Kibana and AD Authentication
We will do this whole thing on lighttpd. First, let’s install all the necessary software
apt install lighttpd lighttpd-mod-authn-ldap
А дальше настраиваем:
server.modules += ("mod_auth")
server.modules += ("mod_proxy")
server.modules += ("mod_redirect")
server.modules += ("mod_accesslog")
accesslog.filename = "/var/log/lighttpd/logs-access.log"
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ ".*" {
url.redirect = ("^(.*)" => "https://%0$0")
}
}
$SERVER["socket"] == ":443" {
protocol = "https://"
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/server.pem"
ssl.use-sslv2 = "disable"
auth.backend = "ldap"
auth.backend.ldap.hostname = "ldap.corp.example.com:389"
auth.backend.ldap.base-dn = "DC=corp,DC=example,DC=com"
auth.backend.ldap.bind-dn = "CN=kibana,OU=Accounts,DC=corp,DC=example,DC=com"
auth.backend.ldap.bind-pw = "{password}"
auth.backend.ldap.filter = "(sAMAccountName=$)"
auth.backend.ldap.allow-empty-pw = "disable"
auth.require = (
"/" => (
"method" => "basic",
"realm" => "corp.example.com",
"require" => "valid-user"
)
)
proxy.server = ("" => (("host" => "127.0.0.1", "port" => "5601")))
}