library/roles/nginx: New parameters to customize the ldap authentication via pam.

nginx/defaults/main.yml

@@ -32,7 +32,8 @@ nginx_use_ldap_pam_auth: False
 nginx_pam_svc_name: nginx
 nginx_ldap_uri: "ldap://ldap.example.org"
 nginx_ldap_base_dn: "dc=example,dc=org"
-
+# nginx_ldap_login_attribute: uid
+# nginx_ldap_pam_groupdn:
 nginx_letsencrypt_managed: True
 
 # Virtualhost example

nginx/templates/ldap.conf.j2

@@ -3,7 +3,12 @@ base {{ nginx_ldap_base_dn }}
 
 # Another way to specify your LDAP server is to provide an
 uri {{ nginx_ldap_uri }}
-
+if {% nginx_ldap_login_attribute is defined %}
+pam_login_attribute {{ nginx_ldap_login_attribute }}
+{% endif %}
+if {% nginx_ldap_pam_groupdn is defined %}
+pam_groupdn
+{% endif %}
 # The LDAP version to use (defaults to 3
 # if supported by client library)
 ldap_version 3