LDAPGroups

Name

LDAPGroups --  Enable LDAP lookups for user group membership and GIDs in directory listings

Synopsis

LDAPGroups [ "group-base-dn" ] [ "group-name-filter-template" ] [ "gid-number-filter-template" ] [ "member-user-filter-template" ]

Default

disabled

Context

server config, <VirtualHost>, <Global>

Module

mod_ldap

Compatibility

mod_ldap v2.9.0 and later

Description

Activates LDAP group membership lookups and GID to name mappings in directory listings.

The first argument is the LDAP base DN to use for group lookups. The second through fourth arguments are search filter templates; %u will be replaced with the group name, GID number, or group member username that is being looked up, respectively.

The default search filter templates are:

group-name-filter-template: "(cn=%u)(objectclass=posixGroup))", gid-number-filter-template: "(gidNumber=%u)(objectclass=posixGroup))", member-user-filter-template: "(memberUid=%u)(objectclass=posixGroup))".

The attribute names used in the default search filters are taken from the LDAPAttr directive, so if you re-map an attribute, the default search filter reflects that re-mapping.

See also

LDAPAttr

Examples