Re: Connecting Nginx to LDAP/Kerberos

Mon, 12 Sep 2016 12:31:27 -0700 


Am 12.09.2016 um 21:04 schrieb Joshua Schaeffer:

- https://github.com/kvspb/nginx-auth-ldap


I'm using that one to authenticate my users.

auth_ldap_cache_enabled         on;
ldap_server my_ldap_server {
    url                         
ldaps://ldap.example.org/dc=users,dc=mybase?uid?sub;
    binddn                      cn=nginx,dc=mybase;
    binddn_passwd               ...;
    require                     valid_user;
}

server {
  ...
  location / {
    auth_ldap                   "foobar";
    auth_ldap_servers           "my_ldap_server";

    root                        /srv/www/...;
  }
}

this is like documented on https://github.com/kvspb/nginx-auth-ldap exept my 
auth_ldap statements are inside the location.
while docs suggest them outside.
Q: does that matter?

I found it useful to explicit set "auth_ldap_cache_enabled on" but cannot 
remember the detailed reasons.
Finally: it's working as expected for me (basic auth, no Kerberos)

BUT: I fail to compile this module with openssl-1.1.0
I send a message to https://github.com/kvspb some days ago but got no response 
till now.

the problem (nginx-1.11.3 + openssl-1.1.0 + nginx-auth-ldap)

cc -c -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall   
-I src/core -I src/event -I src/event/modules -I src/os/unix -I 
/opt/local/include -I objs -I src/http -I src/http/modules -I src/http/v2 \
        -o objs/addon/nginx-auth-ldap-20160428/ngx_http_auth_ldap_module.o \
        ./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c
./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c: In function 
'ngx_http_auth_ldap_ssl_handshake':
./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c:1325:79: error: 
dereferencing pointer to incomplete type
         int setcode = 
SSL_CTX_load_verify_locations(transport->ssl->connection->ctx,
                                                                               ^
./nginx-auth-ldap-20160428//ngx_http_auth_ldap_module.c:1335:80: error: 
dereferencing pointer to incomplete type
       int setcode = 
SSL_CTX_set_default_verify_paths(transport->ssl->connection->ctx);
                                                                                
^
make[2]: *** [objs/addon/nginx-auth-ldap-20160428/ngx_http_auth_ldap_module.o] 
Error 1
objs/Makefile:1343: recipe for target 
'objs/addon/nginx-auth-ldap-20160428/ngx_http_auth_ldap_module.o' failed

Maybe the list have a suggestion...

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx






















					Reply via email to