Editing the ibmproxy.conf file to enable the PAC-LDAP authorization module

Three directives, ServerInit, Authorization or Authentication, and ServerTerm must be added to the API directives section of the ibmproxy.conf file to initialize the PAC-LDAP authorization module. To create these directives, either manually edit the ibmproxy.conf file, or if the proxy server is already running, connect to the Configuration and Administration forms with an Internet browser and open the API Request Processing form (Click Server Configuration -> Request Processing-> API Request Processing). Each directive must appear on a single line in the proxy configuration file, regardless of whether or not the examples given in this section contain line breaks for clarity.

Note that prototype directives (in the form of comments) are given in the API section of the ibmproxy.conf file. These API directives are in a purposeful order. When adding API directives to enable new features and plug-in modules, order the directives as shown in the prototype section of the configuration file. Alternatively, uncomment and edit, if necessary, API directives to include support for each desired function or plug-in.

The ServerInit directive has three arguments: (1) the fully qualified path of the shared library, (2) the function call, and (3) the fully qualified path of the paccp.conf file. The first and second arguments are delimited by a colon (:). The second and third arguments are delimited by a space. The first and third arguments are system specific and depend on where the plug-in components are installed. The second argument is hard-coded into the shared library and must be typed exactly as shown. When creating a ServerInit directive using the API Request Processing form, both the second and third arguments must be entered in the Function Name field. The third argument is displayed in the IP Template column.

The Authorization directive has three arguments: (1) a request template, (2) the fully qualified path of the shared library, and (3) the function name. HTTP requests are compared to the request template to determine whether the application function is called. The request template can include a protocol, domain, and host; can be preceded by a slash (/); and can use an asterisk (*) as a wildcard. For example, /front_page.html , http://www.ics.raleigh.ibm.com , /pub*, /*, and * are all valid. The function name is the name given to your application function within the program. It is hard coded and must be typed exactly as shown. The first two arguments are delimited by a space. The last two arguments are delimited by a colon (:).

The Authentication directive has two arguments: (1) the fully qualified path of the shared library and (2) the function name. These arguments are delimited by a colon (:). The first argument is system specific and depends on where the shared library is installed. The URL template for the first argument must start at the document root (/) when using Caching Proxy as a reverse proxy. The second argument is hard-coded into the shared library and must be typed exactly as shown.

The ServerTerm directive has two arguments: (1) the fully qualified path of the shared library and (2) the function name. These arguments are delimited by a colon (:). The first argument is system specific and depends on where the shared library is installed. The second argument is hard-coded into the shared library and must be typed exactly as shown. This directive terminates the PAC daemon when the proxy server shuts down. If the owner of the daemon is different from the owner of the proxy server, the proxy server might be unable to stop the daemon, in which case an administrator must manually stop the daemon.

ServerInit path_of_shared_library:pacwte_auth_init path_of_conf_policy_file

Linux and UNIX example:

ServerInit /usr/lib/libpacwte.so:pacwte_auth_init /etc/pac.conf

Windows example:

ServerInit C:\Progra ~1\IBM\edge\cp\lib\plugins\
  pac\pacwte.dll:pacwte_auth_init C:\Progra ~1\IBM\edge\cp
Authorization request-template path_of_shared_library:pacwte_auth_policy

Linux and UNIX example:

Authorization http://* /usr/lib/libpacwte.so:pacwte_auth_policy

Windows example:

Authorization http://* C:\Program Files\IBM\edge\cp\lib\plugins\
  pac\pacwte.dll:pacwte_auth_policy
Authentication BASIC path_of_shared_library:pacwte_auth_policy

Linux and UNIX example:

Authentication BASIC /usr/lib/plugins/pac/libpacwte.so:pacwte_auth_policy

Windows example:

Authentication BASIC C:\Program Files\IBM\edge\cp\lib\plugins\
  pac\pacwte.dll:pacwte_auth_policy
ServerTerm path_of_shared_library:pacwte_shutdown

Linux and UNIX example:

ServerTerm /usr/lib/libpacwte.so:pacwte_shutdown

Windows example:

ServerTerm BASIC C:\Program Files\IBM\edge\cp\lib\plugins\
  pac\bin\pacwte.dll:pacwte_shutdown