I am using nginx 1.4.1 as reverse proxy for tomcat 7.0.33. Using LDAP for user authentication.
Everything works fine except one critical thing: the authenticated user ID does not get to tomcat. I see it in the Tomcat's access log: it shows "-" where the ID is supposed to be.

I tried to set various header elements in nginx.conf, see below a fragment of it (I experimented with them, turning them on and off).
Using tcpdump, I confirmed that all the elements that I set indeed go to the HTTP request.

The same thing with Apache HTTPD works properly, but there we use AJP.

What am I missing? Any other header field I need to set?
Also, can anybody tell me how Tomcat retrieves the authenticated user ID from the request header? What is that field exact name?


auth_ldap_url ............................
auth_ldap_binddn eciadmin@mooncapital.corp;
auth_ldap_binddn_passwd .............;
auth_ldap "Enter your Windows/Network Login To Access MoonWeb";
auth_ldap_require valid_user;

server {
listen mcny14.mooncapital.corp:8880;
server_name mcny14.mooncapital.corp;

location /moon/ {

#proxy_pass_header Set-Cookie;
#proxy_ignore_headers Expires Cache-Control;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-User $remote_user;
proxy_set_header Remote-User $remote_user;
proxy_set_header User $remote_user;
proxy_set_header REMOTE_USER $remote_user;
proxy_set_header X-URL-SCHEME https;
#proxy_set_header Authorization "";

root mdocs;
proxy_pass http://mcny14:8801;
}