davidjb · June 24, 2015 02:22
diff --git a/nginx-ldap-example.conf b/nginx-ldap-example.conf
 ldap_server ldap_users {
    url 'ldaps://ldap.example.org:636/dc=org?uid?sub?...';
    require valid_user;
 }

 ldap_server ldap_groups {
    url 'ldaps://ldap.example.org:636/dc=org?uid?sub?(objectClass=person)';
    group_attribute "uniqueMember";
    group_attribute_is_dn on;
    require group 'cn=staff,ou=groups,dc=org';
    require group 'cn=admins,ou=groups,dc=org';
    satisfy any;
 }

 server {
 ...
    location /protected {
        auth_ldap "Authorised Only";
        auth_ldap_servers ldap_users;
        auth_ldap_servers ldap_groups;
        error_page 401 /unauthorised.html;
        add_header Cache-Control "no-cache,no-store";
    }

 }
	ldap_server ldap_users {
	url 'ldaps://ldap.example.org:636/dc=org?uid?sub?...';
	require valid_user;
	}

	ldap_server ldap_groups {
	url 'ldaps://ldap.example.org:636/dc=org?uid?sub?(objectClass=person)';
	group_attribute "uniqueMember";
	group_attribute_is_dn on;
	require group 'cn=staff,ou=groups,dc=org';
	require group 'cn=admins,ou=groups,dc=org';
	satisfy any;
	}

	server {
	...
	location /protected {
	auth_ldap "Authorised Only";
	auth_ldap_servers ldap_users;
	auth_ldap_servers ldap_groups;
	error_page 401 /unauthorised.html;
	add_header Cache-Control "no-cache,no-store";
	}

	}