httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From erikab...@apache.org
Subject cvs commit: httpd-2.0/docs/manual/mod mod_auth_ldap.html.en mod_ldap.html.en
Date Mon, 10 Mar 2003 18:22:26 GMT
erikabele    2003/03/10 10:22:26

  Modified:    docs/manual/mod Tag: APACHE_2_0_BRANCH mod_auth_ldap.html.en
                        mod_ldap.html.en
  Log:
  Update transformations.
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.12.2.6  +5 -33     httpd-2.0/docs/manual/mod/mod_auth_ldap.html.en
  
  Index: mod_auth_ldap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_ldap.html.en,v
  retrieving revision 1.12.2.5
  retrieving revision 1.12.2.6
  diff -u -r1.12.2.5 -r1.12.2.6
  --- mod_auth_ldap.html.en	23 Jan 2003 13:31:23 -0000	1.12.2.5
  +++ mod_auth_ldap.html.en	10 Mar 2003 18:22:26 -0000	1.12.2.6
  @@ -32,7 +32,8 @@
   
       <ul>
         <li>Known to support the <a href="http://www.openldap.org/">OpenLDAP
SDK</a> (both 1.x
  -      and 2.x), and the <a href="http://www.iplanet.com/downloads/developer/">iPlanet
  +      and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">
  +      Novell LDAP SDK</a> and the <a href="http://www.iplanet.com/downloads/developer/">iPlanet
         (Netscape)</a> SDK.</li>
   
         <li>Complex authorization policies can be implemented by
  @@ -45,7 +46,7 @@
         <li>Uses extensive caching of LDAP operations via <a href="mod_ldap.html">mod_ldap</a>.</li>
   
         <li>Support for LDAP over SSL (requires the Netscape SDK) or
  -      TLS (requires the OpenLDAP 2.x SDK).</li>
  +      TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).</li>
       </ul>
   </div>
   <div id="quickview"><h3 class="directives">Directives</h3>
  @@ -61,7 +62,6 @@
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#authldapstarttls">AuthLDAPStartTLS</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li>
   </ul>
   <h3>Topics</h3>
  @@ -444,23 +444,12 @@
   <div class="section">
   <h2><a name="usingtls" id="usingtls">Using TLS</a></h2>
   
  -    <p>To use TLS, simply set the <code class="directive"><a href="#authldapstarttls">AuthLDAPStartTLS</a></code>
to on.
  -    Nothing else needs to be done (other than ensure that your LDAP
  -    server is configured for TLS).</p>
  +    <p>To use TLS, see the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
directives <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedca">LDAPTrustedCA</a></code>
and <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedcatype">LDAPTrustedCAType</a></code>.</p>
   </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="section">
   <h2><a name="usingssl" id="usingssl">Using SSL</a></h2>
   
  -    <p>If <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code>
is linked against the
  -    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
  -    unless that server has a certificate signed by a known Certificate
  -    Authority. As part of the configuration
  -    <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code>
needs to be told where it can find
  -    a database containing the known CAs. This database is in the same
  -    format as Netscape Communicator's <code>cert7.db</code>
  -    database. The easiest way to get this file is to start up a fresh
  -    copy of Netscape, and grab the resulting
  -    <code>$HOME/.netscape/cert7.db</code> file.</p>
  +    <p>To use SSL, see the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
directives <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedca">LDAPTrustedCA</a></code>
and <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedcatype">LDAPTrustedCAType</a></code>.</p>
   
       <p>To specify a secure LDAP server, use <em>ldaps://</em> in the
       <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>
  @@ -755,23 +744,6 @@
       distinguished name of the authenticated user, rather than just
       the username that was passed by the client. It is turned off by
       default.</p>
  -
  -</div>
  -<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  -<div class="directive-section"><h2><a name="AuthLDAPStartTLS" id="AuthLDAPStartTLS">AuthLDAPStartTLS</a>
<a name="authldapstarttls" id="authldapstarttls">Directive</a></h2>
  -<table class="directive">
  -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use
a secure TLS connection to the LDAP server</td></tr>
  -<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPStartTLS
on|off</code></td></tr>
  -<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPStartTLS
off</code></td></tr>
  -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory,
.htaccess</td></tr>
  -<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
  -<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  -<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_ldap</td></tr>
  -</table>
  -    <p>If this directive is set to <code>on</code>,
  -    <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code>
will start a secure TLS session
  -    after connecting to the LDAP server. This requires your LDAP
  -    server to support TLS.</p>
   
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  
  
  
  1.9.2.2   +85 -19    httpd-2.0/docs/manual/mod/mod_ldap.html.en
  
  Index: mod_ldap.html.en
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_ldap.html.en,v
  retrieving revision 1.9.2.1
  retrieving revision 1.9.2.2
  diff -u -r1.9.2.1 -r1.9.2.2
  --- mod_ldap.html.en	11 Dec 2002 22:13:52 -0000	1.9.2.1
  +++ mod_ldap.html.en	10 Mar 2003 18:22:26 -0000	1.9.2.2
  @@ -38,21 +38,30 @@
       apr-util. This is achieved by adding the <code>--with-ldap</code>
       flag to the <code>./configure</code> script when building
       Apache.</p>
  +
  +    <p>SSL support requires that <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
be linked
  +    with one of the following LDAP SDKs: <a href="http://www.openldap.org/">
  +    OpenLDAP SDK</a> (both 1.x and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">
  +    Novell LDAP SDK</a> or the <a href="http://www.iplanet.com/downloads/developer/">
  +    iPlanet(Netscape)</a> SDK.</p>
  +
   </div>
   <div id="quickview"><h3 class="directives">Directives</h3>
   <ul id="toc">
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapcacheentries">LDAPCacheEntries</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapcachettl">LDAPCacheTTL</a></li>
  -<li><img alt="" src="../images/down.gif" /> <a href="#ldapcertdbpath">LDAPCertDBPath</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcacheentries">LDAPOpCacheEntries</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcachettl">LDAPOpCacheTTL</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachesize">LDAPSharedCacheSize</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedca">LDAPTrustedCA</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedcatype">LDAPTrustedCAType</a></li>
   </ul>
   <h3>Topics</h3>
   <ul id="topics">
   <li><img alt="" src="../images/down.gif" /> <a href="#exampleconfig">Example
Configuration</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#pool">LDAP Connection
Pool</a></li>
   <li><img alt="" src="../images/down.gif" /> <a href="#cache">LDAP Cache</a></li>
  +<li><img alt="" src="../images/down.gif" /> <a href="#usingssltls">Using
SSL</a></li>
   </ul></div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="section">
  @@ -184,6 +193,51 @@
         information each time, depending on which <code>httpd</code>
         instance processes the request.</p>
       
  +</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  +<div class="section">
  +<h2><a name="usingssltls" id="usingssltls">Using SSL</a></h2>
  +
  +    <p>The ability to create an SSL connections to an LDAP server 
  +    is defined by the directives <code class="directive"><a href="#&#10; 
  ldaptrustedca">
  +    LDAPTrustedCA</a></code> and <code class="directive"><a href="#&#10;
   ldaptrustedcatype">
  +    LDAPTrustedCAType</a></code>. These directives specify the certificate
  +    file or database and the certificate type. Whenever the LDAP url
  +    includes <em>ldaps://</em>, <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
will establish
  +    a secure connection to the LDAP server.</p>
  +
  +    <div class="example"><p><code>
  +      # Establish an SSL LDAP connection. Requires that <br />
  +      # mod_ldap and mod_auth_ldap be loaded. Change the <br />
  +      # "yourdomain.example.com" to match your domain.<br />
  +      <br />
  +      LDAPTrustedCA /certs/certfile.der<br />
  +      LDAPTrustedCAType DER_FILE<br />
  +      <br />
  +      &lt;Location /ldap-status&gt;<br />
  +      <span class="indent">
  +        SetHandler ldap-status<br />
  +        Order deny,allow<br />
  +        Deny from all<br />
  +        Allow from yourdomain.example.com<br />
  +        AuthLDAPEnabled on<br />
  +        AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
  +        AuthLDAPAuthoritative on<br />
  +        require valid-user<br />
  +      </span>
  +      &lt;/Location&gt;
  +    </code></p></div>
  +
  +    <p>If <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
is linked against the
  +    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
  +    unless that server has a certificate signed by a known Certificate
  +    Authority. As part of the configuration
  +    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
needs to be told where it can find
  +    a database containing the known CAs. This database is in the same
  +    format as Netscape Communicator's <code>cert7.db</code>
  +    database. The easiest way to get this file is to start up a fresh
  +    copy of Netscape, and grab the resulting
  +    <code>$HOME/.netscape/cert7.db</code> file.</p>
  +
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="directive-section"><h2><a name="LDAPCacheEntries" id="LDAPCacheEntries">LDAPCacheEntries</a>
<a name="ldapcacheentries" id="ldapcacheentries">Directive</a></h2>
  @@ -217,24 +271,6 @@
   
   </div>
   <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  -<div class="directive-section"><h2><a name="LDAPCertDBPath" id="LDAPCertDBPath">LDAPCertDBPath</a>
<a name="ldapcertdbpath" id="ldapcertdbpath">Directive</a></h2>
  -<table class="directive">
  -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory
containing certificates for SSL support</td></tr>
  -<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCertDBPath
<var>directory-path</var></code></td></tr>
  -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
  -<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  -<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
  -</table>
  -    <p>This directive is only valid if Apache has been linked
  -    against the Netscape/iPlanet Directory SDK.</p>
  -
  -    <p>It specifies in which directory <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
  -    should look for the certificate authorities database for SSL
  -    support. There should be a file named <code>cert7.db</code> in that
  -    directory.</p>
  -
  -</div>
  -<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
   <div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a>
<a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
   <table class="directive">
   <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number
of entries used to cache LDAP compare 
  @@ -277,6 +313,36 @@
   </table>
       <p>Specifies the number of bytes to specify for the shared
       memory cache. The default is 100kb.</p>
  +
  +</div>
  +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  +<div class="directive-section"><h2><a name="LDAPTrustedCA" id="LDAPTrustedCA">LDAPTrustedCA</a>
<a name="ldaptrustedca" id="ldaptrustedca">Directive</a></h2>
  +<table class="directive">
  +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets
the file containing the trusted Certificate Authority certificate or database</td></tr>
  +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCA
<var>directory-path/filename</var></code></td></tr>
  +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
  +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
  +</table>
  +    <p>It specifies the directory path and file name of the trusted CA
  +    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
should use when establishing an SSL
  +    connection to an LDAP server. If using the Netscape/iPlanet Directory
  +    SDK, the file name should be <code>cert7.db</code>.</p>
  +
  +</div>
  +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif"
/></a></div>
  +<div class="directive-section"><h2><a name="LDAPTrustedCAType" id="LDAPTrustedCAType">LDAPTrustedCAType</a>
<a name="ldaptrustedcatype" id="ldaptrustedcatype">Directive</a></h2>
  +<table class="directive">
  +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies
the type of the Certificate Authority file</td></tr>
  +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCAType
<var>type</var></code></td></tr>
  +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server
config</td></tr>
  +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
  +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
  +</table>
  +    <p>The following types are supported:<br />
  +          DER_FILE      - file in binary DER format<br />
  +          BASE64_FILE   - file in Base64 format<br />
  +          CERT7_DB_PATH - Netscape certificate database file ")</p>
   
   </div>
   </div>
  
  
  

Mime
View raw message