The Lightweight Directory Access Protocol (LDAP) accesses
the X.500 directory using text strings called filters. When these
query strings pass to the LDAP server, the server returns the requested
portions of the specified entity.
About this task
LDAP filters use attributes to simplify queries to the LDAP
server. For example, you can use a filter such as "objectclass=person"
to limit your query to entities that represent people as opposed to
groups or equipment.
Procedure
- To authorize a user as a member of a group, add the following
directive to the configuration file:
LDAPRequire group "group_name"
For
example:LDAPRequire group "Administrative Users"
- To authorize a user by filter, add the following directive
to the configuration file:
LDAPRequire filter "ldap_search_filter"
For
example, to enable access to the resource by a programmer in your
department:LDAPRequire filter"(&(objectclass=person)(cn=*)(ou=programmer)(o=department))"
Or,
to enable access for John Doe only:LDAPRequire filter "(&(objectclass=person)(cn=John Doe))"