NGINX - Limit access to folder to a list of user from ldap authentication-CodePudding

A have an nginx reverse proxy behind ldap authentication. I can read username in php from variable $_SERVER['PHP_AUTH_USER']. I think this means that username is passed from ldap to nginx and than to php.
Is it possible in nginx configuration to allow access to a folder only to a list of users?

UPDATE
In nginx the user is stored in $remote_user variable. Is it possible to compare $remote_user with a list of users stored in a file? And then deny or allow access to a folder?

UPDATE
Probably I have to use map directive, for example:

map $remote_user $allowed_user {
    default 0;
    user1   1;
    user2   1;
}

and then test it in the appropriate location:

location /folder/ {
    if($allowed_user != 1){
        return 403;
    }
    proxy_pass http://site;
}

but when I do sudo nginx -t, I receive the following error:

nginx: [emerg] unknown directive "if($allowed_user" in /etc/nginx/nginx.conf:104
nginx: configuration file /etc/nginx/nginx.conf test failed

CodePudding user response：

You can do it via map directive (please note that map translate definitions block should be placed in the http context outside the server block):

map $remote_user $deny
    username1  0;
    username2  0;
    ...
    usernameN  0;
    default    1;
}

server {
    ...
    location /folder/ {
        if ($deny) { return 403; }
        ...
    }
}

You can pre-generate users list in the above form (username1 0; username 2 0; ...) and then include this list to the nginx configuration:

map $remote_user $deny {
    include /path/userlist.txt;
    default 1;
}

Whenever this user list file get changed you'd need to reload nginx configuration (nginx -s reload).