Hello & happy new year!

my goal is to configure nginx to deny access from most client-ip but allow access from special ip's
for authenticated users. This work for basic_authentication as expect but behave different with auth_ldap
I use https://github.com/kvspb/nginx-auth-ldap.

simplified configuration with no allowed IPs at all:

server {
listen *:80;
deny all;
location /auth_basic {
auth_basic "auth_basic";
auth_basic_user_file /path/to/auth_basic_user_file;
}
}

$ curl -v http://nginx/auth_basic
$ curl -v -u user:pass http://nginx/auth_basic
$ curl -v -u user:wrong http://nginx/auth_basic

all three calls return "403 Forbidden", which is ok and acceptable to me.

switching to auth_ldap the results are different:

ldap_server ldap-server {
url ldap://ldap-server/dc=example?cn?sub?(objectclass=top);
require valid_user;
}
server {
listen *:80;
deny all;
location /auth_ldap {
auth_ldap "auth_ldap";
auth_ldap_servers "ldap-server";
}
}

$ curl -v http://nginx/auth_ldap
$ curl -v -u user:wrong http://nginx/auth_ldap
return "401 Unauthorized" expected: "403 Forbidden"

$ curl -v -u user:pass http://nginx/auth_ldap
return "403 Forbidden"

Is there anything wrong with my configuration or is the unexpected request for authentication
a result of how https://github.com/kvspb/nginx-auth-ldap is written?

Andreas

-> return "403 Forbidden"

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx