Linux App Finder

This Apache LDAP authentication/authorization module tries to solve the following problems that other such modules may not solve in all cases:

1. Map the short form of the distinguished name of a certificate and its
issuer obtained from the environment of mod_ssl to a user distinguished
name in an LDAP directory.

2. Check the age of a password in an LDAP directory, denying authorization in
case the password is to old.

3. Authorize a user based on roles or an arbitrary LDAP filter expression.

4. Authorize a user based on whether he owns a file or belongs to the group
owning a file. The module can perform an ordinary LDAP authentication
using an LDAP bind call, but is incapable of verifying an SHA1 or crypt
password hash from the directory, as mod_auth_ldap can.

The module also tries to do reduce LDAP connection overhead by caching a connection between requests (one per server record). This is most likely to improve performance in the case of certificate authentication, as for basic authentication a bind to the directory on a new connection is necessary with every request. Future development may add a cache to improve performance.

This package provides the module for Apache 2.0 server.