NAME

Apache::AuthenLDAP - mod_perl LDAP Authentication Module

SYNOPSIS

 <Directory /foo/bar>
 # Authentication Realm and Type (only Basic supported)
 AuthName "Foo Bar Authentication"
 AuthType Basic

 # Any of the following variables can be set.
 # Defaults are listed to the right.
 PerlSetVar AuthenBaseDN      o=Foo,c=Bar  # Default: Empty String ("")
 PerlSetVar AuthenLDAPServer  ldap.foo.com # Default: localhost
 PerlSetVar AuthenLDAPPort    389          # Default: 389 (standard LDAP port)
 PerlSetVar AuthenUidattrType userid       # Default: uid

 PerlAuthenHandler Apache::AuthenLDAP

 require valid-user                        # Any Valid LDAP User
                                           # Matching Attribute and Value
 </Directory>

DESCRIPTION

Apache::AuthenLDAP is designed to work with mod_perl and Net::LDAP. This module authenticates a user against an LDAP backend. It can be combined with Apache::AuthzLDAP to provide LDAP authorization as well.

CONFIGURATION OPTIONS

The following variables can be defined within the configuration of Directory, Location, or Files blocks or within .htaccess files.

AuthenBaseDN

The base distinguished name with which to query LDAP. By default, the AuthenBaseDN is empty.

AuthenLDAPServer

The hostname for the LDAP server to query. By default, AuthenLDAPServer is set to localhost.

AuthenLDAPPort

The port on which the LDAP server is listening. By default, AuthenLDAPPort is set to 389.

AuthenExpire

Password expiration enablement. By default, AuthenExpire is set to false.

AuthenExpireAttrType

The attribute type name that contains whether or not the password is expired. By default, AuthenExpireAttrType is passwordIsExpired.

AuthenExpireLastModAttrType

The attribute type name that contains the password last modified timestamp in YYYYMMDD format. By default AuthenExpireLastModAttrType is set to passwordModifyTimestamp.

AuthenExpireTime

The time in days at which a password expires. By default, AuthenExpireTime is set to 186.

AuthenExpireRedirect

The location to which you wish to redirect users whose passwords are expired. If this value is left blank, the server will respond with a 401 error.

NOTES

This module has hooks built into it to handle Apache::AuthenCache version 0.04 and higher passing notes to avoid bugs in the set_handlers() method in mod_perl versions 1.2x.

AVAILABILITY

This module is available via CPAN at http://www.cpan.org/modules/by-authors/id/C/CG/CGILMORE/.

AUTHORS

Jason Bodnar, Christian Gilmore <cag@us.ibm.com>

SEE ALSO

httpd(8), ldap(3), mod_perl(1), slapd(8C)

COPYRIGHT

Copyright (C) 2003 International Business Machines Corporation and others. All Rights Reserved.

This module is free software; you can redistribute it and/or modify it under the terms of the IBM Public License.