You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2004/11/10 20:46:15 UTC
cvs commit: httpd-2.0/docs/manual/mod mod_auth_ldap.html.en
nd 2004/11/10 11:46:15
Modified: docs/manual/mod Tag: APACHE_2_0_BRANCH mod_auth_ldap.html.en
Log:
update transformation
Revision Changes Path
No revision
No revision
1.12.2.11 +33 -0 httpd-2.0/docs/manual/mod/Attic/mod_auth_ldap.html.en
Index: mod_auth_ldap.html.en
===================================================================
RCS file: /home/cvs/httpd-2.0/docs/manual/mod/Attic/mod_auth_ldap.html.en,v
retrieving revision 1.12.2.10
retrieving revision 1.12.2.11
diff -u -u -r1.12.2.10 -r1.12.2.11
--- mod_auth_ldap.html.en 21 May 2004 18:44:28 -0000 1.12.2.10
+++ mod_auth_ldap.html.en 10 Nov 2004 19:46:14 -0000 1.12.2.11
@@ -106,6 +106,7 @@
<li><a href="#requser">require user</a></li>
<li><a href="#reqgroup">require group</a></li>
<li><a href="#reqdn">require dn</a></li>
+ <li><a href="#reqattribute">require ldap-attribute</a></li>
</ul>
</li>
@@ -220,6 +221,11 @@
the DN fetched from the LDAP directory (or the username
passed by the client) occurs in the LDAP group.</li>
+ <li>Grant access if there is a <a href="#reqattribute">
+ <code>require ldap-attribute</code></a>
+ directive, and the attribute fetched from the LDAP directory
+ matches the given value.</li>
+
<li>otherwise, deny or decline access</li>
</ul>
@@ -350,6 +356,33 @@
<p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapcomparednonserver">AuthLDAPCompareDNOnServer</a></code>
directive.</p>
+
+
+<h3><a name="reqattribute" id="reqattribute">require ldap-attribute</a></h3>
+
+ <p>The <code>require ldap-attribute</code> directive allows the
+ administrator to grant access based on attributes of the authenticated
+ user in the LDAP directory. If the attribute in the directory
+ matches the value given in the configuration, access is granted.</p>
+
+ <p>The following directive would grant access to anyone with
+ the attribute employeeType = active</p>
+
+ <div class="example"><p><code>require ldap-attribute employeeType=active</code></p></div>
+
+ <p>Multiple attribute/value pairs can be specified on the same line
+ separated by spaces or they can be specified in multiple
+ <code>require ldap-attribute</code> directives. The effect of listing
+ multiple attribute/values pairs is an OR operation. Access will be
+ granted if any of the listed attribute values match the value of a
+ corresponding attribute in the user object. If the value of the
+ attribute contains a space, only the value must be within double quotes.</p>
+
+ <p>The following directive would grant access to anyone with
+ the city attribute equal to "San Jose" or status equal to "Active"</p>
+
+ <div class="example"><p><code>require ldap-attribute city="San Jose" status=active</code></p></div>
+
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">