Apache Server Information

Module Name: mod_authnz_ldap.c
Content handlers: none
Configuration Phase Participation: Create Directory Config
Request Phase Participation: none
Module Directives:: AuthLDAPURL - URL to define LDAP connection. This should be an RFC 2255 compliant URL of the form ldap://host[:port]/basedn[?attrib[?scope[?filter]]]. <ul> <li>Host is the name of the LDAP server. Use a space separated list of hosts to specify redundant servers. <li>Port is optional, and specifies the port to connect to. <li>basedn specifies the base DN to start searches from <li>Attrib specifies what attribute to search for in the directory. If not provided, it defaults to uid. <li>Scope is the scope of the search, and can be either sub or one. If not provided, the default is sub. <li>Filter is a filter to use in the search. If not provided, defaults to (objectClass=*). </ul> Searches are performed using the attribute and the filter combined. For example, assume that the LDAP URL is ldap://ldap.airius.com/ou=People, o=Airius?uid?sub?(posixid=*). Searches will be done using the filter (&((posixid=*))(uid=username)), where username is the user name passed by the HTTP client. The search will be a subtree search on the branch ou=People, o=Airius.; AuthLDAPBindDN - DN to use to bind to LDAP server. If not provided, will do an anonymous bind.; AuthLDAPBindPassword - Password to use to bind to LDAP server. If not provided, will do an anonymous bind.; AuthLDAPBindAuthoritative - Set to 'on' to return failures when user-specific bind fails - defaults to on.; AuthLDAPRemoteUserIsDN - Set to 'on' to set the REMOTE_USER environment variable to be the full DN of the remote user. By default, this is set to off, meaning that the REMOTE_USER variable will contain whatever value the remote user sent.; AuthLDAPRemoteUserAttribute - Override the user supplied username and place the contents of this attribute in the REMOTE_USER environment variable.; AuthLDAPCompareDNOnServer - Set to 'on' to force auth_ldap to do DN compares (for the "require dn" directive) using the server, and set it 'off' to do the compares locally (at the expense of possible false matches). See the documentation for a complete description of this option.; AuthLDAPSubGroupAttribute - Attribute labels used to define sub-group (or nested group) membership in groups - defaults to member and uniqueMember; AuthLDAPSubGroupClass - LDAP objectClass values used to identify sub-group instances - defaults to groupOfNames and groupOfUniqueNames; AuthLDAPMaxSubGroupDepth - Maximum subgroup nesting depth to be evaluated - defaults to 10 (top-level group = 0); AuthLDAPGroupAttribute - A list of attribute labels used to identify the user members of groups - defaults to member and uniquemember; AuthLDAPGroupAttributeIsDN - If set to 'on', auth_ldap uses the DN that is retrieved from the server forsubsequent group comparisons. If set to 'off', auth_ldap uses the stringprovided by the client directly. Defaults to 'on'.; AuthLDAPDereferenceAliases - Determines how aliases are handled during a search. Can be one of thevalues "never", "searching", "finding", or "always". Defaults to always.; AuthLDAPCharsetConfig - Character set conversion configuration file. If omitted, character setconversion is disabled.; AuthLDAPAuthorizePrefix - The prefix to add to environment variables set during successful authorization, default 'AUTHORIZE_'; AuthLDAPInitialBindAsUser - Set to 'on' to perform the initial DN lookup with the basic auth credentials instead of anonymous or hard-coded credentials; AuthLDAPInitialBindPattern - The regex and substitution to determine a username that can bind based on an HTTP basic auth username; AuthLDAPSearchAsUser - Set to 'on' to perform authorization-based searches with the users credentials, when this module has also performed authentication. Does not affect nested groups lookup.; AuthLDAPCompareAsUser - Set to 'on' to perform authorization-based compares with the users credentials, when this module has also performed authentication. Does not affect nested groups lookups.
Current Configuration: