Lots of errors in logfile when used in conjunction with basic auth
btassite opened this issue · 1 comments
Hi,
when used in conjunction with basic auth (and "satisfy any;"), if authorized via ldap, for every subsequent request an error is logged in /var/log/nginx/error.log:
[..] user "foo@example.com" was not found in "/etc/nginx/auth/example.com.pw^@" [..]
(example.org.pw contains the htpasswords for basic auth)
Conversely, for requests after authorization via basic auth an error is logged in /var/log/nginx-ldap-auth/daemon.log:
[..] Error while verifying search query results: no objects found, server="ldap://ad.example.com:3268", login="foo" [..]
At least the latter is only logged once (presumably as long as the authorization result is cached, e.g. every 10 minutes).
So both mechanisms work and can coexist, but whichever one isn't being used logs an error, with basic auth being extremely verbose (an error for every single request).
Is there a way to tell the other mechanism not to log an error?
No, there is no such mechanism.
nginx always logs failed attempts. If you don't like it, you may want to separate users somehow and use single authentication method.
If you have questions about nginx, the better place is nginx mailing list. The issue has nothing to do with ldap auth.