I want my public web server, which runs nginx, to authenticate against my active directory server using LDAP. I’ve written in the past about how to use PHP to authenticate against active directory in this way, but there are a couple of problems: my active directory server isn’t accessible to the internet, and I want to use standard HTTP authentication instead of username and password boxes included on a webpage.
The answer, I think, is to put an authentication PHP script on my home server, make that available to the public web server through an SSH tunnel, and then use nginx’s Auth Request module to authenticate against it using the public server as a proxy.
This is – I hope – less complicated than it sounds. We’ll see, and I’ll post more if and when I’m successful, but the problem I’ve initially run into is that nginx in Ubuntu’s repositories doesn’t include the Auth Request module. I have remove nginx and re-install it from source, compiling it with the additional module included.
It’s a bit of a daunting process, but the page I’ve linked seems like it will take me through it step by step.
Wish me luck!