "ldap.srv"

- configure Nginx to use auth_request

      proxy_cache_path    cache/  keys_zone=auth_cache:10m;

      

      server {

        listen 80;

        autoindex                   on;

        autoindex_exact_size        off;

        autoindex_localtime         on;

        charset                     utf-8;

      

        location /ldap-auth {

          internal;

          proxy_pass      http://127.0.0.1:8888;

          proxy_pass_request_body off;

          proxy_set_header Content-Length "";

          proxy_cache auth_cache;

          proxy_cache_valid 200 30d;

          proxy_cache_key "$http_authorization$cookie_nginxauth";

          proxy_set_header X-Real-IP $remote_addr;

          proxy_set_header Cookie ldap-auth=$cookie_nginxauth;

        }

      

        location / {

          auth_request            /ldap-auth;

          alias                   /var/www/;

        }

      }