Extension:LDAP Authorization

The LDAP Authorization extension implements the PluggableAuth  hook to provide authorization using LDAP.

Configuration parameters
can hold an array of arrays of arbitrary depth representing a complex set of rules to determine user authorization. Each array may hold three types of keys:

For example, the following rule will authorize any user whose employee status is active and is either in department 100 or 200 or has a level of 5 or 6:

$LDAPAuthorization_Rules = array(	"&" => array ( "status" => "active", "|" => array (			"department" => array ( "100",				"200"			),			"level" => array ( "5",				"6"			)		)	) };

The top level array is assumed to have the operator AND by default, so the configuration array above may be simplified to:

$LDAPAuthorization_Rules = array(	"status" => "active",	"|" => array ( "department" => array (			"100",			"200"		), "level" => array (			"5",			"6"		) ) };