suppress the LDAP authentification for an application in NGINX

Issue

I apply NginX to authenticate Applications for instance myapp1 and myapp2 with LDAP (described here). My config file looks like:

ldap_server myapp1{
    url ldaps://....;
    binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
    binddn_passwd ...;
    group_attribute member;
    group_attribute_is_dn on;
    max_down_retries_count 5;
    satisfy any;
    Require valid-user;
}
ldap_server myapp2{
    url ldaps://....;
    binddn "CN=user,OU=t accounts,DC=dom,DC=uk";
    binddn_passwd ...;
    group_attribute member;
    group_attribute_is_dn on;
    max_down_retries_count 5;
    satisfy any;
    Require valid-user;
}

It works well. Now, I want to supress the authentification for myapp2 in other words, if a user calls the url adress for myapp2 in the browser, the user will not be asked for the authentification and will come directly to the url, but just for myapp2.Is it possible?

Update: I figured out, that there is another part of nginx.conf, namely the proxy part:

    location /myapp1/ {
      auth_ldap_servers myapp1;
      proxy_pass http://127.0.0.1:3838/myapp1/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

    location /myapp2/ {
      auth_ldap_servers myapp2;
      proxy_pass http://127.0.0.1:3838/myapp2/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

probably I have to change something in location part?

Solution

I found finally the solution.

the problem was, that tere is an aditional part in nginx.conf at the beginning. Thses should be integrated in the second part location /myapp/ { ....}. Therefore from:

   auth_ldap "please log in with windows login data";
   auth_ldap_servers myapp1;
   auth_ldap_servers myapp2;
#comment:
# the special part for every app
    location /myapp1/ {
      auth_ldap_servers myapp1;
      proxy_pass http://127.0.0.1:3838/myapp1/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

    location /myapp2/ {
      auth_ldap_servers myapp2;
      proxy_pass http://127.0.0.1:3838/myapp2/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

to

    location /myapp1/ {
      auth_ldap "please log in with windows login data";
      auth_ldap_servers myapp1;
      proxy_pass http://127.0.0.1:3838/myapp1/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

    location /myapp2/ {
      auth_ldap "please log in with windows login data";
      auth_ldap_servers myapp2;
      proxy_pass http://127.0.0.1:3838/myapp2/;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $remote_addr;
    }

Answered By – maniA

Answer Checked By – Jay B. (AngularFixing Admin)

Leave a Reply

Your email address will not be published.