Querying the LDAP server

The LDAP (LDAP) accesses the X.500 directory using text strings called filters. When these query strings pass to the LDAP server, the server returns the requested portions of the specified entity.

 

Overview

LDAP filters use attributes to simplify queries to the LDAP server. For example, we can use a filter such as "objectclass=person" to limit your query to entities that represent people as opposed to groups or equipment.

 

Procedure

• To authorize a user as a member of a group, add the following directive to the configuration file:

   LDAPRequire group "group_name"
  
  

  For example:

  LDAPRequire group "Administrative Users"
  
  

• To authorize a user by filter, add the following directive to the configuration file:

  LDAPRequire filter "ldap_search_filter"
  
  

  For example, to enable access to the resource by a programmer in our department:

  LDAPRequire filter"(&(objectclass=person)(cn=*)(ou=programmer)(o=department))"
  
  

  Or, to enable access for John Doe only:

  LDAPRequire filter "(&(objectclass=person)(cn=John Doe))"
  
  

---

 

Related concepts

LDAP

 

Related tasks

Authenticating with LDAP on IBM HTTP Server (Distributed systems)