[Nginx] nginx + ldap 연동
ITWeb/개발일반 2019. 9. 19. 14:38$ nginx -V
nginx version: nginx/1.14.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.1.0h 27 Mar 2018
TLS SNI support enabled
configure arguments: --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/run/nginx.pid --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-pcre=../pcre-8.42 --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.0h --with-http_ssl_module --add-module=../nginx-auth-ldap --user=nginx --group=nginx
다운로드)
http://nginx.org/en/download.html
소스코드 Clone)
$ git clone https://github.com/kvspb/nginx-auth-ldap.git
$ tar -xvzf nginx-1.14.2.tar.gz
$ cd nginx-1.14.2
$ ./configure --with-compat --add-dynamic-module=../nginx-auth-ldap
$ make modules
$ cp objs/ngx_http_auth_ldap_module.so /etc/nginx/modules/
$ vi /etc/nginx/nginx.conf
...중략...
load_module /etc/nginx/modules/ngx_http_auth_ldap_module.so;
...중략...
http {
auth_ldap_cache_enabled on;
auth_ldap_cache_expiration_time 10000;
auth_ldap_cache_size 1000;
ldap_server ipa {
url "ldap://.................";
binddn "uid=LDAPUSER,cn=users,cn=accounts,dc=..............,dc=kr";
binddn_passwd "LDAPPASSWORD";
group_attribute uniquemember;
group_attribute_is_dn on;
require valid_user;
}
server {
location / {
auth_ldap "Enter AD credentials e.g. 'your ID'";
auth_ldap_servers ipa;
root html;
index index.html index.htm;
}
}
}
$ nginx -t
nginx: [emerg] module "ngx_http_auth_ldap_module" is already loaded in /etc/nginx/nginx.conf:8
nginx: configuration file /etc/nginx/nginx.conf test failed
nginx 재시작
-- load_module /etc/nginx/modules/ngx_http_auth_ldap_module.so; 부분 제거
$ systemctl restart nginx
참고)
- nginx dynamic module build
https://www.nginx.com/blog/compiling-dynamic-modules-nginx-plus/
이걸 어디서 사용하냐면 kibana + ldap 연동 시 사용하면 좋습니다. (ldap 연동은 elastic stack basic 이 아니라서....)
기고해 주신 보스웰 고맙습니다.