1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
|
mod_ldap_userdir v1.1.11
=======================
mod_ldap_userdir is a module that enables the Apache web server to look up
user home directories (for /~user URLs) from an LDAP directory.
Sections:
1. Author
2. Licensing
3. How do I install and set up mod_ldap_userdir?
4. Changes
5. To Do
6. Thanks
=========
1. Author
=========
John Morrissey, <jwm@horde.net>,
http://horde.net/~jwm/software/mod_ldap_userdir/. Feedback is much
appreciated. If you're using mod_ldap_userdir successfully, are having
problems getting mod_ldap_userdir up and running at your site, or have some
code improvements or ideas for development, please let me know!
============
2. Licensing
============
mod_ldap_userdir is licensed under the GPL, with an exception to allow for
linking against OpenSSL:
The linking of mod_ldap_userdir with OpenSSL is allowed. You may distribute
the resulting executable without including the source code for OpenSSL in
the source distribution.
================================================
3. How do I install and set up mod_ldap_userdir?
================================================
* gzip -dc mod_ldap_userdir-1.1.11.tar.gz | tar xf -
* cd mod_ldap_userdir-1.1.11
* ./configure --with-activate
* make
* make install
If the installation fails and you manually copy mod_userdir_ldap.so into
place, you will need to add something like:
LoadModule ldap_userdir_module modules/mod_ldap_userdir.so
to your httpd.conf.
* If your LDAP server runs OpenLDAP 1.x, you need to add the posixAccount
schema definition. Add the contents of posixAccount-objectclass to your
slapd.oc.conf and restart your LDAP server. OpenLDAP 2.x (and most other
LDAP servers) ship with this schema predefined.
* The 'user-ldif' file contains a sample user ldif. Modify it to your liking
and say ldapadd -D your-root-dn -w your-root-dn-password < ldif
* You are *strongly* encouraged to read up on the LDAP config-file
directives in the DIRECTIVES file, included with the distribution.
At bare minimum, you'll need LDAPUserDir and LDAPUserDirBaseDN directives.
If you are not binding anonymously to your LDAP server, you must also
include LDAPUserDirDNInfo.
A set of basic mod_ldap_userdir configuration directives would look like:
LDAPUserDir public_html
LDAPUserDirDNInfo cn=your-dn,dc=example,dc=com dnpass
LDAPUserDirBaseDN ou=People,dc=example,dc=com
Of course, you will need to update these configuration directives with
the proper values for your environment.
==========
4. Changes
==========
v1.1.11:
* Add LDAPProtocolVersion directive to specify the LDAP protocol version
to use. The LDAP protocol version now defaults to LDAPv3 instead of
LDAPv2. Thanks to Aaron Brace <abrace@metrocastcablevision.com> for
the patch.
* Fetch the user's canonical username (as returned by the LDAP directory)
to pass to suEXEC instead of passing the username as received in the URL.
Thanks to Aaron Brace <abrace@metrocastcablevision.com> for the patch.
* The previous change also removes the LDAPUserDirHomeAttribute directive
in favor of the new LDAPAttribute directive. To migrate your previous
configuration, change:
LDAPUserDirHomeAttribute username
to:
LDAPAttribute uid username
More information on LDAPAttribute is in DIRECTIVES.
* Fix libldap/liblber autodetection when using --with-sdk-headers and/or
--with-sdk-libdir configure options. Thanks to Daniel Lark
<dlark@viaccess.net> for the bug report.
* No longer require GNU make.
v1.1.10:
* Apache 2.2 support. Thanks to Hiroto Kagotani <hiroto.kagotani@gmail.com>
and Takeshi Inagaki <ts-inagaki@kmn.co.jp> for reporting this.
* Refined LDAP over TLS support. Thanks to Hiroto Kagotani
<hiroto.kagotani@gmail.com> and Takeshi Inagaki <ts-inagaki@kmn.co.jp>
for reporting problems when building in non-TLS mode.
* Sun/Solaris LDAP SDK support. Thanks to Takeshi Inagaki
<ts-inagaki@kmn.co.jp> for reporting this.
* Better sanity checking of the timeout value. Thanks to Italo Foppiano
Reyes <ifoppian@udec.cl> for reporting a problem with this.
v1.1.9:
* Add LDAPUserDirServerURL directive, which takes a single LDAP URL
argument. Suggested by Fabien Picarougne
<fabien.picarougne@polytech.univ-nantes.fr>.
* Register a configuration merge handler so directives from the main
server (outside a VirtualHost) are merged down and treated as overridable
defaults inside VirtualHosts. Errant behavior reported by Alexander Perlis
<alexanderperlis@yahoo.com>.
* Fix building with Apache1.
* Build system improvements:
* Build with LDAP TLS support automatically, if present.
* Use proper build path to mod_ldap_userdir.so with Apache2 builds.
* Improve autoconf usage.
* Drop autoconf support for Netscape LDAP SDK. autoconf support for it was
broken, and I can't find anyone still using it.
v1.1.8:
* Add caching support (with accompanying LDAPUserDirCacheTimeout directive),
reducing the number of LDAP searches that need to be performed.
v1.1.7:
* Add LDAPUserDirHomeAttribute attribute instead of depending on a
build-time change to switch the homeDirectory attribute's name, loosely
based on code by O'Shaughnessy Evans <shaug@wumpus.org>.
* Now running module/child init handlers for Apache 2, too.
* Remove child exit handler; I can't find a good way to replicate this
with Apache 2's hooks and it's not really necessary anyway, since the
connection will be closed on child exit.
v1.1.6:
* Fix Apache 2-ism that crept into v1.1.5. Tohru Murakami
<murakami-toru.nospam@nexs.nec.co.jp> and Jerome Spenlehauer
<j.spenlehauer@calixo.net>.
v1.1.5:
* Add suexec hooks for Apache 2, contributed by Marc Lewis <marc@blarg.net>.
v1.1.4:
* Fixed bug that prevented startup if LDAPUserDirSearchScope was configured.
v1.1.3:
* Fixed Apache2-isms that crept into 1.1.2.
v1.1.2:
* Update the mod_ldap_userdir version added by ap_add_version_component.
* Build fixes for Netware and Win32 by Guenter Knauf <gk@gknw.de>.
* Support for wildcards and redirection by Shyokou Ouyou
<shyokou@scientist.com>.
v1.1.1:
* Compilation fix for platforms that don't define TRUE in their headers.
v1.1:
* Apache 2.x support. Thanks to Shane Boulter (sboulter at ariasolutions dot
com) for providing an account with which I could implement Apache 2.x
support.
* Improved build system.
* Got rid of dependency on ldap_build_filter(), which will fix builds against
OpenLDAP 2.1.x, Novell eDirectory and a couple others.
* Postcard-ware licensing addition.
v1.0.1:
* Fixed a couple hard-coded references to the "homeDirectory" attr. (Thanks
to Christian Zoffoli [czoffoli at xmerlin dot org] for pointing this out.)
v1.0:
* Initial revision of standalone module. mod_ldap_userdir includes the same
functionality as apache-userdirldap 1.5 and adds TLS/SSL support for
connections to the LDAP server.
========
5. To Do
========
* Currently, nothing.
=========
6. Thanks
=========
* Everyone who's downloaded, used, and/or offered feedback.
|
