NAME

Apache::AuthzLDAP - mod_perl LDAP Authorization Module

SYNOPSIS

<Directory /foo/bar>
# Authorization Realm and Type (only Basic supported)
AuthName "Foo Bar Authentication"
AuthType Basic

# Any of the following variables can be set.
# Defaults are listed to the right.
PerlSetVar AuthenBaseDN         o=Foo,c=Bar       # Default: Empty String ("")
PerlSetVar AuthzBaseDN          o=Tivoli Systems  # Default: none
PerlSetVar AuthzGroupAttrType   gid               # Default: cn
PerlSetVar AuthzLDAPServer      ldap.foo.com      # Default: localhost
PerlSetVar AuthzLDAPPort        389               # Default: 389
PerlSetVar AuthzMemberAttrType  uid               # Default: member
PerlSetVar AuthzMemberAttrValue dn                # Default: cn
PerlSetVar AuthzNestedGroups    On                # Default: off
PerlSetVar AuthzUidattrType     userid            # Default: uid

PerlAuthzHandler Apache::AuthzLDAP

require group "My Group" GroupA "Group B"         # Authorize user against
                                                  # multiple groups
</Directory>

DESCRIPTION

Apache::AuthzLDAP is designed to work with mod_perl and Net::LDAP. This module authorizes a user against an LDAP backend. It can be combined with Apache::AuthenLDAP to provide LDAP authentication as well.

CONFIGURATION OPTIONS

The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files.

AuthenBaseDN: The base distinguished name with which to query LDAP for purposes of authentication. By default, the AuthenBaseDN is blank.

AuthzBaseDN: The base distinguished name with which to query LDAP for purposes of authorization. By default, the AuthzBaseDN is blank.

AuthzGroupAttrType: The attribute type name that contains the group's identification. By default, AuthzGroupAttrType is set to cn.

AuthzLDAPServer: The hostname for the LDAP server to query. By default, AuthzLDAPServer is set to localhost.

AuthzLDAPPort: The port on which the LDAP server is listening. By default, AuthzLDAPPort is set to 389.

AuthzMemberAttrType: The attribute type name that contains the group member's identification. By default, AuthzMemberAttrType is set to member.

AuthzMemberAttrValue: The attribute value contained within the AuthzMemberAttrType above. By default, AuthzMemberAttrValue is set to cn.

AuthzNestedGroups: When the AuthzNestedGroups value is on, a recursive group search occurs until the user is found in a group or the deepest group's member list does not contain any groups. By default, AuthzNestedGroups is set to off.

AuthzUidAttrType: The attribute type name that contains the user's identification. By default, AuthzUidAttrType is set to uid.

NOTES

This module has hooks built into it to handle Apache::AuthzCache version 0.02 and higher passing notes to avoid bugs in the set_handlers() method in mod_perl versions 1.2x.

AUTHORS

Jason Bodnar, Christian Gilmore <cgilmore@tivoli.com>

COPYRIGHT

This module is free software; you can redistribute it and/or modify it under the terms of the IBM Public License.

To install Apache::AuthzLDAP, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Apache::AuthzLDAP

CPAN shell

perl -MCPAN -e shell
install Apache::AuthzLDAP

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)