NAME
Apache2::AuthZLDAP - Authorization module based on LDAP filters or LDAP groups
VERSION
Version 0.02
SYNOPSIS
This module is an authorization handler for Apache 2. Its authorization method relies on openLDAP filters.
CONFIGURATION
This module can work with all authentification module that provides a valid REMOTE_USER env var. For example :
Basic Apache auth
CAS authentication (mod_cas, Apache2::AuthCAS)
Example with CAS authentication :
<VirtualHost 192.168.0.1:80>
## these vars can be initialized outside of directory
PerlSetVar LDAPURI ldap://myldaphost/
PerlSetVar LDAPbaseDN ou=groups,dc=organization,dc=domain
<Directory "/var/www/somewhere">
AuthName CAS
AuthType CAS
## define a filter. [uid] will be replaced by user value on runtime
PerlSetVar LDAPfilter &(member=uid=[uid],ou=people,dc=organization,dc=domain)(cn=admins)
## charging of the module for authZ
PerlAuthzHandler Apache2::AuthZLDAP
require valid-user
</Directory>
</VirtualHost>Configuration Options
# Set to the LDAP URI
# Multiple URIs can be set for failover LDAP servers
# Note: ldaps Defaults to port 636
PerlSetVar LDAPURI ldap://ldaphost1
PerlSetVar LDAPURI ldaps://ldaphost2
PerlSetVar LDAPURI ldap://ldaphost3:1001
# How to handle the certificate verification for ldaps:// URIs
# See start_tls in Net::LDAP for more information
# If you set any of the LDAPSSL* variables, be sure to include only
# ldaps:// URIs. Otherwise the connection will fail.
# (none|optional|require)
PerlSetVar LDAPSSLverify none
# Set to a directory that contains the CA certs
PerlSetVar LDAPSSLcapath /path/to/cadir
# Set to a file that contains the CA cert
PerlSetVar LDAPSSLcafile /path/to/cafile.pem
# Turn on TLS to encrypt a connection
# Note: This is different from ldaps:// connections. ldaps:// specifies
# an LDAP connection totally encapsulated by SSL usually running on a
# different port. TLS tells the LDAP server to encrypt a cleartext ldap://
# connection from the time the start_tls command is issued.
# (yes|no)
PerlSetVar LDAPTLS yes
# How to handle the certificate verification
# See start_tls in Net::LDAP for more information
# (none|optional|require)
PerlSetVar LDAPTLSverify none
# Set to a directory that contains the CA certs
PerlSetVar LDAPTLScapath /path/to/cadir
# Set to a file that contains the CA cert
PerlSetVar LDAPTLScafile /path/to/cafile.pem
# Specifies a user/password to use for the bind
# If LDAPuser is not specified, AuthZLDAP will attempt an anonymous bind
PerlSetVar LDAPuser cn=user,o=org
PerlSetVar LDAPpassword secret
# Sets the LDAP search scope
# (base|one|sub)
# Defaults to sub
PerlSetVar LDAPscope sub
# Defines the search filter
# [uid] will be replaced by the username passed in to AuthZLDAP
PerlSetVar LDAPfilter &(member=uid=[uid],ou=people,dc=organization,dc=domain)(cn=admins)AUTHOR
Dominique Launay, <dominique.launay AT cru.fr> Thanks to David Lowry, <dlowry AT bju.edu> for making the code more readable and improving it.
BUGS
Please report any bugs or feature requests through the web interface at https://sourcesup.cru.fr/tracker/?func=add&group_id=354&atid=1506 I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Apache2::AuthZLDAPACKNOWLEDGEMENTS
COPYRIGHT & LICENSE
Copyright 2007 Dominique Launay, all rights reserved.
This program is released under the following license: GPL
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 260:
You forgot a '=back' before '=head1'