Linux technical support - [email protected]


kibana 3 ldap nginx example

    ldap_server dc1 {
      url ldap://dc1.alexlinux.com:3268/DC=alexlinux,DC=com?sAMAccountName?sub?(objectClass=person);
      binddn "alexlinux\\someuser";
      binddn_passwd XXXXXXX;
      group_attribute member;
      group_attribute_is_dn on;
      require valid_user;
      require group "CN=auditor_reader,OU=Groups,DC=alexlinux,DC=com";
    }

----------------------------------------------------------------------------------------------
server {
  listen                *:80 ;
  server_name           auditor.alexlinux.com;
  access_log            /var/log/nginx/kibana.myhost.org.access.log;
  error_log /var/log/nginx/kibana.myhost.org.debug.log;
  auth_ldap "Forbidden";
  auth_ldap_servers dc1;
  location / {
    root  /opt/logstash/vendor/kibana/;
  }

  location ~ ^/_aliases$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/.*/_aliases$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/_nodes$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/.*/_search$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }
  location ~ ^/.*/_mapping {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
  }

  # Password protected end points
  location ~ ^/kibana-int/dashboard/.*$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
    limit_except GET {
      proxy_pass http://127.0.0.1:9200;
    }
  }

  location ~ ^/kibana-int/temp.*$ {
    proxy_pass http://127.0.0.1:9200;
    proxy_read_timeout 90;
    limit_except GET {
      proxy_pass http://127.0.0.1:9200;
    }
  }
}

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>