You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2004/11/10 20:46:15 UTC

cvs commit: httpd-2.0/docs/manual/mod mod_auth_ldap.html.en

nd          2004/11/10 11:46:15

  Modified:    docs/manual/mod Tag: APACHE_2_0_BRANCH mod_auth_ldap.html.en
  Log:
  update transformation
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.12.2.11 +33 -0     httpd-2.0/docs/manual/mod/Attic/mod_auth_ldap.html.en
  
  Index: mod_auth_ldap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/Attic/mod_auth_ldap.html.en,v
  retrieving revision 1.12.2.10
  retrieving revision 1.12.2.11
  diff -u -u -r1.12.2.10 -r1.12.2.11
  --- mod_auth_ldap.html.en	21 May 2004 18:44:28 -0000	1.12.2.10
  +++ mod_auth_ldap.html.en	10 Nov 2004 19:46:14 -0000	1.12.2.11
  @@ -106,6 +106,7 @@
             <li><a href="#requser">require user</a></li>
             <li><a href="#reqgroup">require group</a></li>
             <li><a href="#reqdn">require dn</a></li>
  +          <li><a href="#reqattribute">require ldap-attribute</a></li>
           </ul>
         </li>
   
  @@ -220,6 +221,11 @@
         the DN fetched from the LDAP directory (or the username
         passed by the client) occurs in the LDAP group.</li>
   
  +      <li>Grant access if there is a <a href="#reqattribute">
  +      <code>require ldap-attribute</code></a> 
  +      directive, and the attribute fetched from the LDAP directory
  +      matches the given value.</li> 
  +
         <li>otherwise, deny or decline access</li>
       </ul>
   
  @@ -350,6 +356,33 @@
   
       <p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapcomparednonserver">AuthLDAPCompareDNOnServer</a></code>
       directive.</p>
  +
  +
  +<h3><a name="reqattribute" id="reqattribute">require ldap-attribute</a></h3>
  +
  +    <p>The <code>require ldap-attribute</code> directive allows the
  +    administrator to grant access based on attributes of the authenticated
  +    user in the LDAP directory.  If the attribute in the directory
  +    matches the value given in the configuration, access is granted.</p>
  +    
  +    <p>The following directive would grant access to anyone with
  +    the attribute employeeType = active</p>
  +
  +    <div class="example"><p><code>require ldap-attribute employeeType=active</code></p></div>
  +
  +    <p>Multiple attribute/value pairs can be specified on the same line
  +    separated by spaces or they can be specified in multiple 
  +    <code>require ldap-attribute</code> directives. The effect of listing 
  +    multiple attribute/values pairs is an OR operation. Access will be 
  +    granted if any of the listed attribute values match the value of a 
  +    corresponding attribute in the user object. If the value of the 
  +    attribute contains a space, only the value must be within double quotes.</p>
  +
  +    <p>The following directive would grant access to anyone with
  +    the city attribute equal to "San Jose" or status equal to "Active"</p>
  +
  +    <div class="example"><p><code>require ldap-attribute city="San Jose" status=active</code></p></div>
  +
   
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
   <div class="section">