nd 2004/11/05 11:04:16 Modified: docs/manual/mod mod_authnz_ldap.html.en Log: update transformation Revision Changes Path 1.4 +31 -3 httpd-2.0/docs/manual/mod/mod_authnz_ldap.html.en Index: mod_authnz_ldap.html.en =================================================================== RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_authnz_ldap.html.en,v retrieving revision 1.3 retrieving revision 1.4 diff -u -u -r1.3 -r1.4 --- mod_authnz_ldap.html.en 4 Nov 2004 22:14:41 -0000 1.3 +++ mod_authnz_ldap.html.en 5 Nov 2004 19:04:16 -0000 1.4 @@ -112,6 +112,7 @@
require ldap-filter+ directive, and the search filter successfully finds a single user + object that matches the dn of the authenticated user.
ldap-attribute. Other - authorization types may also be used but may require that additional - authorization modules be loaded. +
ldap-filter. Other authorization types may also be + used but may require that additional authorization modules be loaded.
require ldap-attribute city="San Jose" status=active
require ldap-filter directive allows the
+ administrator to grant access based on a complex LDAP search filter.
+ If the dn returned by the filter search matches the authenticated user
+ dn, access is granted.
The following directive would grant access to anyone having a cell phone + and is in the marketing department+ +
require ldap-filter &(cell=*)(department=marketing)
The difference between the
require ldap-filter directive and the
require ldap-attribute directive is that
+ performs a search operation on the LDAP directory using the specified search
+ filter rather than a simple attribute comparison. If a simple attribute
+ comparison is all that is required, the comparison operation performed by
ldap-attribute will be faster than the search operation
+ used by
ldap-filter especially within a large directory.