Hi
I'd like to authenticate ldap users based on ldap groups on nginx acting as reverse proxy to backend web servers.
Different ldap groups /users allowed to access differents locations, is this possible ? Actually and as far as i understand, it's only possible to allow all users (not specific ones) and also not groups per location, or just a single ldap group if restricted in the ldap configuration.
I was doing this quite easily with Apache as a reverse proxy on a different firewall, any idea to acheive this on Opnsense ?
Thanks for any help:)
Regards.
Vince
I'm curious which firewall you have used before.
I was using ClearOS and did manual ajustements to the Apache config file.
Ah okay. Well there is an Apache based reverse proxy for OPNsense. The package is called os-OPNWAF and is in the Business Edition. But it does not have ldap authentication built into the GUI.
On NGINX I don't know how to do it sadly.
In Caddy you can choose the "forward_auth" directive in the GUI to send users to an SSO portal hosted with an Authelia or Authentik server to allow specific access. These could communicate with an ldap backend.
Best respond here again so others see I couldn't help you. I was just interested. :)
Thanks for the suggestion, i'll wait to see if anyone else know how to deal with this and Nginx :)
Thanks a lot !