                     _                _   _             _     _
 _ __ ___   ___   __| |    __ _ _   _| |_| |__  ____   | | __| | __ _ _ __
| '_ ` _ \ / _ \ / _` |   / _` | | | | __| '_ \|_  /   | |/ _` |/ _` | '_ \
| | | | | | (_) | (_| |  | (_| | |_| | |_| | | |/ /    | | (_| | (_| | |_) |
|_| |_| |_|\___/ \__,_|___\__,_|\__,_|\__|_| |_/___|___|_|\__,_|\__,_| .__/
                     |_____|                      |_____|            |_|

The Apache mod_authz_ldap module
--------------------------------

The mod_authz_ldap module consists an authorization handler that uses
an LDAP server as the basis for authorizations. In particular, it is
designed to perform authorization in the following situations:

1a. Map a distinguished name from a certificate to the distinguished 
    name in the directory. The new distinguished name can then be used
    decide about group membership of the user.

1b. Check whether a user has a userCertificate attribute with the
    client certificate supplied by the SSL connection as value.

2.  Verify a user's basic authentication credentials against an LDAP
    directory using a bind call (whereas mod_auth_ldap is capable of
    verifying a password hash read from the directory directly).

3.  Check group membership of a user using the require group
    directive.

4.  Check last modification timestamp of user, using a require age 
    directive with the maximum age as parameter.

Configuation Details are in the docs subdirectory.

--
Andreas Mueller, <afm@othello.ch>, July 7, 2000
$Id: README,v 1.3 2001/08/25 22:42:58 afm Exp $
