How to configure nginx with AD authorozation

To provide nginx authorization via Microsoft Active Directory you should use the next commands in Ubuntu 16.04:

1. apt update
2. sudo apt install dpkg-dev libldap2-dev
3. sudo add-apt-repository ppa:nginx/stable
4. Edit sudo vim /etc/apt/sources.list.d/nginx-stable-trusty.list add dpkg-src:
   1. deb http://ppa.launchpad.net/nginx/stable/ubuntu xenial main
   2. deb-src http://ppa.launchpad.net/nginx/stable/ubuntu xenial main
5. sudo apt update
6. sudo apt-get source nginx
7. sudo apt-get build-dep nginx
8. Edit nginx-1.10.1/debian/rules and under section ‘full_configure_flags := \’ add following line:
   1. —add-module=$(MODULESDIR)/nginx-auth-ldap
9. Inside modules directory “sudo git clone https://github.com/kvspb/nginx-auth-ldap.git”
10. cd /opt/nginx/nginx-1.10.1
11. sudo dpkg-buildpackage -uc -us (or -b flag)
12. Install generated packages inside /opt/nginx
    1. sudo dpkg —install nginx-common_1.10.1-1+xenial1_all.deb
    2. sudo dpkg —install nginx-full_1.10.1-1+xenial1_amd64.deb
13. Edit main config file /etc/nginx/nginx.conf
14. Edit /etc/nginx/fastcgi_params and add following:
    1. “fastcgi_param REMOTE_USER $remote_user”;
15. sudo nginx -V to check if nginx-auth-ldap is loaded

This configuration lines you should insert into your main configuration file /etc/nginx/nginx.conf before the

include /etc/nginx/conf.d/*.conf; 

include /etc/nginx/sites-enabled/*;

ldap_server LDAP1 { 

   url "ldap://<ip-address>:3268/DC=<domain-name>,DC=com?sAMAccountName?sub?";

   binddn "<Bind Account>"; 

   binddn_passwd "<Bind Password>";  

   connect_timeout 5s; bind_timeout 5s;  

   request_timeout 5s; satisfy any;  

}

And the lines that goes below you shoud insert in the configuration file of your site

/etc/nginx/conf.d/something.conf in the server part and before location part:

auth_ldap "Restricted Access"; 

auth_ldap_servers LDAP1;