LDAP and LDAP authentication modulesSER CVS as off January 18, 2007 Generic LDAPi module that handles connection to the ldap server and exports a simple API to interact with the server. Also, a LDAP authentication module that uses the API exported from the generic LDAP module. Save the patchfile to the directory with the file to patch, then (having that directory as current) use the command 'patch -p0 < patchfile.txt' LDAPi module configuration: modparam("ldap", "ldap_version", 3) <= optional, possible values are 1, 2 or 3 modparam("ldap", "ldap_url", "ldap://localhost:389") <== optional, defaults to "ldap://localhost", ldaps connections require ldap_version >= 2 modparam("ldap", "ldap_bind_dn", "cn=user,dc=example,dc=org") <== required modparam("ldap", "ldap_bind_password", "secret") <== required modparam("ldap", "ldap_tls", 1) <== optional, possible values are 1 (use start TLS) or 0 (do not use start TLS). Start TLS requires ldap_version = 3 and the use of a non ldaps connection url like "ldap://fqdn". The fqdn must match the CN of the certificate used by the server. LDAP authentication module modparam("auth_ldap", "ldap_auth_base_dn", "ou=users,dc=example,dc=org") <== required, searchs in the directory will be based on this DN modparam("auth_ldap", "ldap_auth_objectClass", "posixAccount") <== optional, used to search the directory. (objectClass=posixAccount) modparam("auth_ldap", "ldap_auth_user_attribute", "uid") <== required, used to search the directory. (uid=xxx) modparam("auth_ldap", "ldap_auth_realm_attribute", "someAttribute") <== optional, used to search the directory. (someAttribute=sample.org) modparam("auth_ldap", "ldap_auth_did_attribute", "someAttribute2") <== optional, used to search the directory. (someAttribute2=did1) modparam("auth_ldap", "ldap_auth_passwd_attribute", "attr") <== optional, attribute that stores the user password in plain text modparam("auth_ldap", "ldap_auth_ha1_attribute", "attr") <== optional, attribute that stores the HA1(username:realm:password) The ldap_auth_passwd_attribute and ldap_auth_ha1_attribute parameters are exclusive, you need to specify only one of them Using the authentication module: ldap_www_authenticate("realm") ldap_proxy_authenticate("realm")
|
Navigation |