配置Nginx使用Active Directory 做认证

配置Nginx使用AD做认证

nginx.conf 配置

http {
    ldap_server ldap {
    url ldap://xxx:389/DC=test,DC=com?sAMAccountName?sub?(objectClass=person);
    binddn "admin@test.com";
    binddn_passwd adminpass;
    group_attribute uniquemember;
    group_attribute_is_dn off;
    require  valid_user;
    ssl_check_cert off;
    }
}

具体域名配置

    location / {
        include  /usr/local/openresty/nginx/conf/acl.cfg;
        auth_ldap "Forbidden";
        auth_ldap_servers ldap;
    }