Apache2::AuthZLDAP - Authorization module based on LDAP filters or LDAP groups
Version 0.02
This module is an authorization handler for Apache 2. Its authorization method relies on openLDAP filters.
This module can work with all authentification module that provides a valid REMOTE_USER env var. For example :
Basic Apache auth
CAS authentication (mod_cas, Apache2::AuthCAS)
Example with CAS authentication :
<VirtualHost 192.168.0.1:80> ## these vars can be initialized outside of directory PerlSetVar LDAPURI ldap://myldaphost/ PerlSetVar LDAPbaseDN ou=groups,dc=organization,dc=domain <Directory "/var/www/somewhere"> AuthName CAS AuthType CAS ## define a filter. [uid] will be replaced by user value on runtime PerlSetVar LDAPfilter &(member=uid=[uid],ou=people,dc=organization,dc=domain)(cn=admins) ## charging of the module for authZ PerlAuthzHandler Apache2::AuthZLDAP require valid-user </Directory> </VirtualHost>
# Set to the LDAP URI # Multiple URIs can be set for failover LDAP servers # Note: ldaps Defaults to port 636 PerlSetVar LDAPURI ldap://ldaphost1 PerlSetVar LDAPURI ldaps://ldaphost2 PerlSetVar LDAPURI ldap://ldaphost3:1001 # How to handle the certificate verification for ldaps:// URIs # See start_tls in Net::LDAP for more information # If you set any of the LDAPSSL* variables, be sure to include only # ldaps:// URIs. Otherwise the connection will fail. # (none|optional|require) PerlSetVar LDAPSSLverify none # Set to a directory that contains the CA certs PerlSetVar LDAPSSLcapath /path/to/cadir # Set to a file that contains the CA cert PerlSetVar LDAPSSLcafile /path/to/cafile.pem # Turn on TLS to encrypt a connection # Note: This is different from ldaps:// connections. ldaps:// specifies # an LDAP connection totally encapsulated by SSL usually running on a # different port. TLS tells the LDAP server to encrypt a cleartext ldap:// # connection from the time the start_tls command is issued. # (yes|no) PerlSetVar LDAPTLS yes # How to handle the certificate verification # See start_tls in Net::LDAP for more information # (none|optional|require) PerlSetVar LDAPTLSverify none # Set to a directory that contains the CA certs PerlSetVar LDAPTLScapath /path/to/cadir # Set to a file that contains the CA cert PerlSetVar LDAPTLScafile /path/to/cafile.pem # Specifies a user/password to use for the bind # If LDAPuser is not specified, AuthZLDAP will attempt an anonymous bind PerlSetVar LDAPuser cn=user,o=org PerlSetVar LDAPpassword secret # Sets the LDAP search scope # (base|one|sub) # Defaults to sub PerlSetVar LDAPscope sub # Defines the search filter # [uid] will be replaced by the username passed in to AuthZLDAP PerlSetVar LDAPfilter &(member=uid=[uid],ou=people,dc=organization,dc=domain)(cn=admins)
Dominique Launay, <dominique.launay AT cru.fr> Thanks to David Lowry, <dlowry AT bju.edu> for making the code more readable and improving it.
<dominique.launay AT cru.fr>
<dlowry AT bju.edu>
Please report any bugs or feature requests through the web interface at https://sourcesup.cru.fr/tracker/?func=add&group_id=354&atid=1506 I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
You can find documentation for this module with the perldoc command.
perldoc Apache2::AuthZLDAP
Copyright 2007 Dominique Launay, all rights reserved.
This program is released under the following license: GPL
1 POD Error
The following errors were encountered while parsing the POD:
You forgot a '=back' before '=head1'
To install Apache2::AuthZLDAP, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Apache2::AuthZLDAP
CPAN shell
perl -MCPAN -e shell install Apache2::AuthZLDAP
For more information on module installation, please visit the detailed CPAN module installation guide.