ldap_server dc1 { url ldap://dc1.alexlinux.com:3268/DC=alexlinux,DC=com?sAMAccountName?sub?(objectClass=person); binddn "alexlinux\\someuser"; binddn_passwd XXXXXXX; group_attribute member; group_attribute_is_dn on; require valid_user; require group "CN=auditor_reader,OU=Groups,DC=alexlinux,DC=com"; } ---------------------------------------------------------------------------------------------- server { listen *:80 ; server_name auditor.alexlinux.com; access_log /var/log/nginx/kibana.myhost.org.access.log; error_log /var/log/nginx/kibana.myhost.org.debug.log; auth_ldap "Forbidden"; auth_ldap_servers dc1; location / { root /opt/logstash/vendor/kibana/; } location ~ ^/_aliases$ { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; } location ~ ^/.*/_aliases$ { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; } location ~ ^/_nodes$ { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; } location ~ ^/.*/_search$ { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; } location ~ ^/.*/_mapping { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; } # Password protected end points location ~ ^/kibana-int/dashboard/.*$ { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; limit_except GET { proxy_pass http://127.0.0.1:9200; } } location ~ ^/kibana-int/temp.*$ { proxy_pass http://127.0.0.1:9200; proxy_read_timeout 90; limit_except GET { proxy_pass http://127.0.0.1:9200; } } }