>> I'm using that one to authenticate my users.
> auth_ldap_cache_enabled         on;
> ldap_server my_ldap_server {
>     url                         ldaps://ldap.example.org/dc=u
> sers,dc=mybase?uid?sub;
>     binddn                      cn=nginx,dc=mybase;
>     binddn_passwd               ...;
>     require                     valid_user;
> }
> server {
>   ...
>   location / {
>     auth_ldap                   "foobar";
>     auth_ldap_servers           "my_ldap_server";
>     root                        /srv/www/...;
>   }
> }

Thanks having a config to compare against is always helpful for me.

> this is like documented on https://github.com/kvspb/nginx-auth-ldap exept
> my auth_ldap statements are inside the location.
> while docs suggest them outside.
> Q: does that matter?

>From my understanding of Nginx, no, since location is lower in the
hierarchy it will just override any auth_ldap directives outside of it.

> I found it useful to explicit set "auth_ldap_cache_enabled on" but cannot
> remember the detailed reasons.
> Finally: it's working as expected for me (basic auth, no Kerberos)

Any chance anybody has played around with Kerberos auth? Currently my SSO
environment uses GSSAPI for most authentication.

Joshua Schaeffer
nginx mailing list

Reply via email to