The Lightweight Directory Access Protocol (LDAP) accesses the X.500 directory using text
strings called filters. When these query strings pass to the LDAP server, the server returns the
requested portions of the specified entity.
About this task
LDAP filters use attributes to simplify queries to the LDAP server. For example, you can
use a filter such as "objectclass=person" to limit your query to entities that represent people as
opposed to groups or equipment.
Procedure
- To authorize a user as a member of a group, add the following directive to the
configuration
file:
LDAPRequire group "group_name"
For
example:
LDAPRequire group "Administrative Users"
- To authorize a user by filter, add the following directive to the configuration
file:
LDAPRequire filter "ldap_search_filter"
For example, to enable
access to the resource by a programmer in your
department:
LDAPRequire filter"(&(objectclass=person)(cn=*)(ou=programmer)(o=department))"
Or,
to enable access for John Doe
only:
LDAPRequire filter "(&(objectclass=person)(cn=John Doe))"
![[AIX Solaris HP-UX Linux Windows]](../images/ngdist.svg)