httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erikab...@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod mod_auth_ldap.html.en mod_ldap.html.en mod_ldap.xml
Date Tue, 18 Feb 2003 22:56:35 GMT
erikabele    2003/02/18 14:56:35

  Modified:    docs/manual/mod mod_auth_ldap.html.en mod_ldap.html.en
                        mod_ldap.xml
  Log:
  Fixed missing </p> + transformation.
  
  Revision  Changes    Path
  1.19      +5 -33     httpd-2.0/docs/manual/mod/mod_auth_ldap.html.en
  
  Index: mod_auth_ldap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_ldap.html.en,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- mod_auth_ldap.html.en	23 Jan 2003 13:32:20 -0000	1.18
  +++ mod_auth_ldap.html.en	18 Feb 2003 22:56:35 -0000	1.19
  @@ -32,7 +32,8 @@
   
       <ul>
         <li>Known to support the <a href="http://www.openldap.org/">OpenLDAP
SDK</a> (both 1.x
  -      and 2.x), and the <a href="http://www.iplanet.com/downloads/developer/">iPlanet
  +      and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">
  +      Novell LDAP SDK</a> and the <a href="http://www.iplanet.com/downloads/developer/">iPlanet
         (Netscape)</a> SDK.</li>
   
         <li>Complex authorization policies can be implemented by
  @@ -45,7 +46,7 @@
         <li>Uses extensive caching of LDAP operations via <a href="mod_ldap.html">mod_ldap</a>.</li>
   
         <li>Support for LDAP over SSL (requires the Netscape SDK) or
  -      TLS (requires the OpenLDAP 2.x SDK).</li>
  +      TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).</li>
       </ul>
   </div>
   <div id="quickview"><h3 class="directives">Directives</h3>
  @@ -61,7 +62,6 @@
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#authldapstarttls">AuthLDAPStartTLS</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li>
   </ul>
   <h3>Topics</h3>
  @@ -444,23 +444,12 @@
   <div class="section">
   <h2><a name="usingtls" id="usingtls">Using TLS</a></h2>
   
  -    <p>To use TLS, simply set the <code class="directive"><a href="#authldapstarttls">AuthLDAPStartTLS</a></code>
to on.
  -    Nothing else needs to be done (other than ensure that your LDAP
  -    server is configured for TLS).</p>
  +    <p>To use TLS, see the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
directives <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedca">LDAPTrustedCA</a></code>
and <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedcatype">LDAPTrustedCAType</a></code>.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="section">
   <h2><a name="usingssl" id="usingssl">Using SSL</a></h2>
   
  -    <p>If <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code>
is linked against the
  -    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
  -    unless that server has a certificate signed by a known Certificate
  -    Authority. As part of the configuration
  -    <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code>
needs to be told where it can find
  -    a database containing the known CAs. This database is in the same
  -    format as Netscape Communicator's <code>cert7.db</code>
  -    database. The easiest way to get this file is to start up a fresh
  -    copy of Netscape, and grab the resulting
  -    <code>$HOME/.netscape/cert7.db</code> file.</p>
  +    <p>To use SSL, see the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
directives <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedca">LDAPTrustedCA</a></code>
and <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedcatype">LDAPTrustedCAType</a></code>.</p>
   
       <p>To specify a secure LDAP server, use <em>ldaps://</em> in the
       <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>
  @@ -758,23 +747,6 @@
       distinguished name of the authenticated user, rather than just
       the username that was passed by the client. It is turned off by
       default.</p>
  -
  -</div>
  -<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  -<div class="directive-section"><h2><a name="AuthLDAPStartTLS" id="AuthLDAPStartTLS">AuthLDAPStartTLS</a>
<a name="authldapstarttls" id="authldapstarttls">Directive</a></h2>
  -<table class="directive">
  -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use
a secure TLS connection to the LDAP server</td></tr>
  -<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPStartTLS
on|off</code></td></tr>
  -<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPStartTLS
off</code></td></tr>
  -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory,
.htaccess</td></tr>
  -<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
  -<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  -<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_ldap</td></tr>
  -</table>
  -    <p>If this directive is set to <code>on</code>,
  -    <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code>
will start a secure TLS session
  -    after connecting to the LDAP server. This requires your LDAP
  -    server to support TLS.</p>
   
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  
  
  
  1.12      +85 -19    httpd-2.0/docs/manual/mod/mod_ldap.html.en
  
  Index: mod_ldap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_ldap.html.en,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- mod_ldap.html.en	11 Dec 2002 21:18:10 -0000	1.11
  +++ mod_ldap.html.en	18 Feb 2003 22:56:35 -0000	1.12
  @@ -38,21 +38,30 @@
       apr-util. This is achieved by adding the <code>--with-ldap</code>
       flag to the <code>./configure</code> script when building
       Apache.</p>
  +
  +    <p>SSL support requires that <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
be linked
  +    with one of the following LDAP SDKs: <a href="http://www.openldap.org/">
  +    OpenLDAP SDK</a> (both 1.x and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">
  +    Novell LDAP SDK</a> or the <a href="http://www.iplanet.com/downloads/developer/">
  +    iPlanet(Netscape)</a> SDK.</p>
  +
   </div>
   <div id="quickview"><h3 class="directives">Directives</h3>
   <ul id="toc">
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapcacheentries">LDAPCacheEntries</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapcachettl">LDAPCacheTTL</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#ldapcertdbpath">LDAPCertDBPath</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcacheentries">LDAPOpCacheEntries</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcachettl">LDAPOpCacheTTL</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachesize">LDAPSharedCacheSize</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedca">LDAPTrustedCA</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedcatype">LDAPTrustedCAType</a></li>
   </ul>
   <h3>Topics</h3>
   <ul id="topics">
   <li><img alt="" src="../images/down.gif" /> <a href="#exampleconfig">Example
Configuration</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#pool">LDAP Connection
Pool</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#cache">LDAP Cache</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#usingssltls">Using
SSL</a></li>
   </ul></div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="section">
  @@ -184,6 +193,51 @@
         information each time, depending on which <code>httpd</code>
         instance processes the request.</p>
       
  +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  +<div class="section">
  +<h2><a name="usingssltls" id="usingssltls">Using SSL</a></h2>
  +
  +    <p>The ability to create an SSL connections to an LDAP server 
  +    is defined by the directives <code class="directive"><a href="#&#10; 
  ldaptrustedca">
  +    LDAPTrustedCA</a></code> and <code class="directive"><a href="#&#10;
   ldaptrustedcatype">
  +    LDAPTrustedCAType</a></code>. These directives specify the certificate
  +    file or database and the certificate type. Whenever the LDAP url
  +    includes <em>ldaps://</em>, <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
will establish
  +    a secure connection to the LDAP server.</p>
  +
  +    <div class="example"><p><code>
  +      # Establish an SSL LDAP connection. Requires that <br />
  +      # mod_ldap and mod_auth_ldap be loaded. Change the <br />
  +      # "yourdomain.example.com" to match your domain.<br />
  +      <br />
  +      LDAPTrustedCA /certs/certfile.der<br />
  +      LDAPTrustedCAType DER_FILE<br />
  +      <br />
  +      &lt;Location /ldap-status&gt;<br />
  +      <span class="indent">
  +        SetHandler ldap-status<br />
  +        Order deny,allow<br />
  +        Deny from all<br />
  +        Allow from yourdomain.example.com<br />
  +        AuthLDAPEnabled on<br />
  +        AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
  +        AuthLDAPAuthoritative on<br />
  +        require valid-user<br />
  +      </span>
  +      &lt;/Location&gt;
  +    </code></p></div>
  +
  +    <p>If <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
is linked against the
  +    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
  +    unless that server has a certificate signed by a known Certificate
  +    Authority. As part of the configuration
  +    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
needs to be told where it can find
  +    a database containing the known CAs. This database is in the same
  +    format as Netscape Communicator's <code>cert7.db</code>
  +    database. The easiest way to get this file is to start up a fresh
  +    copy of Netscape, and grab the resulting
  +    <code>$HOME/.netscape/cert7.db</code> file.</p>
  +
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="directive-section"><h2><a name="LDAPCacheEntries" id="LDAPCacheEntries">LDAPCacheEntries</a>
<a name="ldapcacheentries" id="ldapcacheentries">Directive</a></h2>
  @@ -217,24 +271,6 @@
   
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  -<div class="directive-section"><h2><a name="LDAPCertDBPath" id="LDAPCertDBPath">LDAPCertDBPath</a>
<a name="ldapcertdbpath" id="ldapcertdbpath">Directive</a></h2>
  -<table class="directive">
  -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory
containing certificates for SSL support</td></tr>
  -<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCertDBPath
<var>directory-path</var></code></td></tr>
  -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
  -<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  -<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
  -</table>
  -    <p>This directive is only valid if Apache has been linked
  -    against the Netscape/iPlanet Directory SDK.</p>
  -
  -    <p>It specifies in which directory <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
  -    should look for the certificate authorities database for SSL
  -    support. There should be a file named <code>cert7.db</code> in that
  -    directory.</p>
  -
  -</div>
  -<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a>
<a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
   <table class="directive">
   <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number
of entries used to cache LDAP compare 
  @@ -277,6 +313,36 @@
   </table>
       <p>Specifies the number of bytes to specify for the shared
       memory cache. The default is 100kb.</p>
  +
  +</div>
  +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  +<div class="directive-section"><h2><a name="LDAPTrustedCA" id="LDAPTrustedCA">LDAPTrustedCA</a>
<a name="ldaptrustedca" id="ldaptrustedca">Directive</a></h2>
  +<table class="directive">
  +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets
the file containing the trusted Certificate Authority certificate or database</td></tr>
  +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCA
<var>directory-path/filename</var></code></td></tr>
  +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
  +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
  +</table>
  +    <p>It specifies the directory path and file name of the trusted CA
  +    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
should use when establishing an SSL
  +    connection to an LDAP server. If using the Netscape/iPlanet Directory
  +    SDK, the file name should be <code>cert7.db</code>.</p>
  +
  +</div>
  +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  +<div class="directive-section"><h2><a name="LDAPTrustedCAType" id="LDAPTrustedCAType">LDAPTrustedCAType</a>
<a name="ldaptrustedcatype" id="ldaptrustedcatype">Directive</a></h2>
  +<table class="directive">
  +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies
the type of the Certificate Authority file</td></tr>
  +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCAType
<var>type</var></code></td></tr>
  +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
  +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
  +</table>
  +    <p>The following types are supported:<br />
  +          DER_FILE      - file in binary DER format<br />
  +          BASE64_FILE   - file in Base64 format<br />
  +          CERT7_DB_PATH - Netscape certificate database file ")</p>
   
   </div>
   </div>
  
  
  
  1.5       +2 -2      httpd-2.0/docs/manual/mod/mod_ldap.xml
  
  Index: mod_ldap.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_ldap.xml,v
  retrieving revision 1.4
  retrieving revision 1.5
  diff -u -r1.4 -r1.5
  --- mod_ldap.xml	18 Feb 2003 22:21:24 -0000	1.4
  +++ mod_ldap.xml	18 Feb 2003 22:56:35 -0000	1.5
  @@ -171,7 +171,7 @@
       LDAPTrustedCAType</directive>. These directives specify the certificate
       file or database and the certificate type. Whenever the LDAP url
       includes <em>ldaps://</em>, <module>mod_ldap</module> will
establish
  -    a secure connection to the LDAP server.
  +    a secure connection to the LDAP server.</p>
   
       <example>
         # Establish an SSL LDAP connection. Requires that <br />
  @@ -307,4 +307,4 @@
   </usage>
   </directivesynopsis>
   
  -</modulesynopsis>
  \ No newline at end of file
  +</modulesynopsis>
  
  
  

Mime
View raw message