To provide nginx authorization via Microsoft Active Directory you should use the next commands in Ubuntu 16.04:
- apt update
- sudo apt install dpkg-dev libldap2-dev
- sudo add-apt-repository ppa:nginx/stable
- Edit sudo vim /etc/apt/sources.list.d/nginx-stable-trusty.list add dpkg-src:
- deb http://ppa.launchpad.net/nginx/stable/ubuntu xenial main
- deb-src http://ppa.launchpad.net/nginx/stable/ubuntu xenial main
- sudo apt update
- sudo apt-get source nginx
- sudo apt-get build-dep nginx
- Edit nginx-1.10.1/debian/rules and under section ‘full_configure_flags := \’ add following line:
- —add-module=$(MODULESDIR)/nginx-auth-ldap
- Inside modules directory “sudo git clone https://github.com/kvspb/nginx-auth-ldap.git”
- cd /opt/nginx/nginx-1.10.1
- sudo dpkg-buildpackage -uc -us (or -b flag)
- Install generated packages inside /opt/nginx
- sudo dpkg —install nginx-common_1.10.1-1+xenial1_all.deb
- sudo dpkg —install nginx-full_1.10.1-1+xenial1_amd64.deb
- Edit main config file /etc/nginx/nginx.conf
- Edit /etc/nginx/fastcgi_params and add following:
- “fastcgi_param REMOTE_USER $remote_user”;
- sudo nginx -V to check if nginx-auth-ldap is loaded
This configuration lines you should insert into your main configuration file /etc/nginx/nginx.conf before the
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
ldap_server LDAP1 {
url "ldap://<ip-address>:3268/DC=<domain-name>,DC=com?sAMAccountName?sub?";
binddn "<Bind Account>";
binddn_passwd "<Bind Password>";
connect_timeout 5s;
bind_timeout 5s;
request_timeout 5s;
satisfy any;
}
And the lines that goes below you shoud insert in the configuration file of your site
/etc/nginx/conf.d/something.conf in the server part and before location part:
auth_ldap "Restricted Access";
auth_ldap_servers LDAP1;