From d6e985159e79438fd4b7d907973e835fa28cc851 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 20 Jul 2016 16:09:55 +0200 Subject: [PATCH] library/roles/nginx: New parameters to customize the ldap authentication via pam. --- nginx/defaults/main.yml | 3 ++- nginx/templates/ldap.conf.j2 | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index 3a7d287..f2d6be7 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -32,7 +32,8 @@ nginx_use_ldap_pam_auth: False nginx_pam_svc_name: nginx nginx_ldap_uri: "ldap://ldap.example.org" nginx_ldap_base_dn: "dc=example,dc=org" - +# nginx_ldap_login_attribute: uid +# nginx_ldap_pam_groupdn: nginx_letsencrypt_managed: True # Virtualhost example diff --git a/nginx/templates/ldap.conf.j2 b/nginx/templates/ldap.conf.j2 index fba620a..b748f41 100644 --- a/nginx/templates/ldap.conf.j2 +++ b/nginx/templates/ldap.conf.j2 @@ -3,7 +3,12 @@ base {{ nginx_ldap_base_dn }} # Another way to specify your LDAP server is to provide an uri {{ nginx_ldap_uri }} - +if {% nginx_ldap_login_attribute is defined %} +pam_login_attribute {{ nginx_ldap_login_attribute }} +{% endif %} +if {% nginx_ldap_pam_groupdn is defined %} +pam_groupdn +{% endif %} # The LDAP version to use (defaults to 3 # if supported by client library) ldap_version 3