.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{ . if \nF \{ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "AuthzNetLDAP 3pm" .TH AuthzNetLDAP 3pm "2015-09-11" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" Apache::AuthzNetLDAP \- Apache\-Perl module that enables you to authorize a user for Website based on LDAP attributes. .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 7 \& PerlSetVar BindDN "cn=Directory Manager" \& PerlSetVar BindPWD "password" \& PerlSetVar BaseDN "ou=people,o=unt.edu" \& PerlSetVar LDAPServer ldap.unt.edu \& PerlSetVar LDAPPort 389 \& PerlSetVar UIDAttr uid \& #PerlSetVar UIDAttr mail \& \& PerlAuthenHandler Apache::AuthNetLDAP \& PerlAuthzHandler Apache::AuthzNetLDAP \& \& #require valid\-user \& #require user mewilcox \& #require user mewilcox@venus.acs.unt.edu \& #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu" \& #require ldap\-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox \& #require ldap\-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith \& #require ldap\-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse= \&untcoursenumber=1999CCOMM2040001,ou=courses,ou=acad,o=unt.edu .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" After you have authenticated a user (perhaps with Apache::AuthNetLDAP ;) you can use this module to determine whether they are authorized to access the Web resource under this modules control. .PP You can control authorization via one of four methods. The first two are pretty standard, the second two are unique to \s-1LDAP.\s0 .PP \&\*(L"require\*(R" options \*(-- .PP user \-> Will authorize access if the authenticated user's \fIusername\fR. .PP valid-user \-> Will authorize any authenticated user. .PP group \-> Will authorize any authenticated user who is a member of the \s-1LDAP\s0 group specified by \fIgroupdn\fR. This module supports groupOfMember, groupOfUniquemember and Netscape's dynamic group object classes. .PP ldap-url \-> This will authorize any authenticated user who matches the query specified in the given \s-1LDAP URL.\s0 This is enables users to get the flexibility of Netscape's dynamic groups, even if their \s-1LDAP\s0 server does not support such a capability. .SH "CONFIGURATION NOTES" .IX Header "CONFIGURATION NOTES" .Vb 3 \& It is important to note that this module must be used in conjunction with an authentication module. (...? \&Is this true? I just thought, that you might want to only authorize a user, instead of authenticate...) \&If you are using an authentication module, then the following lines will not need to be duplicated: \& \& \& PerlSetVar BindDN "cn=Directory Manager" \& PerlSetVar BindPWD "password" \& PerlSetVar BaseDN "ou=people,o=unt.edu" \& PerlSetVar LDAPServer ldap.unt.edu \& PerlSetVar LDAPPort 389 \& PerlSetVar UIDAttr uid \& #PerlSetVar UIDAttr mail \& \& PerlAuthenHandler Apache::AuthNetLDAP .Ve .PP The following lines will not need to be duplicated if supported by the authentication module: .PP .Vb 7 \& #require valid\-user \& #require user mewilcox \& #require user mewilcox@venus.acs.unt.edu \& #require group "cn=Peoplebrowsers1,ou=UNTGroups,ou=People, o=unt.edu" \& #require ldap\-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=wilcox \& #require ldap\-url ldap://pandora.acs.unt.edu/o=unt.edu??sub?sn=smith \& #require ldap\-url ldap://castor.acs.unt.edu/ou=people,o=unt.edu??sub?untcourse= .Ve .PP Obviously, the ldap-url attribute is probably only support by this module. .PP Check out the following link for options to load the module: .PP http://perl.apache.org/docs/1.0/guide/config.html#The_Startup_File http://perl.apache.org/docs/2.0/user/config/config.html#Startup_File .SH "AUTHOR" .IX Header "AUTHOR" Mark Wilcox mewilcox@unt.edu and Shannon Eric Peevey speeves@unt.edu .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIperl\fR\|(1). .SH "WARRANTY Hey, I didn't destroy mankind when testing the module. You're mileage may vary." .IX Header "WARRANTY Hey, I didn't destroy mankind when testing the module. You're mileage may vary." This module is distributed with the same license as Perl's.