科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>NGINX nginx-auth-ldap stops authentication when the first LDAP server is unreachable - Stack Overflow

    NGINX nginx-auth-ldap stops authentication when the first LDAP server is unreachable - Stack Overflow

    programmeradmin0浏览0评论

    I am using the nginx-auth-ldap module in NGINX to authenticate against multiple LDAP servers. My configuration is set up to authenticate against the first LDAP server (ldap1), and if it fails, fallback to the second LDAP server (ldap2).

    However, I noticed an issue where if the first LDAP server (ldap1) becomes unreachable, NGINX stops responding to authentication requests entirely, instead of falling back to ldap2. On the other hand, if only ldap2 becomes unreachable, authentication through ldap1 continues to work fine.

    My NGINX Configuration:

    ldap_server ldap1 {
    url ldap://ldap1.example/ou=Users,dc=example,dc=com?uid?sub?(objectClass=person);
    binddn "cn=admin,dc=example,dc=com";
    binddn_passwd "password";
    connect_timeout 3s;
    reconnect_sleeptime 1s;
}

ldap_server ldap2 {
    url ldap://ldap2.example/ou=Users,dc=example2,dc=com?uid?sub?(objectClass=person);
    binddn "cn=admin,dc=example2,dc=com";
    binddn_passwd "password";
    connect_timeout 3s;
    reconnect_sleeptime 1s;
}

server {
    listen 80;

    location /protected/ {
        auth_ldap "Restricted Area";
        auth_ldap_servers ldap1 ldap2;
        proxy_pass http://backend-server;
    }
}

    What I Expected:

    What I Expected:

    • If ldap1 is reachable, authentication should use it first.
    • If ldap1 fails to authenticate, ldap2 should be used.
    • If ldap1 is unreachable, ldap2 should be used as a fallback. -If ldap2 is unreachable, ldap1 should still work normally.

    What Actually Happens:

    • When ldap2 is unreachable, authentication through ldap1 works fine.
    • When ldap1 is unreachable, authentication stops working completely, and NGINX does not fallback to ldap2.

    What I Have Tried:

    • Swapping the order of auth_ldap_servers (i.e., ldap2 ldap1) – same issue.
    • Setting a lower connect_timeout for ldap1/2 – no effect.

    Question:

    • Why does authentication stop working entirely when ldap1 is unreachable, instead of falling back to ldap2?
    • How can I configure nginx-auth-ldap so that ldap2 is properly used as a fallback when ldap1 is down?

    Additional Notes:

    • The LDAP servers are managed by a different team, and I do not have access to their logs or other internal details.

    Any help would be greatly appreciated!

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论