<p>This directive specifies an LDAP group whose members are
allowed access. It takes the distinguished name of the LDAP
- group. For example, assume that the following entry existed in
+ group. Note: Do not surround the group name with quotes.
+ For example, assume that the following entry existed in
the LDAP directory:</p>
<div class="example"><p><code>
dn: cn=Administrators, o=Airius<br />
<p>The following directive would grant access to both Fred and
Barbara:</p>
-<div class="example"><p><code>require group "cn=Administrators, o=Airius"</code></p></div>
+<div class="example"><p><code>require group cn=Administrators, o=Airius</code></p></div>
<p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></code> and
<code class="directive"><a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></code>
that must match for access to be granted. If the distinguished
name that was retrieved from the directory server matches the
distinguished name in the <code>require dn</code>, then
- authorization is granted.</p>
+ authorization is granted. Note: do not surround the distinguished
+ name with quotes.</p>
<p>The following directive would grant access to a specific
DN:</p>
-<div class="example"><p><code>require dn "cn=Barbara Jenson, o=Airius"</code></p></div>
+<div class="example"><p><code>require dn cn=Barbara Jenson, o=Airius</code></p></div>
<p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapcomparednonserver">AuthLDAPCompareDNOnServer</a></code>
directive.</p>
Grant access to anyone who exists in the LDAP directory,
using their UID for searches.
-<div class="example"><p><code>AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)"<br />
-require valid-user
+<div class="example"><p><code>
+ AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)<br />
+ require valid-user
</code></p></div>
</li>
The next example is the same as above; but with the fields
that have useful defaults omitted. Also, note the use of a
redundant LDAP server.
-<div class="example"><p><code>AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"<br />
+<div class="example"><p><code>AuthLDAPURL ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius<br />
require valid-user
</code></p></div>
</li>
choose an attribute that is guaranteed unique in your
directory, such as <code>uid</code>.
<div class="example"><p><code>
-AuthLDAPURL "ldap://ldap.airius.com/ou=People, o=Airius?cn"<br />
+AuthLDAPURL ldap://ldap.airius.com/ou=People, o=Airius?cn<br />
require valid-user
</code></p></div>
</li>
Grant access to anybody in the Administrators group. The
users must authenticate using their UID.
<div class="example"><p><code>
-AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid"<br />
+AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid<br />
require group cn=Administrators, o=Airius
</code></p></div>
</li>
only to people (authenticated via their UID) who have
alphanumeric pagers:
<div class="example"><p><code>
-AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)"<br />
+AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)<br />
require valid-user
</code></p></div>
</li>
have a pager, but does need to access the same
resource:</p>
<div class="example"><p><code>
-AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))"<br />
+AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))<br />
require valid-user
</code></p></div>
<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
-<!-- $Revision: 1.6.2.11 $ -->
+<!-- $Revision: 1.6.2.12 $ -->
<!--
Copyright 2002-2004 The Apache Software Foundation
<p>This directive specifies an LDAP group whose members are
allowed access. It takes the distinguished name of the LDAP
- group. For example, assume that the following entry existed in
+ group. Note: Do not surround the group name with quotes.
+ For example, assume that the following entry existed in
the LDAP directory:</p>
<example>
dn: cn=Administrators, o=Airius<br />
<p>The following directive would grant access to both Fred and
Barbara:</p>
-<example>require group "cn=Administrators, o=Airius"</example>
+<example>require group cn=Administrators, o=Airius</example>
<p>Behavior of this directive is modified by the <directive
module="mod_auth_ldap">AuthLDAPGroupAttribute</directive> and
that must match for access to be granted. If the distinguished
name that was retrieved from the directory server matches the
distinguished name in the <code>require dn</code>, then
- authorization is granted.</p>
+ authorization is granted. Note: do not surround the distinguished
+ name with quotes.</p>
<p>The following directive would grant access to a specific
DN:</p>
-<example>require dn "cn=Barbara Jenson, o=Airius"</example>
+<example>require dn cn=Barbara Jenson, o=Airius</example>
<p>Behavior of this directive is modified by the <directive
module="mod_auth_ldap">AuthLDAPCompareDNOnServer</directive>
Grant access to anyone who exists in the LDAP directory,
using their UID for searches.
-<example>AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)"<br />
-require valid-user
+<example>
+ AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)<br />
+ require valid-user
</example>
</li>
The next example is the same as above; but with the fields
that have useful defaults omitted. Also, note the use of a
redundant LDAP server.
-<example>AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"<br />
+<example>AuthLDAPURL ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius<br />
require valid-user
</example>
</li>
choose an attribute that is guaranteed unique in your
directory, such as <code>uid</code>.
<example>
-AuthLDAPURL "ldap://ldap.airius.com/ou=People, o=Airius?cn"<br />
+AuthLDAPURL ldap://ldap.airius.com/ou=People, o=Airius?cn<br />
require valid-user
</example>
</li>
Grant access to anybody in the Administrators group. The
users must authenticate using their UID.
<example>
-AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid"<br />
+AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid<br />
require group cn=Administrators, o=Airius
</example>
</li>
only to people (authenticated via their UID) who have
alphanumeric pagers:
<example>
-AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)"<br />
+AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(qpagePagerID=*)<br />
require valid-user
</example>
</li>
have a pager, but does need to access the same
resource:</p>
<example>
-AuthLDAPURL "ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))"<br />
+AuthLDAPURL ldap://ldap.airius.com/o=Airius?uid??(|(qpagePagerID=*)(uid=jmanager))<br />
require valid-user
</example>
<div class="note"><h3>Note</h3>
- <p>Don't bother asking for a for a directive which recursively
+ <p>Don't bother asking for a directive which recursively
caches all the files in a directory. Try this instead... See the
<code class="directive"><a href="../mod/core.html#include">Include</a></code> directive, and consider
this command:</p>
<?xml version="1.0" encoding="EUC-KR"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 1.3.2.4 -->
+<!-- English Revision: 1.3.2.5 -->
<!--
Copyright 2004 The Apache Software Foundation
projects / thirdparty / apache / httpd.git / commitdiff
