An Apache LDAP Authorization module
This file documents version 0.30 of the
News
What it doesThis Apache LDAP authentication/authorization module tries to solve the following problems that other such modules may not solve in all cases:
bind call, but is incapable of verifying an SHA1 or crypt
password hash from the directory, as mod_auth_ldap can.
The module also tries to do reduce LDAP connection overhead by caching a connection between requests (one per server record). This is most likely to improve performance in the case of certificate authentication, as for basic authentication a bind to the directory on a new connection is necessary with every request. Future development may add a cache to improve performance. Version 0.8 added the ability to use the cache built into some client libraries, most notably OpenLDAP. However, it turned out that the cache for OpenLDAP 2.0.7 does not work, and only causes Apache to dump out the contents of BER buffers instead of authenticating users.
Of course there are other modules that perform LDAP authentication. Not mentionning them here does not mean that they are insignificant, quite the contrary is true. But as far as I know, none of these alternatives does either certificate mapping or password aging. Open Issues, TODOs
SupportIf you run into problems with mod_authz_ldap, you should first try the online documentation. Starting with 0.20, a mailing list has been set up, send a message containing the line subscribe your-email-address(optional)to authzldap@lists.othello.ch. Finally, you can always try to contact the author directly. LicenseThis module is distributed under the terms of the Apache License, please check the LICENSE file in your apache distribution or the COPYING file of the mod_authz_ldap distribution for the exact terms of the license. In particular, the following disclaimer applies: THIS SOFTWARE IS PROVIDED BY ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||||||||
© Dr. Andreas Müller, Beratung und Entwicklung. |