The Lightweight Directory Access Protocol (LDAP) accesses the X.500
directory using text strings called filters. When these query strings pass
to the LDAP server, the server returns the requested portions of the specified
entity.
Sobre Esta Tarefa
LDAP filters use attributes to simplify queries to the LDAP server.
For example, you can use a filter such as "objectclass=person" to limit your
query to entities that represent people as opposed to groups or equipment.
Procedimento
- To authorize a user as a member of a group, add the following directive
to the configuration file:
LDAPRequire group "group_name"
For
example:LDAPRequire group "Administrative Users"
- To authorize a user by filter, add the following directive to the
configuration file:
LDAPRequire filter "ldap_search_filter"
For
example, to enable access to the resource by a programmer in your department:LDAPRequire filter"(&(objectclass=person)(cn=*)(ou=programmer)(o=department))"
Or, to enable access for John Doe only:LDAPRequire filter "(&(objectclass=person)(cn=John Doe))"