libapache2-mod-webauthldap 4.7.0-4 / usr / share / doc / libapache2-mod-webauthldap / examples / stanford-ldap.conf

This file is indexed.

/usr/share/doc/libapache2-mod-webauthldap/examples/stanford-ldap.conf is in libapache2-mod-webauthldap 4.7.0-4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# Stanford Apache configuration for WebAuth LDAP support.  -*- apache -*-
#
# The following Apache configuration fragment is a sample minimal
# configuration for the WebAuth LDAP support using Stanford's LDAP servers,
# similar to the one given in INSTALL but with comments explaining each step
# of what's going on.
#
# Debian and Ubuntu users should install the packages that come with the
# operating system and follow the configuration instructions in
# /usr/share/doc/libapache2-webauth/README.Debian.gz.
#
# Copyright 2003, 2006, 2009, 2010
#     The Board of Trustees of the Leland Stanford Junior University
#
# Copying and distribution of this file, with or without modification, are
# permitted in any medium without royalty provided the copyright notice and
# this notice are preserved.  This file is offered as-is, without any
# warranty.

# The WebAuth LDAP module is built as a dynamic module by default.  This loads
# it into Apache.
LoadModule webauthldap_module \
    /usr/local/libexec/apache2/modules/mod_webauthldap.so

# Relative (or absolute) path to a keytab that has been authorized to perform
# lookups in the LDAP directory.  A keytab is a file containing one or more
# Kerberos keys.  If yours contains keys for more than one principal, specify
# the principal to use for LDAP access as sthe second argument to this
# directive.
WebAuthLdapKeytab conf/webauth/keytab

# The WebAuth LDAP module maintains a local ticket cache so that it doesn't
# obtain new Kerberos tickets for each lookup.  That ticket cache is stored in
# the file specified by this directive.  The file needs to be writable by the
# Apache server processes.
WebAuthLdapTktCache conf/webauth/krb5cc_ldap

# The following directory settings are specific to Stanford's directory server
# and would need to be changed for other sites.

# Hostname of the LDAP server.  This also determines the principal name of the
# server used for GSS-API authentication.
WebAuthLdapHost ldap.stanford.edu

# Search base for looking up users' entries.
WebAuthLdapBase cn=people,dc=stanford,dc=edu

# LDAP entitlement attribute to use for authorization control.  This is
# expected to be a multi-valued attribute, with each value listing the name of
# a privilege group suitable for a "require privgroup" directive.
WebAuthLdapAuthorizationAttribute suPrivilegeGroup

# Example of how to restrict access to a location and obtain supplemental
# information from LDAP.  If this block were uncommented, URLs under /private
# would only be accessible to people in the stanford:stanford privilege
# group.  Their displayName and mail LDAP attributes would be retrieved and
# made availabe in WEBAUTH_LDAP_DISPLAYNAME and WEBAUTH_LDAP_MAIL environment
# variables.  See the mod_webauthldap documentation for more information.
#
#<Location /private>
#   AuthType WebAuth
#   require privgroup stanford:stanford
#   WebAuthLdapAttribute displayName
#   WebAuthLdapAttribute mail
#</Location>

# Example of enabling legacy WebAuth 2.x compatibility.  If this block were
# uncommented, URLs under /legacy would only be accessible to people in the
# stanford:stanford privilege group and LDAP information would be available
# using the environment variable names that WebAuth 2.x used.
#
#<Location /legacy>
#   AuthType StanfordAuth
#   require group stanford:stanford
#</Location>

APT Browse - Built by Thomas Orozco.