Commit 1bffe3b3 authored by Andre Malo's avatar Andre Malo
Browse files

update transformation 


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105747 13f79535-47bb-0310-9956-ffa450edef68
parent 7e3b6d38

docs/manual/mod/mod_auth_ldap.html.en

+33 −0
Original line number Original line Diff line number Diff line
@@ -106,6 +106,7 @@ for HTTP Basic authentication.</td></tr> 
          <li><a href="#requser">require user</a></li>

          <li><a href="#requser">require user</a></li>

          <li><a href="#reqgroup">require group</a></li>

          <li><a href="#reqgroup">require group</a></li>

          <li><a href="#reqdn">require dn</a></li>

          <li><a href="#reqdn">require dn</a></li>

          <li><a href="#reqattribute">require ldap-attribute</a></li>

        </ul>

        </ul>

      </li>

      </li>
@@ -220,6 +221,11 @@ for HTTP Basic authentication.</td></tr> 
      the DN fetched from the LDAP directory (or the username

      the DN fetched from the LDAP directory (or the username

      passed by the client) occurs in the LDAP group.</li>

      passed by the client) occurs in the LDAP group.</li>





      <li>Grant access if there is a <a href="#reqattribute">

      <code>require ldap-attribute</code></a> 

      directive, and the attribute fetched from the LDAP directory

      matches the given value.</li> 



      <li>otherwise, deny or decline access</li>

      <li>otherwise, deny or decline access</li>

    </ul>

    </ul>
@@ -351,6 +357,33 @@ uniqueMember: cn=Fred User, o=Airius<br /> 
    <p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapcomparednonserver">AuthLDAPCompareDNOnServer</a></code>

    <p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapcomparednonserver">AuthLDAPCompareDNOnServer</a></code>

    directive.</p>

    directive.</p>







<h3><a name="reqattribute" id="reqattribute">require ldap-attribute</a></h3>



    <p>The <code>require ldap-attribute</code> directive allows the

    administrator to grant access based on attributes of the authenticated

    user in the LDAP directory.  If the attribute in the directory

    matches the value given in the configuration, access is granted.</p>

    

    <p>The following directive would grant access to anyone with

    the attribute employeeType = active</p>



    <div class="example"><p><code>require ldap-attribute employeeType=active</code></p></div>



    <p>Multiple attribute/value pairs can be specified on the same line

    separated by spaces or they can be specified in multiple 

    <code>require ldap-attribute</code> directives. The effect of listing 

    multiple attribute/values pairs is an OR operation. Access will be 

    granted if any of the listed attribute values match the value of a 

    corresponding attribute in the user object. If the value of the 

    attribute contains a space, only the value must be within double quotes.</p>



    <p>The following directive would grant access to anyone with

    the city attribute equal to "San Jose" or status equal to "Active"</p>



    <div class="example"><p><code>require ldap-attribute city="San Jose" status=active</code></p></div>





</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>

<div class="section">

<div class="section">

<h2><a name="examples" id="examples">Examples</a></h2>

<h2><a name="examples" id="examples">Examples</a></h2>