配置Nginx使用AD做認證
nginx.conf 配置
http {
ldap_server ldap {
url ldap://xxx:389/DC=test,DC=com?sAMAccountName?sub?(objectClass=person);
binddn "admin@test.com";
binddn_passwd adminpass;
group_attribute uniquemember;
group_attribute_is_dn off;
require valid_user;
ssl_check_cert off;
}
}
具體域名配置
location / { include /usr/local/openresty/nginx/conf/acl.cfg; auth_ldap "Forbidden"; auth_ldap_servers ldap; }