Apache::AuthenLDAP - mod_perl LDAP Authentication Module


NAME

Apache::AuthenLDAP - mod_perl LDAP Authentication Module


SYNOPSIS

 <Directory /foo/bar>
 # Authentication Realm and Type (only Basic supported)
 AuthName "Foo Bar Authentication"
 AuthType Basic
 # Any of the following variables can be set.
 # Defaults are listed to the right.
 PerlSetVar AuthenBaseDN      o=Foo,c=Bar  # Default: Empty String ("")
 PerlSetVar AuthenLDAPServer  ldap.foo.com # Default: localhost
 PerlSetVar AuthenLDAPPort    389          # Default: 389 (standard LDAP port)
 PerlSetVar AuthenUidattrType userid       # Default: uid
 PerlAuthenHandler Apache::AuthenLDAP
 require valid-user                        # Any Valid LDAP User
                                           # Matching Attribute and Value
 </Directory>


DESCRIPTION

Apache::AuthenLDAP is designed to work with mod_perl and Net::LDAP. This module authenticates a user against an LDAP backend. It can be combined with Apache::AuthzLDAP to provide LDAP authorization as well.


CONFIGURATION OPTIONS

The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files.

AuthenBaseDN
The base distinguished name with which to query LDAP. By default, the AuthenBaseDN is empty.

AuthenLDAPServer
The hostname for the LDAP server to query. By default, AuthenLDAPServer is set to localhost.

AuthenLDAPPort
The port on which the LDAP server is listening. By default, AuthenLDAPPort is set to 389.

AuthenExpire
Password expiration enablement. By default, AuthenExpire is set to false.

AuthenExpireAttrType
The attribute type name that contains whether or not the password is expired. By default, AuthenExpireAttrType is passwordIsExpired.

AuthenExpireLastModAttrType
The attribute type name that contains the password last modified timestamp in YYYYMMDD format. By default AuthenExpireLastModAttrType is set to passwordModifyTimestamp.

AuthenExpireTime
The time in days at which a password expires. By default, AuthenExpireTime is set to 186.

AuthenExpireRedirect
The location to which you wish to redirect users whose passwords are expired. If this value is left blank, the server will respond with a 401 error.


NOTES

This module has hooks built into it to handle Apache::AuthenCache version 0.04 and higher passing notes to avoid bugs in the set_handlers() method in mod_perl versions 1.2x.


AVAILABILITY

This module is available via CPAN at http://www.cpan.org/modules/by-authors/id/C/CG/CGILMORE/.


AUTHORS

Jason Bodnar, Christian Gilmore <cag@us.ibm.com>


SEE ALSO

httpd(8), ldap(3), mod_perl(1), slapd(8C)


COPYRIGHT

Copyright (C) 2003 International Business Machines Corporation and others. All Rights Reserved.

This module is free software; you can redistribute it and/or modify it under the terms of the IBM Public License.

 Apache::AuthenLDAP - mod_perl LDAP Authentication Module