LDAPUsers

Name

LDAPUsers -- Enable LDAP authentication/user lookups

Synopsis

LDAPUsers [ "user-base-dn" ] [ "username-filter-template" ] [ "uid-number-filter-template" ]

Default

disabled

Context

server config, <VirtualHost>, <Global>

Module

mod_ldap

Compatibility

mod_ldap v2.9.0 and later

Description

Activates LDAP authentication and UID to name mappings in directory listings.

The first argument is the LDAP base DN to use for user lookups. During authentication, %u will be replaced with the username that is being authenticated. When looking up users by UID number, %u will not be replaced. Usually, %u in the base DN is only useful in "virtual user" environments, since mod_ldap won't be able to look up other users.

The second argument is the search filter template for looking up users by username; %u will be replaced with the username that is being authenticated.

The third argument is the search filter template for looking up users by UID number; %u will be replaced with the UID number that is being looked up.

The default search filter templates are:

username-filter-template: "(uid=%u)(objectclass=posixAccount))", uid-number-filter-template: "(uidNumber=%u)(objectclass=posixAccount))",

The attribute names used in the default search filters are taken from the LDAPAttr directive, so if you re-map an attribute, the default search filter reflects that re-mapping.

See also

LDAPAttr

Examples