読者です 読者をやめる 読者になる 読者になる

end0tknr's kipple - 新web写経開発

http://d.hatena.ne.jp/end0tknr/ から移転します

nginx + nginx-auth-ldap module

step1/3 - install

$ cd /home/endo/tmp

$ wget http://nginx.org/download/nginx-1.9.3.tar.gz
$ tar -xvf nginx-1.9.3.tar.gz

$ wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
$ tar -xvf openssl-1.0.2d.tar.gz

$ git clone https://github.com/kvspb/nginx-auth-ldap.git

$ cd nginx-1.9.3
$ ./configure --prefix=/home/endo/local/nginx \
              --with-http_ssl_module \
              --with-openssl=../openssl-1.0.2d \
              --add-module=../nginx-auth-ldap
$ make
$ make install

step2/3 - edit nginx.conf

$ vi /home/endo/local/nginx/conf/nginx_auth_ldap.conf

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    ldap_server ldap_sexy {
        url ldap://ldap.sexy.co.jp/ou=people,o=sexy-group?uid?sub?(objectClass=*)
        group_attribute uniqueMember;
        group_attribute_is_dn on;
        require valid_user;
    }

    server {
        listen       8080;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            auth_ldap "AUTH_LDAP";
            auth_ldap_servers ldap_sexy;
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

step 3/3 - start nginx

$ cd /home/endo/local/nginx
$ ./sbin/nginx -c conf/nginx_auth_ldap.conf