nginx認證走LDAP

使用nginx走ldap認證：

將原nginx進行備份：

[root@daya-02?nginx-1.12.2]#?mv?/usr/sbin/nginx?/usr/sbin/nginx.bak
[root@daya-02?nginx-1.12.2]#?cp?-r?/etc/nginx/?/etc/nginx_bak

查看當前安裝好的nginx版本：

[root@daya-02?~]#?nginx?-V
nginx?version:?nginx/1.12.2

下載相同版本的源碼包：

[root@daya-02?~]#?wget?http://nginx.org/download/nginx-1.12.2.tar.gz
[root@daya-02?~]#?tar?xf?nginx-1.12.2.tar.gz

下載ldap需要的擴展包：

git?clone?https://github.com/kvspb/nginx-auth-ldap.git

查看原nginx的編譯參數：

[root@daya-02?nginx-1.12.2]#?nginx?-V
nginx?version:?nginx/1.12.2
built?by?gcc?4.8.5?20150623?(Red?Hat?4.8.5-36)?(GCC)
built?with?OpenSSL?1.0.2k-fips??26?Jan?2017
TLS?SNI?support?enabled
configure?arguments:?--prefix=/usr/share/nginx?--sbin-path=/usr/sbin/nginx?--modules-path=/usr/lib64/nginx/modules?--conf-path=/etc/nginx/nginx.conf?--error-log-path=/var/log/nginx/error.log?--http-log-path=/var/log/nginx/access.log?--http-client-body-temp-path=/var/lib/nginx/tmp/client_body?--http-proxy-temp-path=/var/lib/nginx/tmp/proxy?--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi?--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi?--http-scgi-temp-path=/var/lib/nginx/tmp/scgi?--pid-path=/run/nginx.pid?--lock-path=/run/lock/subsys/nginx?--user=nginx?--group=nginx?--with-file-aio?--with-ipv6?--with-http_auth_request_module?--with-http_ssl_module?--with-http_v2_module?--with-http_realip_module?--with-http_addition_module?--with-http_xslt_module=dynamic?--with-http_image_filter_module=dynamic?--with-http_geoip_module=dynamic?--with-http_sub_module?--with-http_dav_module?--with-http_flv_module?--with-http_mp4_module?--with-http_gunzip_module?--with-http_gzip_static_module?--with-http_random_index_module?--with-http_secure_link_module?--with-http_degradation_module?--with-http_slice_module?--with-http_stub_status_module?--with-http_perl_module=dynamic?--with-mail=dynamic?--with-mail_ssl_module?--with-pcre?--with-pcre-jit?--with-stream=dynamic?--with-stream_ssl_module?--with-google_perftools_module?--with-debug?--with-cc-opt='-O2?-g?-pipe?-Wall?-Wp,-D_FORTIFY_SOURCE=2?-fexceptions?-fstack-protector-strong?--param=ssp-buffer-size=4?-grecord-gcc-switches?-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1?-m64?-mtune=generic'?--with-ld-opt='-Wl,-z,relro?-specs=/usr/lib/rpm/redhat/redhat-hardened-ld?-Wl,-E'

再次編譯就需要原來的編譯參數加上需要添加的參數就好：

[root@daya-02?nginx-1.12.2]#?./configure?--prefix=/usr/share/nginx?--sbin-path=/usr/sbin/nginx?--modules-path=/usr/lib64/nginx/modules?--conf-path=/etc/nginx/nginx.conf?--error-log-path=/var/log/nginx/error.log?--http-log-path=/var/log/nginx/access.log?--http-client-body-temp-path=/var/lib/nginx/tmp/client_body?--http-proxy-temp-path=/var/lib/nginx/tmp/proxy?--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi?--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi?--http-scgi-temp-path=/var/lib/nginx/tmp/scgi?--pid-path=/run/nginx.pid?--lock-path=/run/lock/subsys/nginx?--user=nginx?--group=nginx?--with-file-aio?--with-ipv6?--with-http_auth_request_module?--with-http_ssl_module?--with-http_v2_module?--with-http_realip_module?--with-http_addition_module?--with-http_xslt_module=dynamic?--with-http_image_filter_module=dynamic?--with-http_geoip_module=dynamic?--with-http_sub_module?--with-http_dav_module?--with-http_flv_module?--with-http_mp4_module?--with-http_gunzip_module?--with-http_gzip_static_module?--with-http_random_index_module?--with-http_secure_link_module?--with-http_degradation_module?--with-http_slice_module?--with-http_stub_status_module?--with-http_perl_module=dynamic?--with-mail=dynamic?--with-mail_ssl_module?--with-pcre?--with-pcre-jit?--with-stream=dynamic?--with-stream_ssl_module?--with-google_perftools_module?--with-debug?--with-cc-opt='-O2?-g?-pipe?-Wall?-Wp,-D_FORTIFY_SOURCE=2?-fexceptions?-fstack-protector-strong?--param=ssp-buffer-size=4?-grecord-gcc-switches?-specs=/usr/lib/rpm/redhat/redhat-hardened-cc1?-m64?-mtune=generic'?--with-ld-opt='-Wl,-z,relro?-specs=/usr/lib/rpm/redhat/redhat-hardened-ld?-Wl,-E'?--add-module=/root/nginx-auth-ldap

然后執行make，只make就好不用install

檢查是否可用：

[root@daya-02?nginx-1.12.2]#?./objs/nginx?-t

進行替換：

[root@daya-02?nginx-1.12.2]#?cp?./objs/nginx?/usr/sbin/

重啟：

[root@daya-02?nginx-1.12.2]#?nginx?-s?reload

配置ldap認證：

????ldap_server?test?{
????????url?ldap://172.16.28.180:389/DC=test,DC=com?cn?sub?(objectClass=person);
????????binddn?"cn=admin,dc=test,dc=com";
????????binddn_passwd?123465;
????????#group_attribute?People;
????????#group_attribute_is_dn?on;
????????require?valid_user;
????}
????server?{
????????listen???????8080;
????????server_name??_;
????????root?????????/usr/share/nginx/html;
????????location?/?{
????????????auth_ldap?"Forbidden";
????????????auth_ldap_servers?test;
????????}
????}

遇到問題：以下都是環境上缺少相關的依賴，安裝即可

./configure:?error:?the?HTTP?XSLT?module?requires?the?libxml2/libxslt
yum?install?libxslt-devel?-y

./configure:?error:?the?HTTP?image?filter?module?requires?the?GD?library.
?yum?install?gd-devel?-y
?
?./configure:?error:?perl?module?ExtUtils::Embed?is?required
?yum?-y?install?perl-devel?perl-ExtUtils-Embed
?
./configure:?error:?the?GeoIP?module?requires?the?GeoIP?library.
?yum?-y?install?GeoIP?GeoIP-devel?GeoIP-data
?
./configure:?error:?the?Google?perftools?module?requires?the?Google?perftools
yum?install?gperftools?-y

./configure:?error:?SSL?modules?require?the?OpenSSL?library.
yum?-y?install?openssl?openssl-devel

checking?for?--with-ld-opt="-Wl,-z,relro?-specs=/usr/lib/rpm/redhat/redhat-hardened-ld?-Wl,-E"?...?not?found
./configure:?error:?the?invalid?value?in?--with-ld-opt="-Wl,-z,relro?-specs=/usr/lib/rpm/redhat/redhat-hardened-ld?-Wl,-E"
yum?install?redhat-rpm-config?-y

./configure:?error:?perl?module?ExtUtils::Embed?is?required
yum?-y?install?perl-devel?perl-ExtUtils-Embed

在執行make時候的報錯：
/root/nginx-auth-ldap/ngx_http_auth_ldap_module.c:33:18:?fatal?error:?ldap.h:?No?such?file?or?directory
?#include?<ldap.h>
yum?install?-y?openldap-devel