admin管理员组

文章数量:1345047

I am using the nginx-auth-ldap module in NGINX to authenticate against multiple LDAP servers. My configuration is set up to authenticate against the first LDAP server (ldap1), and if it fails, fallback to the second LDAP server (ldap2).

However, I noticed an issue where if the first LDAP server (ldap1) becomes unreachable, NGINX stops responding to authentication requests entirely, instead of falling back to ldap2. On the other hand, if only ldap2 becomes unreachable, authentication through ldap1 continues to work fine.

My NGINX Configuration:

ldap_server ldap1 {
    url ldap://ldap1.example/ou=Users,dc=example,dc=com?uid?sub?(objectClass=person);
    binddn "cn=admin,dc=example,dc=com";
    binddn_passwd "password";
    connect_timeout 3s;
    reconnect_sleeptime 1s;
}

ldap_server ldap2 {
    url ldap://ldap2.example/ou=Users,dc=example2,dc=com?uid?sub?(objectClass=person);
    binddn "cn=admin,dc=example2,dc=com";
    binddn_passwd "password";
    connect_timeout 3s;
    reconnect_sleeptime 1s;
}

server {
    listen 80;

    location /protected/ {
        auth_ldap "Restricted Area";
        auth_ldap_servers ldap1 ldap2;
        proxy_pass http://backend-server;
    }
}

What I Expected:

What I Expected:

  • If ldap1 is reachable, authentication should use it first.
  • If ldap1 fails to authenticate, ldap2 should be used.
  • If ldap1 is unreachable, ldap2 should be used as a fallback. -If ldap2 is unreachable, ldap1 should still work normally.

What Actually Happens:

  • When ldap2 is unreachable, authentication through ldap1 works fine.
  • When ldap1 is unreachable, authentication stops working completely, and NGINX does not fallback to ldap2.

What I Have Tried:

  • Swapping the order of auth_ldap_servers (i.e., ldap2 ldap1) – same issue.
  • Setting a lower connect_timeout for ldap1/2 – no effect.

Question:

  • Why does authentication stop working entirely when ldap1 is unreachable, instead of falling back to ldap2?
  • How can I configure nginx-auth-ldap so that ldap2 is properly used as a fallback when ldap1 is down?

Additional Notes:

  • The LDAP servers are managed by a different team, and I do not have access to their logs or other internal details.

Any help would be greatly appreciated!

本文标签: NGINX nginxauthldap stops authentication when the first LDAP server is unreachableStack Overflow

版权声明:本文标题:NGINX nginx-auth-ldap stops authentication when the first LDAP server is unreachable - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743804107a2541854.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。