How to rebuild nginx with LDAP support on CentOS

Wait? I can't just tick a box, like on FreeBSD?

January 2019.
the nginx logothe centos logo


We want LDAP in our nginx. We need to rebuild nginx with the LDAP module. Let's rebuild the official RPM to ensure we have a proper piece of software that will run correctly on our system.

The server used here is pretty much normal:

# uname -a
Linux jambon 3.10.0-229.20.1.el7.x86_64 #1 SMP Tue Nov 3 19:10:07 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
# cat /etc/centos-release
CentOS Linux release 7.2.1511 (Core)

Prepare the build

Download the RPM build tools:

yum install yum-utils rpmdevtools

Create the base environment to build packages:

# rpmdev-setuptree
# ll ~/rpmbuild/
total 0
drwxr-xr-x. 2 root root 6 Jul 17 2017 BUILD
drwxr-xr-x. 2 root root 6 Jul 17 2017 BUILDROOT
drwxr-xr-x. 2 root root 6 Jul 17 2017 RPMS
drwxr-xr-x. 2 root root 6 Jul 17 2017 SOURCES
drwxr-xr-x. 2 root root 6 Jul 17 2017 SPECS
drwxr-xr-x. 2 root root 6 Jul 17 2017 SRPMS

Download the source RPM:

# cd ~/rpmbuild/SRPMS/
# yumdownloader --source nginx
# ls

If yumdownloader does not find it, use a search engine and find it yourself.

Ensure we have all the build dependencies installed:

# yum-builddep nginx-1.12.2-2.el7.src.rpm

Expand the SRPM into the build tree:

# rpm -ivh nginx-1.12.2-2.el7.src.rpm
# ls ../SPECS/nginx.spec

Patch and build

Get the LDAP module from git:

# git clone ~/nginx-auth-ldap

Patch the spec file to include the module in the nginx's configure call:

# cd ~/rpmbuild/SPECS
# patch -p1 >>EOF
--- SPECS/nginx.spec.orig 2019-01-27 10:53:58.485211445 +0100
+++ SPECS/nginx.spec 2019-01-27 10:58:24.913630713 +0100
@@ -204,6 +204,7 @@
--lock-path=/run/lock/subsys/nginx \\
--user=%{nginx_user} \\
--group=%{nginx_user} \\
+ --add-module=/root/nginx-auth-ldap \\
%if 0%{?with_aio}
--with-file-aio \\

Execute the build and check that the RPMs have been generated:

# cd ~/rpmbuild
# rpmbuild -ba SPECS/nginx.spec
# # ls RPMS/x86_64/
nginx-1.12.2-2.el7.centos.x86_64.rpm nginx-mod-http-image-filter-1.12.2-2.el7.centos.x86_64.rpm nginx-mod-mail-1.12.2-2.el7.centos.x86_64.rpm
nginx-debuginfo-1.12.2-2.el7.centos.x86_64.rpm nginx-mod-http-perl-1.12.2-2.el7.centos.x86_64.rpm nginx-mod-stream-1.12.2-2.el7.centos.x86_64.rpm
nginx-mod-http-geoip-1.12.2-2.el7.centos.x86_64.rpm nginx-mod-http-xslt-filter-1.12.2-2.el7.centos.x86_64.rpm

Install and configure

Install the result RPMs:

# rpm -i 'RPMS/noarch/*.rpm' 'RPMS/x86_64/*.rpm'

Check that the current binary has LDAP support:

# nginx -V 2>&1 | grep -o nginx-auth-ldap

Add LDAP to a server as usual:

http {

ldap_server infra {
url ldap://,dc=example,dc=com?uid?sub?(objectClass=person);
binddn "cn=git,ou=dsa,dc=example,dc=com";
binddn_passwd correcthorsebatterystaple;
group_attribute uniquemember;
group_attribute_is_dn on;
require valid_user;

server {

auth_ldap "Restricted access";
auth_ldap_servers infra;