10.2.4.9. The mod_authz_ldap Module
Red Hat Enterprise Linux ships with the
mod_authz_ldap
module for the Apache HTTP Server. This module uses the short form of the distinguished name for a subject and the issuer of the client SSL certificate to determine the distinguished name of the user within an LDAP directory. It is also capable of authorizing users based on attributes of that user's LDAP directory entry, determining access to assets based on the user and group privileges of the asset, and denying access for users with expired passwords. The mod_ssl
module is required when using the mod_authz_ldap
module.
Important
The
mod_authz_ldap
module does not authenticate a user to an LDAP directory using an encrypted password hash. This functionality is provided by the experimental mod_auth_ldap
module. Refer to the mod_auth_ldap
module documentation online at http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html for details on the status of this module.
The
/etc/httpd/conf.d/authz_ldap.conf
file configures the mod_authz_ldap
module.
Refer to
/usr/share/doc/mod_authz_ldap-<version>/index.html
(replacing <version> with the version number of the package) or http://authzldap.othello.ch/ for more information on configuring the mod_authz_ldap
third party module.