<IfDefine HAVE_AUTHNZ_LDAP> <IfModule !mod_authnz_ldap.c> LoadModule authnz_ldap_module modules/mod_authnz_ldap.so </IfModule> </IfDefine> <IfModule mod_authnz_ldap.c> # AuthLDAPURL - URL to define LDAP connection. This should be an RFC 2255 complaint URL of the form # ldap://host[:port]/basedn[?attrib[?scope[?filter]]]. # * Host is the name of the LDAP server. Use a space separated list of hosts to specify redundant servers. # * Port is optional, and specifies the port to connect to. # * basedn specifies the base DN to start searches from # * Attrib specifies what attribute to search for in the directory. If not provided, it defaults to uid. # * Scope is the scope of the search, and can be either sub or one. If not provided, the default is sub. # * Filter is a filter to use in the search. If not provided, defaults to (objectClass=*). # #AuthLDAPURL "ldaps://localhost/dc=example,dc=com?uid" #AuthLDAPURL ldaps://127.0.0.1:636/dc=example,dc=com?uid?one #AuthLDAPURL ... # Searches are performed using the attribute and the filter combined. For example, assume that the LDAP URL is # ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*). Searches will be done using the filter # (&((posixid=*))(uid=username)), where username is the user name passed by the HTTP client. The search will be # a subtree search on the branch ou=People, o=Airius. # AuthLDAPBindDN - DN to use to bind to LDAP server. If not provided, will do an anonymous bind. #AuthLDAPBindDN ... # AuthLDAPBindPassword - Password to use to bind to LDAP server. If not provided, will do an anonymous bind. #AuthLDAPBindPassword ... # AuthLDAPRemoteUserIsDN - Set to 'on' to set the REMOTE_USER environment variable to be the full DN of the # remote user. By default, this is set to off, meaning that the REMOTE_USER variable will contain whatever value # the remote user sent. #AuthLDAPRemoteUserIsDN off # AuthzLDAPAuthoritative - Set to 'off' to allow access control to be passed along to lower modules if the UserID # and/or group is not known to this module #AuthzLDAPAuthoritative on # AuthLDAPCompareDNOnServer - Set to 'on' to force auth_ldap to do DN compares (for the "require dn" directive) # using the server, and set it 'off' to do the compares locally (at the expense of possible false matches). See # the documentation for a complete description of this option. #AuthLDAPCompareDNOnServer on # AuthLDAPGroupAttribute - A list of attributes used to define group membership - defaults to member and # uniquemember #AuthLDAPGroupAttribute ... # AuthLDAPGroupAttributeIsDN - If set to 'on', auth_ldap uses the DN that is retrieved from the server # forsubsequent group comparisons. If set to 'off', auth_ldap uses the stringprovided by the client directly. # Defaults to 'on'. #AuthLDAPGroupAttributeIsDN on # AuthLDAPDereferenceAliases - Determines how aliases are handled during a search. Can bo one of thevalues # "never", "searching", "finding", or "always". Defaults to always. #AuthLDAPDereferenceAliases Always # AuthLDAPCharsetConfig - Character set conversion configuration file. If omitted, character setconversion is # disabled. #AuthLDAPCharsetConfig ... </IfModule>