mod_authz_dbd.html.en revision 1f1b6bf13313fdd14a45e52e553d3ff28689b717
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"><head><!--
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder This file is generated from xml source: DO NOT EDIT
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<title>mod_authz_dbd - Apache HTTP Server Version 2.5</title>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<link href="/style/css/manual.css" rel="stylesheet" media="all" type="text/css" title="Main stylesheet" />
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<link href="/style/css/manual-loose-100pc.css" rel="alternate stylesheet" media="all" type="text/css" title="No Sidebar - Default font size" />
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<link href="/style/css/manual-print.css" rel="stylesheet" media="print" type="text/css" /><link rel="stylesheet" type="text/css" href="/style/css/prettify.css" />
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<script src="/style/scripts/prettify.min.js" type="text/javascript">
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<link href="/images/favicon.ico" rel="shortcut icon" /></head>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<p class="apache">Apache HTTP Server Version 2.5</p>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<img alt="" src="/images/feather.gif" /></div>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<div class="up"><a href="./"><img title="<-" alt="<-" src="/images/left.gif" /></a></div>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.5</a> > <a href="./">Modules</a></div>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<div id="preamble"><h1>Apache Module mod_authz_dbd</h1>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<p><span>Available Languages: </span><a href="/en/mod/mod_authz_dbd.html" title="English"> en </a> |
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder<a href="/fr/mod/mod_authz_dbd.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
0678d323bee844db79af13113ae252546629a594Christian Maeder<table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>Group Authorization and Login using SQL</td></tr>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<tr><th><a href="module-dict.html#ModuleIdentifier">Module�Identifier:</a></th><td>authz_dbd_module</td></tr>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<tr><th><a href="module-dict.html#SourceFile">Source�File:</a></th><td>mod_authz_dbd.c</td></tr>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.4 and later</td></tr></table>
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder <p>This module provides authorization capabilities so that
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder authenticated users can be allowed or denied access to portions
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder of the web site by group membership. Similar functionality is
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder provided by <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> and
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>, with the exception that
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder this module queries a SQL database to determine whether a
7b27b67b1c8516d7ccf1610a17fec93662d6a93fChristian Maeder user is a member of a group.</p>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder <p>This module can also provide database-backed user login/logout
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder capabilities. These are likely to be of most value when used
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder in conjunction with <code class="module"><a href="/mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.</p>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder <p>This module relies on <code class="module"><a href="/mod/mod_dbd.html">mod_dbd</a></code> to specify
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder the backend database driver and connection parameters, and
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder manage the database connections.</p>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#login">Database Login</a></li>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#client">Client Login integration</a></li>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#example">Configuration example</a></li>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder<li><img alt="" src="/images/down.gif" /> <a href="#security">Preventing SQL injections</a></li>
02a2037f53b925617df45eb62ca743d777672265Klaus Luettich<li><img alt="" src="/images/down.gif" /> <a href="#authzdbdlogintoreferer">AuthzDBDLoginToReferer</a></li>
02a2037f53b925617df45eb62ca743d777672265Klaus Luettich<li><img alt="" src="/images/down.gif" /> <a href="#authzdbdquery">AuthzDBDQuery</a></li>
02a2037f53b925617df45eb62ca743d777672265Klaus Luettich<li><img alt="" src="/images/down.gif" /> <a href="#authzdbdredirectquery">AuthzDBDRedirectQuery</a></li>
5908cc06d7a3f4dd46d2d7c7fe0fad43b6cd921fChristian Maeder<li><code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code></li>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder <code class="directive"><a href="/mod/mod_authn_dbd.html#authdbduserpwquery">AuthDBDUserPWQuery</a></code>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<li><code class="directive"><a href="/mod/mod_dbd.html#dbdriver">DBDriver</a></code></li>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<li><code class="directive"><a href="/mod/mod_dbd.html#dbdparams">DBDParams</a></code></li>
02a2037f53b925617df45eb62ca743d777672265Klaus Luettich</ul><ul class="seealso"><li><a href="#comments_section">Comments</a></li></ul></div>
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <p>Apache's <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder directives are used during the authorization phase to ensure that
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder a user is allowed to access a resource. mod_authz_dbd extends the
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder authorization types with <code>dbd-group</code>, <code>dbd-login</code> and
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <p>Since v2.4.8, <a href="/expr.html">expressions</a> are supported
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder within the DBD require directives.</p>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<h3><a name="reqgroup" id="reqgroup">Require dbd-group</a></h3>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <p>This directive specifies group membership that is required for the
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder user to gain access.</p>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <pre class="prettyprint lang-config"> Require dbd-group team
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"</pre>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<h3><a name="reqlogin" id="reqlogin">Require dbd-login</a></h3>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <p>This directive specifies a query to be run indicating the user
a255351561838b3743d03c1629d335cfb8b83804Christian Maeder has logged in.</p>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder <pre class="prettyprint lang-config"> Require dbd-login
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"</pre>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<h3><a name="reqlogout" id="reqlogout">Require dbd-logout</a></h3>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <p>This directive specifies a query to be run indicating the user
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder has logged out.</p>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <pre class="prettyprint lang-config"> Require dbd-logout
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s"</pre>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<h2><a name="login" id="login">Database Login</a></h2>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian MaederIn addition to the standard authorization function of checking group
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maedermembership, this module can also provide server-side user session
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maedermanagement via database-backed login/logout capabilities.
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian MaederSpecifically, it can update a user's session status in the database
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maederwhenever the user visits designated URLs (subject of course to users
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maedersupplying the necessary credentials).</p>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<p>This works by defining two special
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> types:
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<code>Require dbd-login</code> and <code>Require dbd-logout</code>.
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian MaederFor usage details, see the configuration example below.</p>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<h2><a name="client" id="client">Client Login integration</a></h2>
91f4f0335ac32768d819e202263f713aef5d7fe6Christian Maeder<p>Some administrators may wish to implement client-side session
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maedermanagement that works in concert with the server-side login/logout
36fcac4cf0f6a1f8a0fee696ac7f4b91d769843cChristian Maedercapabilities offered by this module, for example, by setting or unsetting
0678d323bee844db79af13113ae252546629a594Christian Maederan HTTP cookie or other such token when a user logs in or out.</p>
0678d323bee844db79af13113ae252546629a594Christian Maeder<p>To support such integration, <code class="module"><a href="/mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maederoptional hook that will be run whenever a user's status is updated in
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maederthe database. Other session management modules can then use the hook
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maederto implement functions that start and end client-side sessions.</p>
0678d323bee844db79af13113ae252546629a594Christian Maeder</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
0678d323bee844db79af13113ae252546629a594Christian Maeder<h2><a name="example" id="example">Configuration example</a></h2>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder<pre class="prettyprint lang-config"># mod_dbd configuration
36fcac4cf0f6a1f8a0fee696ac7f4b91d769843cChristian MaederDBDriver pgsql
36fcac4cf0f6a1f8a0fee696ac7f4b91d769843cChristian MaederDBDParams "dbname=apacheauth user=apache pass=xxxxxx"
36fcac4cf0f6a1f8a0fee696ac7f4b91d769843cChristian MaederDBDExptime 300
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder<Directory "/usr/www/my.site/team-private/">
0678d323bee844db79af13113ae252546629a594Christian Maeder # mod_authn_core and mod_auth_basic configuration
0678d323bee844db79af13113ae252546629a594Christian Maeder # for mod_authn_dbd
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder AuthType Basic
b7b2eb9d574f5ed3ac3e9e1d7a5f168ed78a0604Till Mossakowski AuthName Team
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder AuthBasicProvider dbd
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder # mod_authn_dbd SQL query to authenticate a logged-in user
0678d323bee844db79af13113ae252546629a594Christian Maeder AuthDBDUserPWQuery \
0678d323bee844db79af13113ae252546629a594Christian Maeder "SELECT password FROM authn WHERE user = %s AND login = 'true'"
0678d323bee844db79af13113ae252546629a594Christian Maeder # mod_authz_core configuration for mod_authz_dbd
0678d323bee844db79af13113ae252546629a594Christian Maeder Require dbd-group team
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder # mod_authz_dbd configuration
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder # when a user fails to be authenticated or authorized,
0678d323bee844db79af13113ae252546629a594Christian Maeder # invite them to login; this page should provide a link
0678d323bee844db79af13113ae252546629a594Christian Maeder ErrorDocument 401 /login-info.html
0678d323bee844db79af13113ae252546629a594Christian Maeder <Files "login.html">
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder # don't require user to already be logged in!
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
d183a4514d8a5b6a5d48d15a8dff52d0c96691eaChristian Maeder # dbd-login action executes a statement to log user in
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder Require dbd-login
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder # return user to referring page (if any) after
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder # successful login
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder AuthzDBDLoginToReferer On
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder </Files>
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder <Files "logout.html">
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder # dbd-logout action executes a statement to log user out
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder Require dbd-logout
0e2ae85e2453466d03c1fc5884a3d693235bb9d9Christian Maeder AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s"
3ef9708a35cddb7ba66458ad4a065de549ce7db6Till Mossakowski </Files>
0678d323bee844db79af13113ae252546629a594Christian Maeder</Directory></pre>
0678d323bee844db79af13113ae252546629a594Christian Maeder</div><div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
0678d323bee844db79af13113ae252546629a594Christian Maeder<h2><a name="security" id="security">Preventing SQL injections</a></h2>
0678d323bee844db79af13113ae252546629a594Christian Maeder <p>Whether you need to care about SQL security depends on what DBD driver
0678d323bee844db79af13113ae252546629a594Christian Maeder and backend you use. With most drivers you don't have to do anything :
0678d323bee844db79af13113ae252546629a594Christian Maeder the statement is prepared by the database at startup, and user input is
0678d323bee844db79af13113ae252546629a594Christian Maeder used only as data. But you may need to untaint your input. At the time
0678d323bee844db79af13113ae252546629a594Christian Maeder of writing, the only driver that requires you to take care is FreeTDS.</p>
0678d323bee844db79af13113ae252546629a594Christian Maeder <p>Please read <code class="module"><a href="/mod/mod_dbd.html">mod_dbd</a></code> documentation for more information
0678d323bee844db79af13113ae252546629a594Christian Maeder about security on this scope.</p>
0678d323bee844db79af13113ae252546629a594Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
0678d323bee844db79af13113ae252546629a594Christian Maeder<div class="directive-section"><h2><a name="AuthzDBDLoginToReferer" id="AuthzDBDLoginToReferer">AuthzDBDLoginToReferer</a> <a name="authzdbdlogintoreferer" id="authzdbdlogintoreferer">Directive</a></h2>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Determines whether to redirect the Client to the Referring
0678d323bee844db79af13113ae252546629a594Christian Maederpage on successful login or logout if a <code>Referer</code> request
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDLoginToReferer On|Off</code></td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthzDBDLoginToReferer Off</code></td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_dbd</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder <p>In conjunction with <code>Require dbd-login</code> or
0678d323bee844db79af13113ae252546629a594Christian Maeder <code>Require dbd-logout</code>, this provides the option to
0678d323bee844db79af13113ae252546629a594Christian Maeder redirect the client back to the Referring page (the URL in
0678d323bee844db79af13113ae252546629a594Christian Maeder the <code>Referer</code> HTTP request header, if present).
0678d323bee844db79af13113ae252546629a594Christian Maeder When there is no <code>Referer</code> header,
0678d323bee844db79af13113ae252546629a594Christian Maeder <code>AuthzDBDLoginToReferer On</code> will be ignored.</p>
0678d323bee844db79af13113ae252546629a594Christian Maeder<div class="top"><a href="#page-header"><img alt="top" src="/images/up.gif" /></a></div>
0678d323bee844db79af13113ae252546629a594Christian Maeder<div class="directive-section"><h2><a name="AuthzDBDQuery" id="AuthzDBDQuery">AuthzDBDQuery</a> <a name="authzdbdquery" id="authzdbdquery">Directive</a></h2>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specify the SQL Query for the required operation</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDQuery <var>query</var></code></td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_dbd</td></tr>
0678d323bee844db79af13113ae252546629a594Christian Maeder <p>The <code class="directive">AuthzDBDQuery</code> specifies an SQL
0678d323bee844db79af13113ae252546629a594Christian Maeder query to run. The purpose of the query depends on the
0678d323bee844db79af13113ae252546629a594Christian Maeder <code class="directive"><a href="/mod/mod_authz_core.html#require">Require</a></code> directive in
0678d323bee844db79af13113ae252546629a594Christian Maeder <li>When used with a <code>Require dbd-group</code> directive,
0678d323bee844db79af13113ae252546629a594Christian Maeder it specifies a query to look up groups for the current user. This is
0678d323bee844db79af13113ae252546629a594Christian Maeder the standard functionality of other authorization modules such as
0678d323bee844db79af13113ae252546629a594Christian Maeder <code class="module"><a href="/mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> and <code class="module"><a href="/mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.
0678d323bee844db79af13113ae252546629a594Christian Maeder The first column value of each row returned by the query statement
0678d323bee844db79af13113ae252546629a594Christian Maeder should be a string containing a group name. Zero, one, or more rows
0678d323bee844db79af13113ae252546629a594Christian Maeder may be returned.
0678d323bee844db79af13113ae252546629a594Christian Maeder <pre class="prettyprint lang-config">Require dbd-group
0678d323bee844db79af13113ae252546629a594Christian MaederAuthzDBDQuery "SELECT group FROM groups WHERE user = %s"</pre>
0678d323bee844db79af13113ae252546629a594Christian Maeder <li>When used with a <code>Require dbd-login</code> or
0678d323bee844db79af13113ae252546629a594Christian Maeder <code>Require dbd-logout</code> directive, it will never deny access,
0678d323bee844db79af13113ae252546629a594Christian Maeder but will instead execute a SQL statement designed to log the user
0678d323bee844db79af13113ae252546629a594Christian Maeder in or out. The user must already be authenticated with
0678d323bee844db79af13113ae252546629a594Christian Maeder <code class="module"><a href="/mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.
0678d323bee844db79af13113ae252546629a594Christian Maeder <pre class="prettyprint lang-config">Require dbd-login
0678d323bee844db79af13113ae252546629a594Christian MaederAuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"</pre>
0678d323bee844db79af13113ae252546629a594Christian Maeder <p>In all cases, the user's ID will be passed as a single string
0678d323bee844db79af13113ae252546629a594Christian Maeder parameter when the SQL query is executed. It may be referenced within
0678d323bee844db79af13113ae252546629a594Christian Maeder the query statement using a <code>%s</code> format specifier.</p>
<div class="directive-section"><h2><a name="AuthzDBDRedirectQuery" id="AuthzDBDRedirectQuery">AuthzDBDRedirectQuery</a> <a name="authzdbdredirectquery" id="authzdbdredirectquery">Directive</a></h2>
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specify a query to look up a login page for the user</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDRedirectQuery <var>query</var></code></td></tr>
<pre class="prettyprint lang-config">AuthzDBDRedirectQuery "SELECT userpage FROM userpages WHERE user = %s"</pre>
<p><span>Available Languages: </span><a href="/en/mod/mod_authz_dbd.html" title="English"> en </a> |
<a href="/fr/mod/mod_authz_dbd.html" hreflang="fr" rel="alternate" title="Fran�ais"> fr </a></p>
</div><div class="top"><a href="#page-header"><img src="/images/up.gif" alt="top" /></a></div><div class="section"><h2><a id="comments_section" name="comments_section">Comments</a></h2><div class="warning"><strong>Notice:</strong><br />This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed again by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Freenode, or sent to our <a href="http://httpd.apache.org/lists.html">mailing lists</a>.</div>
var comments_identifier = 'http://httpd.apache.org/docs/trunk/mod/mod_authz_dbd.html';
if (w.location.hostname.toLowerCase() == "httpd.apache.org") {
d.write('<div id="comments_thread"><\/div>');
var s = d.createElement('script');
s.type = 'text/javascript';
s.async = true;
s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
(d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
d.write('<div id="comments_thread">Comments are disabled for this page at the moment.<\/div>');
<p class="apache">Copyright 2015 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="/mod/">Modules</a> | <a href="/mod/quickreference.html">Directives</a> | <a href="http://wiki.apache.org/httpd/FAQ">FAQ</a> | <a href="/glossary.html">Glossary</a> | <a href="/sitemap.html">Sitemap</a></p></div><script type="text/javascript"><!--//--><![CDATA[//><!--