Skip to content

Commit 65baffd

Browse files
drizuiddrizuid
authored
Merge pull request #29 from yzargari/add-https-support
Adding HTTPS support for nginx-ldap-auth-daemon.py
2 parents 5054509 + 582f2be commit 65baffd

File tree

2 files changed

+10
-0
lines changed

2 files changed

+10
-0
lines changed

readme-vars.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ param_env_vars:
3030
opt_param_usage_include_env: true
3131
opt_param_env_vars:
3232
- { env_var: "FERNETKEY", env_value: "", desc: "Optionally define a custom fernet key, has to be base64-encoded 32-byte (only needed if container is frequently recreated, or if using multi-node setups, invalidating previous authentications)" }
33+
- { env_var: "CERTFILE", env_value: "", desc: "Point this to a certificate file to enable HTTP over SSL (HTTPS) for the ldap auth daemon" }
34+
- { env_var: "KEYFILE", env_value: "", desc: "Point this to the private key file, matching the certificate file referred to in CERTFILE" }
3335

3436
# application setup block
3537
app_setup_block_enabled: true
@@ -41,6 +43,7 @@ app_setup_block: |
4143
4244
# changelog
4345
changelogs:
46+
- { date: "27.07.20:", desc: "Add support for HTTP over SSL (HTTPS)." }
4447
- { date: "21.07.20:", desc: "Add support for optional user defined fernet key." }
4548
- { date: "02.06.20:", desc: "Rebasing to alpine 3.12, serve login page at `/ldaplogin` as well as `/login`, to prevent clashes with reverese proxied apps." }
4649
- { date: "17.05.20:", desc: "Add support for self-signed CA certs." }

root/app/nginx-ldap-auth-daemon.py

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -302,6 +302,9 @@ def exit_handler(signal, frame):
302302
group.add_argument('-s', '--starttls', metavar="starttls",
303303
default="false",
304304
help=("Establish a STARTTLS protected session (Default: false)"))
305+
group.add_argument('--disable-referrals', metavar="disable_referrals",
306+
default="false",
307+
help=("Sets ldap.OPT_REFERRALS to zero (Default: false)"))
305308
group.add_argument('-b', metavar="baseDn", dest="basedn", default='',
306309
help="LDAP base dn (Default: unset)")
307310
group.add_argument('-D', metavar="bindDn", dest="binddn", default='',
@@ -333,6 +336,10 @@ def exit_handler(signal, frame):
333336
}
334337
LDAPAuthHandler.set_params(auth_params)
335338
server = AuthHTTPServer(Listen, LDAPAuthHandler)
339+
if os.path.isfile(os.environ.get("CERTFILE")) and os.path.isfile(os.environ.get("KEYFILE")):
340+
import ssl
341+
server.socket = ssl.wrap_socket (server.socket, certfile=os.environ.get("CERTFILE"), keyfile=os.environ.get("KEYFILE"), server_side=True)
342+
sys.stdout.write("SSL enabled using certificate file %s and key file %s\n" % (os.environ.get("CERTFILE"), os.environ.get("KEYFILE")))
336343
signal.signal(signal.SIGINT, exit_handler)
337344
signal.signal(signal.SIGTERM, exit_handler)
338345

0 commit comments

Comments
 (0)