nginx-ldap-auth/README.md

# Nginx LDAP Auth

Use this in order to provide a ingress authentication over LDAP for Kubernetes, change the Secret inside `config.sample.yaml` to match your LDAP server and run:

    kubectl create secret generic nginx-ldap-auth --from-file=config.yaml=config.sample.yaml

    kubectl apply -f k8s.yaml

Configure your ingress with annotation `nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555` as described on [nginx documentation](https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/).

## Configuration

The actual version choose a random server, in future version it is intended to have a pool of them, that is why it is a list, not a single one, but you can fill only one if you wish.

The prefix tell the program which protocol to use, if `ldaps://` it will try LDAP over SSL, if `ldap://` it will try plain LDAP with STARTTLS, case no prefix is given it will try to guess based on port, 636 for SSL and 389 for plain.

If the `user.requiredGroups` list is omited or empty all LDAP users will be allowed regardless the group, if not empty all groups will be required, the next version will have more flexible configuration.

If you are not sure what `filter`, `bindDN` or `baseDN` to use, here is a tip:

    ldapsearch -H ${servers[*]} -D ${auth.bindDN} -w ${auth.bindPW} -b ${user.baseDN|group.baseDN} ${user.filter|group.filter}

Replace the values between `${...}` to the ones on `config.yaml`, when you succeed you can fill the final configuration.

Timeouts are configurable, but it is recommended not to use values less than some seconds, it was planned to prevent several identical requests to LDAP servers.
First commit 2018-09-15 08:43:38 -04:00			`# Nginx LDAP Auth`

Extracted secret 2018-10-09 08:29:36 -04:00			Use this in order to provide a ingress authentication over LDAP for Kubernetes, change the Secret inside `config.sample.yaml` to match your LDAP server and run:

			`kubectl create secret generic nginx-ldap-auth --from-file=config.yaml=config.sample.yaml`
First commit 2018-09-15 08:43:38 -04:00
			`kubectl apply -f k8s.yaml`

Extracted secret 2018-10-09 08:29:36 -04:00			Configure your ingress with annotation `nginx.ingress.kubernetes.io/auth-url: http://nginx-ldap-auth.default.svc.cluster.local:5555` as described on [nginx documentation](https://kubernetes.github.io/ingress-nginx/examples/auth/external-auth/).

Refactor 2018-10-09 19:59:52 -04:00			`## Configuration`
Extracted secret 2018-10-09 08:29:36 -04:00
			`The actual version choose a random server, in future version it is intended to have a pool of them, that is why it is a list, not a single one, but you can fill only one if you wish.`

			The prefix tell the program which protocol to use, if `ldaps://` it will try LDAP over SSL, if `ldap://` it will try plain LDAP with STARTTLS, case no prefix is given it will try to guess based on port, 636 for SSL and 389 for plain.

			If the `user.requiredGroups` list is omited or empty all LDAP users will be allowed regardless the group, if not empty all groups will be required, the next version will have more flexible configuration.

			If you are not sure what `filter`, `bindDN` or `baseDN` to use, here is a tip:

			`ldapsearch -H ${servers[*]} -D ${auth.bindDN} -w ${auth.bindPW} -b ${user.baseDN\|group.baseDN} ${user.filter\|group.filter}`

			Replace the values between `${...}` to the ones on `config.yaml`, when you succeed you can fill the final configuration.

			`Timeouts are configurable, but it is recommended not to use values less than some seconds, it was planned to prevent several identical requests to LDAP servers.`