You have to compile nginx with the auth-ldap module. Have you done this? I am doing using CloudBioLinux and here is how it is being done in that context, but it would probably be easier just doing it by hand:
https://github.com/chapmanb/cloudbiolinux/blob/master/cloudbio/galaxy/__init...
I have posted my information on configuring CloudMan's nginx for LDAP auth, but you can ignore the CloudMan stuff:
https://production-galaxy-instances-with-cloudman-and-cloudbiolinux.readthed...
http {
auth_ldap_url ldap://ldap.example.com/dc=example,dc=com?uid?sub?(objectClass=person); #auth_ldap_binddn cn=nginx,ou=service,dc=example,dc=com; #auth_ldap_binddn_passwd mYsUperPas55W0Rd #auth_ldap_group_attribute uniquemember; # default 'member' #auth_ldap_group_attribute_is_dn on; # default on
...
}
location / { auth_ldap_require valid_user; auth_ldap "LDAP Auth Source Description"; proxy_set_header REMOTE_USER $remote_user;
proxy_pass http://galaxy_app; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-URL-SCHEME https;
... }
# For API access, set REMOTE_USER if available so Galaxy # session based requests are let through, if REMOTE_USER is not # available pass the request through and let Galaxy determine # if a key is present and valid. location /api { proxy_set_header REMOTE_USER $remote_user; proxy_pass http://galaxy_app; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }
-John
On Wed, Sep 18, 2013 at 7:37 AM, Iry Witham Iry.Witham@jax.org wrote:
Hi Team,
Has anyone had any experience with setting up auth_ldap for nginx? I am attempting to make this work, but nginx fails to start with the following message:
Starting nginx nginx: [emerg] unknown directive "auth_ldap_url" in /usr/local/nginx/conf/nginx.conf:48 startproc: exit status of parent of /usr/local/nginx/sbin/nginx: 1
failed
Any help would be appreciated.
Thanks,
Iry Witham
The information in this email, including attachments, may be confidential and is intended solely for the addressee(s). If you believe you received this email by mistake, please notify the sender by return email as soon as possible.
Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: http://lists.bx.psu.edu/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/