httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pque...@apache.org
Subject svn commit: r645594 [8/28] - in /httpd/sandbox/amsterdam/d: ./ build/ docs/conf/ docs/conf/extra/ docs/man/ docs/manual/ docs/manual/developer/ docs/manual/faq/ docs/manual/howto/ docs/manual/misc/ docs/manual/mod/ docs/manual/platform/ docs/manual/pro...
Date Mon, 07 Apr 2008 16:31:24 GMT
Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.html.en Mon Apr  7 09:28:58 2008
@@ -65,8 +65,11 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapdereferencealiases">AuthLDAPDereferenceAliases</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserattribute">AuthLDAPRemoteUserAttribute</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#authldapsubgroupclass">AuthLDAPSubGroupClass</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li>
 </ul>
 <h3>Topics</h3>
@@ -233,7 +236,8 @@
 
       <li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-group</code></a> directive, and
       the DN fetched from the LDAP directory (or the username
-      passed by the client) occurs in the LDAP group.</li>
+      passed by the client) occurs in the LDAP group or, potentially, in
+      one of its sub-groups.</li>
 
       <li>Grant access if there is a <a href="#reqattribute">
       <code>Require ldap-attribute</code></a> 
@@ -306,6 +310,29 @@
         user DN or the username when doing comparisons for the
         <code>Require ldap-group</code> directive.</td>
       </tr>
+
+      <tr>
+        <td><code class="directive"><a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></code></td>
+
+        <td>Determines the maximum depth of sub-groups that will be evaluated
+        during comparisons in the <code>Require ldap-group</code> directive.</td>
+      </tr>
+
+      <tr>
+        <td><code class="directive"><a href="#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></code></td>
+
+        <td>Determines the attribute to use when obtaining sub-group members
+        of the current group during comparisons in the <code>Require ldap-group</code>
+        directive.</td>
+      </tr>
+
+      <tr>
+        <td><code class="directive"><a href="#authldapsubgroupclass">AuthLDAPSubGroupClass</a></code></td>
+
+        <td>Specifies the LDAP objectClass values used to identify if queried directory
+        objects really are group objects (as opposed to user objects) during the
+        <code>Require ldap-group</code> directive's sub-group processing.</td>
+      </tr>
     </table>
 
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -381,8 +408,49 @@
     Barbara:</p>
 <div class="example"><p><code>Require ldap-group cn=Administrators, o=Airius</code></p></div>
 
-    <p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></code> and
-    <code class="directive"><a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></code>
+    <p>Members can also be found within sub-groups of a specified LDAP group
+    if <code class="directive"><a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></code>
+    is set to a value greater than 0. For example, assume the following entries
+    exist in the LDAP directory:</p>
+<div class="example"><p><code>
+dn: cn=Employees, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Managers, o=Airius<br />
+uniqueMember: cn=Administrators, o=Airius<br />
+uniqueMember: cn=Users, o=Airius<br />
+<br />
+dn: cn=Managers, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Bob Ellis, o=Airius<br />
+uniqueMember: cn=Tom Jackson, o=Airius<br />
+<br />
+dn: cn=Administrators, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Barbara Jenson, o=Airius<br />
+uniqueMember: cn=Fred User, o=Airius<br />
+<br />
+dn: cn=Users, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Allan Jefferson, o=Airius<br />
+uniqueMember: cn=Paul Tilley, o=Airius<br />
+uniqueMember: cn=Temporary Employees, o=Airius<br />
+<br />
+dn: cn=Temporary Employees, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Jim Swenson, o=Airius<br />
+uniqueMember: cn=Elliot Rhodes, o=Airius<br />
+</code></p></div>
+
+    <p>The following directives would allow access for Bob Ellis, Tom Jackson,
+    Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not
+    allow access for Jim Swenson, or Elliot Rhodes (since they are at a 
+    sub-group depth of 2):</p>
+<div class="example"><p><code>
+Require ldap-group cn=Employees, o-Airius<br />
+AuthLDAPSubGroupDepth 1<br />
+</code></p></div>
+
+    <p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></code>, <code class="directive"><a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></code>, <code class="directive"><a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></code>, <code class="directive"><a href="#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></code>, and <code class="directive"><a href="#authldapsubgroupclass">AuthLDAPSubGroupClass</a></code>
     directives.</p>
 
 
@@ -462,7 +530,7 @@
         Grant access to anyone who exists in the LDAP directory,
         using their UID for searches. 
 <div class="example"><p><code>
-AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)<br />
+AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)"<br />
 Require valid-user
 </code></p></div>
       </li>
@@ -471,7 +539,7 @@
         The next example is the same as above; but with the fields
         that have useful defaults omitted. Also, note the use of a
         redundant LDAP server. 
-<div class="example"><p><code>AuthLDAPURL ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius<br />
+<div class="example"><p><code>AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"<br />
 Require valid-user
 </code></p></div>
       </li>
@@ -486,7 +554,7 @@
         choose an attribute that is guaranteed unique in your
         directory, such as <code>uid</code>. 
 <div class="example"><p><code>
-AuthLDAPURL ldap://ldap.airius.com/ou=People, o=Airius?cn<br />
+AuthLDAPURL "ldap://ldap.airius.com/ou=People, o=Airius?cn"<br />
 Require valid-user
 </code></p></div>
       </li>
@@ -569,11 +637,11 @@
 <div class="section">
 <h2><a name="exposed" id="exposed">Exposing Login Information</a></h2>
 
-    <p>Whenever a query is made to the LDAP server, all LDAP attributes
-    returned by the query are placed in the environment, using environment
-    variables with the prefix "AUTHENTICATE_".</p>
+    <p>When this module performs authentication, LDAP attributes specified
+    in the <code class="directive"><a href="#authldapurl">AuthLDAPUrl</a></code> 
+    directive are placed in environment variables with the prefix "AUTHENTICATE_".</p>
 
-    <p>If an LDAP query for example returned the username, common name
+    <p>If the attribute field contains the username, common name
     and telephone number of a user, a CGI program will have access to
     this information without the need to make a second independent LDAP
     query to gather this additional information.</p>
@@ -798,7 +866,8 @@
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthLDAPGroupAttribute" id="AuthLDAPGroupAttribute">AuthLDAPGroupAttribute</a> <a name="authldapgroupattribute" id="authldapgroupattribute">Directive</a></h2>
 <table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>LDAP attributes used to check for group membership</td></tr>
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>LDAP attributes used to identify the user members of
+groups.</td></tr>
 <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttribute <em>attribute</em></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
 <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
@@ -806,8 +875,8 @@
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
 </table>
     <p>This directive specifies which LDAP attributes are used to
-    check for group membership. Multiple attributes can be used by
-    specifying this directive multiple times. If not specified,
+    check for user members within groups. Multiple attributes can be used
+    by specifying this directive multiple times. If not specified,
     then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the <code>member</code> and
     <code>uniquemember</code> attributes.</p>
 
@@ -837,6 +906,28 @@
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPMaxSubGroupDepth" id="AuthLDAPMaxSubGroupDepth">AuthLDAPMaxSubGroupDepth</a> <a name="authldapmaxsubgroupdepth" id="authldapmaxsubgroupdepth">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the maximum sub-group nesting depth that will be
+evaluated before the user search is discontinued.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPMaxSubGroupDepth <var>Number</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPMaxSubGroupDepth 10</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+   <p>When this directive is set to a non-zero value <code>X</code>
+   combined with use of the <code>Require ldap-group someGroupDN</code>
+   directive, the provided user credentials will be searched for
+   as a member of the <code>someGroupDN</code> directory object or of
+   any group member of the current group up to the maximum nesting
+   level <code>X</code> specified by this directive.</p>
+   <p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
+   section for a more detailed example.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use the value of the attribute returned during the user
@@ -879,6 +970,52 @@
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPSubGroupAttribute" id="AuthLDAPSubGroupAttribute">AuthLDAPSubGroupAttribute</a> <a name="authldapsubgroupattribute" id="authldapsubgroupattribute">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the attribute labels, one value per
+directive line, used to distinguish the members of the current group that
+are groups.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPSubGroupAttribute <em>attribute</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+    <p>An LDAP group object may contain members that are users and
+    members that are groups (called nested or sub groups). The
+    <code>AuthLDAPSubGroupAttribute</code> directive identifies the
+    labels of group members and the <code>AuthLDAPGroupAttribute</code>
+    directive identifies the labels of the user members. Multiple
+    attributes can be used by specifying this directive multiple times.
+    If not specified, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the
+    <code>member</code> and <code>uniqueMember</code> attributes.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="AuthLDAPSubGroupClass" id="AuthLDAPSubGroupClass">AuthLDAPSubGroupClass</a> <a name="authldapsubgroupclass" id="authldapsubgroupclass">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies which LDAP objectClass values identify directory
+objects that are groups during sub-group processing.</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPSubGroupClass <em>LdapObjectClass</em></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
+<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
+</table>
+    <p>An LDAP group object may contain members that are users and
+    members that are groups (called nested or sub groups). The
+    <code>AuthLDAPSubGroupAttribute</code> directive identifies the
+    labels of members that may be sub-groups of the current group
+    (as opposed to user members). The <code>AuthLDAPSubGroupClass</code>
+    directive specifies the LDAP objectClass values used in verifying that
+    these potential sub-groups are in fact group objects. Verified sub-groups
+    can then be searched for more user or sub-group members. Multiple
+    attributes can be used by specifying this directive multiple times.
+    If not specified, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the
+    <code>groupOfNames</code> and <code>groupOfUniqueNames</code> values.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>URL specifying the LDAP search parameters</td></tr>
@@ -914,7 +1051,8 @@
           specify multiple, redundant LDAP servers, just list all
           servers, separated by spaces. <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
           will try connecting to each server in turn, until it makes a
-          successful connection.</p>
+          successful connection. If multiple ldap servers are specified, 
+          then entire LDAP URL must be encapsulated in double quotes.</p>
 
           <p>Once a connection has been made to a server, that
           connection remains active for the life of the
@@ -1000,6 +1138,6 @@
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_authnz_ldap.html" title="English">&nbsp;en&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.xml
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.xml?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.xml (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authnz_ldap.xml Mon Apr  7 09:28:58 2008
@@ -212,7 +212,8 @@
       <li>Grant access if there is a <a
       href="#reqgroup"><code>Require ldap-group</code></a> directive, and
       the DN fetched from the LDAP directory (or the username
-      passed by the client) occurs in the LDAP group.</li>
+      passed by the client) occurs in the LDAP group or, potentially, in
+      one of its sub-groups.</li>
 
       <li>Grant access if there is a <a href="#reqattribute">
       <code>Require ldap-attribute</code></a> 
@@ -289,6 +290,32 @@
         user DN or the username when doing comparisons for the
         <code>Require ldap-group</code> directive.</td>
       </tr>
+
+      <tr>
+        <td><directive
+        module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive></td>
+
+        <td>Determines the maximum depth of sub-groups that will be evaluated
+        during comparisons in the <code>Require ldap-group</code> directive.</td>
+      </tr>
+
+      <tr>
+        <td><directive
+        module="mod_authnz_ldap">AuthLDAPSubGroupAttribute</directive></td>
+
+        <td>Determines the attribute to use when obtaining sub-group members
+        of the current group during comparisons in the <code>Require ldap-group</code>
+        directive.</td>
+      </tr>
+
+      <tr>
+        <td><directive
+        module="mod_authnz_ldap">AuthLDAPSubGroupClass</directive></td>
+
+        <td>Specifies the LDAP objectClass values used to identify if queried directory
+        objects really are group objects (as opposed to user objects) during the
+        <code>Require ldap-group</code> directive's sub-group processing.</td>
+      </tr>
     </table>
 </section>
 </section>
@@ -365,10 +392,54 @@
     Barbara:</p>
 <example>Require ldap-group cn=Administrators, o=Airius</example>
 
+    <p>Members can also be found within sub-groups of a specified LDAP group
+    if <directive module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive>
+    is set to a value greater than 0. For example, assume the following entries
+    exist in the LDAP directory:</p>
+<example>
+dn: cn=Employees, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Managers, o=Airius<br />
+uniqueMember: cn=Administrators, o=Airius<br />
+uniqueMember: cn=Users, o=Airius<br />
+<br />
+dn: cn=Managers, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Bob Ellis, o=Airius<br />
+uniqueMember: cn=Tom Jackson, o=Airius<br />
+<br />
+dn: cn=Administrators, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Barbara Jenson, o=Airius<br />
+uniqueMember: cn=Fred User, o=Airius<br />
+<br />
+dn: cn=Users, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Allan Jefferson, o=Airius<br />
+uniqueMember: cn=Paul Tilley, o=Airius<br />
+uniqueMember: cn=Temporary Employees, o=Airius<br />
+<br />
+dn: cn=Temporary Employees, o=Airius<br />
+objectClass: groupOfUniqueNames<br />
+uniqueMember: cn=Jim Swenson, o=Airius<br />
+uniqueMember: cn=Elliot Rhodes, o=Airius<br />
+</example>
+
+    <p>The following directives would allow access for Bob Ellis, Tom Jackson,
+    Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not
+    allow access for Jim Swenson, or Elliot Rhodes (since they are at a 
+    sub-group depth of 2):</p>
+<example>
+Require ldap-group cn=Employees, o-Airius<br />
+AuthLDAPSubGroupDepth 1<br />
+</example>
+
     <p>Behavior of this directive is modified by the <directive
-    module="mod_authnz_ldap">AuthLDAPGroupAttribute</directive> and
-    <directive
-    module="mod_authnz_ldap">AuthLDAPGroupAttributeIsDN</directive>
+    module="mod_authnz_ldap">AuthLDAPGroupAttribute</directive>, <directive
+    module="mod_authnz_ldap">AuthLDAPGroupAttributeIsDN</directive>, <directive
+    module="mod_authnz_ldap">AuthLDAPMaxSubGroupDepth</directive>, <directive
+    module="mod_authnz_ldap">AuthLDAPSubGroupAttribute</directive>, and <directive
+    module="mod_authnz_ldap">AuthLDAPSubGroupClass</directive>
     directives.</p>
 </section>
 
@@ -449,7 +520,7 @@
         Grant access to anyone who exists in the LDAP directory,
         using their UID for searches. 
 <example>
-AuthLDAPURL ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)<br />
+AuthLDAPURL "ldap://ldap1.airius.com:389/ou=People, o=Airius?uid?sub?(objectClass=*)"<br />
 Require valid-user
 </example>
       </li>
@@ -458,7 +529,7 @@
         The next example is the same as above; but with the fields
         that have useful defaults omitted. Also, note the use of a
         redundant LDAP server. 
-<example>AuthLDAPURL ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius<br />
+<example>AuthLDAPURL "ldap://ldap1.airius.com ldap2.airius.com/ou=People, o=Airius"<br />
 Require valid-user
 </example>
       </li>
@@ -473,7 +544,7 @@
         choose an attribute that is guaranteed unique in your
         directory, such as <code>uid</code>. 
 <example>
-AuthLDAPURL ldap://ldap.airius.com/ou=People, o=Airius?cn<br />
+AuthLDAPURL "ldap://ldap.airius.com/ou=People, o=Airius?cn"<br />
 Require valid-user
 </example>
       </li>
@@ -562,11 +633,11 @@
 
 <section id="exposed"><title>Exposing Login Information</title>
 
-    <p>Whenever a query is made to the LDAP server, all LDAP attributes
-    returned by the query are placed in the environment, using environment
-    variables with the prefix "AUTHENTICATE_".</p>
+    <p>When this module performs authentication, LDAP attributes specified
+    in the <directive module="mod_authnz_ldap">AuthLDAPUrl</directive> 
+    directive are placed in environment variables with the prefix "AUTHENTICATE_".</p>
 
-    <p>If an LDAP query for example returned the username, common name
+    <p>If the attribute field contains the username, common name
     and telephone number of a user, a CGI program will have access to
     this information without the need to make a second independent LDAP
     query to gather this additional information.</p>
@@ -796,7 +867,8 @@
 
 <directivesynopsis>
 <name>AuthLDAPGroupAttribute</name>
-<description>LDAP attributes used to check for group membership</description>
+<description>LDAP attributes used to identify the user members of
+groups.</description>
 <syntax>AuthLDAPGroupAttribute <em>attribute</em></syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
@@ -804,8 +876,8 @@
 
 <usage>
     <p>This directive specifies which LDAP attributes are used to
-    check for group membership. Multiple attributes can be used by
-    specifying this directive multiple times. If not specified,
+    check for user members within groups. Multiple attributes can be used
+    by specifying this directive multiple times. If not specified,
     then <module>mod_authnz_ldap</module> uses the <code>member</code> and
     <code>uniquemember</code> attributes.</p>
 </usage>
@@ -836,6 +908,28 @@
 </directivesynopsis>
 
 <directivesynopsis>
+<name>AuthLDAPMaxSubGroupDepth</name>
+<description>Specifies the maximum sub-group nesting depth that will be
+evaluated before the user search is discontinued.</description>
+<syntax>AuthLDAPMaxSubGroupDepth <var>Number</var></syntax>
+<default>AuthLDAPMaxSubGroupDepth 10</default>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+   <p>When this directive is set to a non-zero value <code>X</code>
+   combined with use of the <code>Require ldap-group someGroupDN</code>
+   directive, the provided user credentials will be searched for
+   as a member of the <code>someGroupDN</code> directory object or of
+   any group member of the current group up to the maximum nesting
+   level <code>X</code> specified by this directive.</p>
+   <p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
+   section for a more detailed example.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
 <name>AuthLDAPRemoteUserAttribute</name>
 <description>Use the value of the attribute returned during the user
 query to set the REMOTE_USER environment variable</description>
@@ -878,6 +972,52 @@
 </directivesynopsis>
 
 <directivesynopsis>
+<name>AuthLDAPSubGroupAttribute</name>
+<description>Specifies the attribute labels, one value per
+directive line, used to distinguish the members of the current group that
+are groups.</description>
+<syntax>AuthLDAPSubGroupAttribute <em>attribute</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+    <p>An LDAP group object may contain members that are users and
+    members that are groups (called nested or sub groups). The
+    <code>AuthLDAPSubGroupAttribute</code> directive identifies the
+    labels of group members and the <code>AuthLDAPGroupAttribute</code>
+    directive identifies the labels of the user members. Multiple
+    attributes can be used by specifying this directive multiple times.
+    If not specified, then <module>mod_authnz_ldap</module> uses the
+    <code>member</code> and <code>uniqueMember</code> attributes.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>AuthLDAPSubGroupClass</name>
+<description>Specifies which LDAP objectClass values identify directory
+objects that are groups during sub-group processing.</description>
+<syntax>AuthLDAPSubGroupClass <em>LdapObjectClass</em></syntax>
+<contextlist><context>directory</context><context>.htaccess</context>
+</contextlist>
+<override>AuthConfig</override>
+
+<usage>
+    <p>An LDAP group object may contain members that are users and
+    members that are groups (called nested or sub groups). The
+    <code>AuthLDAPSubGroupAttribute</code> directive identifies the
+    labels of members that may be sub-groups of the current group
+    (as opposed to user members). The <code>AuthLDAPSubGroupClass</code>
+    directive specifies the LDAP objectClass values used in verifying that
+    these potential sub-groups are in fact group objects. Verified sub-groups
+    can then be searched for more user or sub-group members. Multiple
+    attributes can be used by specifying this directive multiple times.
+    If not specified, then <module>mod_authnz_ldap</module> uses the
+    <code>groupOfNames</code> and <code>groupOfUniqueNames</code> values.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
 <name>AuthLDAPUrl</name>
 <description>URL specifying the LDAP search parameters</description>
 <syntax>AuthLDAPUrl <em>url [NONE|SSL|TLS|STARTTLS]</em></syntax>
@@ -912,7 +1052,8 @@
           specify multiple, redundant LDAP servers, just list all
           servers, separated by spaces. <module>mod_authnz_ldap</module>
           will try connecting to each server in turn, until it makes a
-          successful connection.</p>
+          successful connection. If multiple ldap servers are specified, 
+          then entire LDAP URL must be encapsulated in double quotes.</p>
 
           <p>Once a connection has been made to a server, that
           connection remains active for the life of the

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.html.en Mon Apr  7 09:28:58 2008
@@ -45,11 +45,69 @@
 <li><img alt="" src="../images/down.gif" /> <a href="#authzmergerules">AuthzMergeRules</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#reject">Reject</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#require">Require</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requirealias">&lt;RequireAlias&gt;</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#satisfyall">&lt;SatisfyAll&gt;</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#satisfyone">&lt;SatisfyOne&gt;</a></li>
 </ul>
-</div>
+<h3>Topics</h3>
+<ul id="topics">
+<li><img alt="" src="../images/down.gif" /> <a href="#authzalias">Creating Authorization Provider Aliases</a></li>
+</ul></div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="authzalias" id="authzalias">Creating Authorization Provider Aliases</a></h2>
+
+    <p>Extended authorization providers can be created within the configuration
+    file and assigned an alias name.  The alias providers can then be referenced
+    through the <code class="directive"><a href="#require">Require</a></code> directive
+    in the same way as a base authorization provider.  Besides the ability to
+    create and alias an extended provider, it also allows the same extended
+    authorization provider to be reference by multiple locations.
+    </p>
+
+    <h3><a name="example" id="example">Example</a></h3>
+        <p>The example below creates two different ldap authorization provider
+        aliases based on the ldap-group authorization provider.  This example
+        allows a single authorization location to check group membership within
+        multiple ldap hosts:
+        </p>
+    
+        <div class="example"><h3>Example</h3><p><code>
+          &lt;RequireAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;<br />
+          <span class="indent">
+             AuthLDAPBindDN cn=youruser,o=ctx<br />
+             AuthLDAPBindPassword yourpassword<br />
+             AuthLDAPURL ldap://ldap.host/o=ctx<br />
+          </span> 
+          &lt;/RequireAlias&gt;<br /><br /> 
+          &lt;AuthnProviderAlias ldap-group ldap-group-alias2
+           cn=my-other-group,o=dev&gt;<br />
+          <span class="indent">
+             AuthLDAPBindDN cn=yourotheruser,o=dev<br />
+             AuthLDAPBindPassword yourotherpassword<br />
+             AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br />
+          </span> 
+          &lt;/RequireAlias&gt;<br /><br />
+    
+          Alias /secure /webpages/secure<br />
+          &lt;Directory /webpages/secure&gt;<br />
+          <span class="indent">
+             Order deny,allow<br />
+             Allow from all<br /><br />
+        
+             AuthBasicProvider file<br /><br />
+        
+             AuthType Basic<br />
+             AuthName LDAP_Protected_Place<br /><br />
+
+             #implied OR operation<br /> 
+             Require alias1-ldap-group<br /> 
+             Require alias2-ldap-group<br />
+          </span> &lt;/Directory&gt;<br />
+        </code></p></div>
+    
 
+</div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthzMergeRules" id="AuthzMergeRules">AuthzMergeRules</a> <a name="authzmergerules" id="authzmergerules">Directive</a></h2>
 <table class="directive">
@@ -170,6 +228,26 @@
 </ul>
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="RequireAlias" id="RequireAlias">&lt;RequireAlias&gt;</a> <a name="requirealias" id="requirealias">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of directives that represent an
+extension of a base authorization provider and referenced by the specified
+alias</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>&lt;RequireAlias <var>baseProvider Alias Require-Parameters</var>&gt; 
+... &lt;/RequireAlias&gt;
+</code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Base</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_core</td></tr>
+</table>
+    <p><code class="directive">&lt;RequireAlias&gt;</code> and
+    <code>&lt;/RequireAlias&gt;</code> are used to enclose a group of
+    authorization directives that can be referenced by the alias name using the
+    directive <code class="directive"><a href="# require"> Require</a></code>.</p>
+
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="SatisfyAll" id="SatisfyAll">&lt;SatisfyAll&gt;</a> <a name="satisfyall" id="satisfyall">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enclose a group of authorization directives that must all
@@ -265,6 +343,6 @@
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_core.html" title="English">&nbsp;en&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.xml
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.xml?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.xml (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_core.xml Mon Apr  7 09:28:58 2008
@@ -41,6 +41,60 @@
     authorization processing.</p>
 </summary>
 
+<section id="authzalias"><title>Creating Authorization Provider Aliases</title>
+
+    <p>Extended authorization providers can be created within the configuration
+    file and assigned an alias name.  The alias providers can then be referenced
+    through the <directive module="mod_authz_core">Require</directive> directive
+    in the same way as a base authorization provider.  Besides the ability to
+    create and alias an extended provider, it also allows the same extended
+    authorization provider to be reference by multiple locations.
+    </p>
+
+    <section id="example"><title>Example</title>
+        <p>The example below creates two different ldap authorization provider
+        aliases based on the ldap-group authorization provider.  This example
+        allows a single authorization location to check group membership within
+        multiple ldap hosts:
+        </p>
+    
+        <example><title>Example</title>
+          &lt;RequireAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx&gt;<br />
+          <indent>
+             AuthLDAPBindDN cn=youruser,o=ctx<br />
+             AuthLDAPBindPassword yourpassword<br />
+             AuthLDAPURL ldap://ldap.host/o=ctx<br />
+          </indent> 
+          &lt;/RequireAlias&gt;<br /><br /> 
+          &lt;AuthnProviderAlias ldap-group ldap-group-alias2
+           cn=my-other-group,o=dev&gt;<br />
+          <indent>
+             AuthLDAPBindDN cn=yourotheruser,o=dev<br />
+             AuthLDAPBindPassword yourotherpassword<br />
+             AuthLDAPURL ldap://other.ldap.host/o=dev?cn<br />
+          </indent> 
+          &lt;/RequireAlias&gt;<br /><br />
+    
+          Alias /secure /webpages/secure<br />
+          &lt;Directory /webpages/secure&gt;<br />
+          <indent>
+             Order deny,allow<br />
+             Allow from all<br /><br />
+        
+             AuthBasicProvider file<br /><br />
+        
+             AuthType Basic<br />
+             AuthName LDAP_Protected_Place<br /><br />
+
+             #implied OR operation<br /> 
+             Require alias1-ldap-group<br /> 
+             Require alias2-ldap-group<br />
+          </indent> &lt;/Directory&gt;<br />
+        </example>
+    </section>
+
+</section>
+
 <directivesynopsis>
 <name>Require</name>
 <description>Selects which authenticated users can access
@@ -246,6 +300,26 @@
     authorization rules that may exist above it.</p>
 </usage>
 
+</directivesynopsis>
+
+<directivesynopsis type="section">
+<name>RequireAlias</name>
+<description>Enclose a group of directives that represent an
+extension of a base authorization provider and referenced by the specified
+alias</description>
+<syntax>&lt;RequireAlias <var>baseProvider Alias Require-Parameters</var>&gt; 
+... &lt;/RequireAlias&gt;
+</syntax>
+<contextlist><context>server config</context>
+</contextlist>
+
+<usage>
+    <p><directive type="section">RequireAlias</directive> and
+    <code>&lt;/RequireAlias&gt;</code> are used to enclose a group of
+    authorization directives that can be referenced by the alias name using the
+    directive <directive module="mod_authz_core"> Require</directive>.</p>
+
+</usage>
 </directivesynopsis>
 
 </modulesynopsis>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.html.en Mon Apr  7 09:28:58 2008
@@ -27,14 +27,22 @@
 <tr><th><a href="module-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="module-dict.html#ModuleIdentifier">Module Identifier:</a></th><td>authz_dbd_module</td></tr>
 <tr><th><a href="module-dict.html#SourceFile">Source File:</a></th><td>mod_authz_dbd.c</td></tr>
-<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.2 and later</td></tr></table>
+<tr><th><a href="module-dict.html#Compatibility">Compatibility:</a></th><td>Available in Apache 2.4 and later</td></tr></table>
 <h3>Summary</h3>
 
     <p>This module provides authorization capabilities so that
        authenticated users can be allowed or denied access to portions
-       of the web site by group membership. It also provides
-       database/backend login/logout in conjunction with
-       <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.</p>
+       of the web site by group membership.  Similar functionality is
+       provided by <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> and
+       <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>, with the exception that
+       this module queries a SQL database to determine whether a
+       user is a member of a group.</p>
+    <p>This module can also provide database-backed user login/logout
+       capabilities.  These are likely to be of most value when used
+       in conjunction with <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.</p>
+    <p>This module relies on <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> to specify
+       the backend database driver and connection parameters, and
+       manage the database connections.</p>
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
@@ -50,6 +58,12 @@
 </ul><h3>See also</h3>
 <ul class="seealso">
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
+<li>
+  <code class="directive"><a href="../mod/mod_authz_core.html#authzmergerules">AuthzMergeRules</a></code>
+</li>
+<li>
+  <code class="directive"><a href="../mod/mod_authn_dbd.html#authdbduserpwquery">AuthDBDUserPWQuery</a></code>
+</li>
 <li><code class="directive"><a href="../mod/mod_dbd.html#dbdriver">DBDriver</a></code></li>
 <li><code class="directive"><a href="../mod/mod_dbd.html#dbdparams">DBDParams</a></code></li>
 </ul></div>
@@ -57,11 +71,13 @@
 <div class="section">
 <h2><a name="login" id="login">Database Login</a></h2>
 
-<p>In addition to the standard authz function of checking group
-membership, this module provides database Login/Logout capability.
-Specifically, we can maintain a logged in/logged out status in
-the database, and control the status via designated URLs (subject
-of course to users supplying the necessary credentials).</p>
+<p>
+In addition to the standard authorization function of checking group
+membership, this module can also provide server-side user session
+management via database-backed login/logout capabilities.
+Specifically, it can update a user's session status in the database
+whenever the user visits designated URLs (subject of course to users
+supplying the necessary credentials).</p>
 <p>This works by defining two special
 <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> types:
 <code>Require dbd-login</code> and <code>Require dbd-logout</code>.
@@ -70,22 +86,21 @@
 <div class="section">
 <h2><a name="client" id="client">Client Login</a></h2>
 
-<p>In conjunction with server login/logout, we may wish to implement
-clientside login/out, for example by setting and unsetting a cookie
-or other such token.  Although this is not the business of an authz
-module, client session management software should be able to tie its
-operation in to database login/logout.  To support this,
-<code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an optional hook that will
-be run whenever a user successfully logs into or out of the database.
-Session management modules can use the hook to implement functions
-to start and end a client session.</p>
+<p>Some administrators may wish to implement client-side session
+management that works in concert with the server-side login/logout
+capabilities offered by this module, for example, by setting or unsetting
+an HTTP cookie or other such token when a user logs in or out.
+To support such integration, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an
+optional hook that will be run whenever a user's status is updated in
+the database.  Other session management modules can then use the hook
+to implement functions that start and end client-side sessions.</p>
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="example" id="example">Configuration Example</a></h2>
 
-<div class="example"><pre><code>
-# DBD Configuration
-DBDriver oracle
+<div class="example"><pre>
+# mod_dbd configuration
+DBDriver pgsql
 DBDParams "dbname=apacheauth user=apache pass=xxxxxx"
 
 DBDMin  4
@@ -94,38 +109,53 @@
 DBDExptime 300
 
 &lt;Directory /usr/www/my.site/team-private/&gt;
-   # authn with mod_authn_dbd
-   AuthType Basic
-   AuthName Team
-   AuthBasicProvider dbd
-   AuthDBDUserPWQuery "SELECT pass FROM authn WHERE user = %s AND login = true"
-
-   # Require dbd-group and authz_dbd implementation
-   Require dbd-group team
-   AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
-
-   # When a user fails to authn/authz, invite them to login
-   ErrorDocument 401 /team-private/login-form.html
-
-   &lt;Files login.html&gt;
-      # Don't require that we're already logged in!
-      AuthDBDUserPWQuery "SELECT pass FROM authn WHERE user = %s"
-
-      # dbd-login action executes a query to set our own state
-      Require dbd-login
-      AuthzDBDQuery "UPDATE authn SET login = true WHERE user = %s"
-
-      # Return user to referring page (if any) on successful login
-      AuthzDBDLoginToReferer On
-   &lt;/Files&gt;
-
-   &lt;Files logout.html&gt;
-      # dbd-logout action executes a query to set our own state
-      Require dbd-logout
-      AuthzDBDQuery "UPDATE authn SET login = false WHERE user = %s"
-   &lt;/Files&gt;
+  # mod_authn_core and mod_auth_basic configuration
+  # for mod_authn_dbd
+  AuthType Basic
+  AuthName Team
+  AuthBasicProvider dbd
+
+  # mod_authn_dbd SQL query to authenticate a logged-in user
+  AuthDBDUserPWQuery \
+    "SELECT password FROM authn WHERE user = %s AND login = 'true'"
+
+  # mod_authz_core configuration for mod_authz_dbd
+  AuthzMergeRules Off
+  Require dbd-group team
+
+  # mod_authz_dbd configuration
+  AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
+
+  # when a user fails to be authenticated or authorized,
+  # invite them to login; this page should provide a link
+  # to /team-private/login.html
+  ErrorDocument 401 /login-info.html
+
+  &lt;Files login.html&gt;
+    # don't require user to already be logged in!
+    AuthDBDUserPWQuery \
+      "SELECT password FROM authn WHERE user = %s"
+
+    # dbd-login action executes a statement to log user in
+    AuthzMergeRules Off
+    Require dbd-login
+    AuthzDBDQuery \
+      "UPDATE authn SET login = 'true' WHERE user = %s"
+
+    # return user to referring page (if any) after
+    # successful login
+    AuthzDBDLoginToReferer On
+  &lt;/Files&gt;
+
+  &lt;Files logout.html&gt;
+    # dbd-logout action executes a statement to log user out
+    AuthzMergeRules Off
+    Require dbd-logout
+    AuthzDBDQuery \
+      "UPDATE authn SET login = 'false' WHERE user = %s"
+  &lt;/Files&gt;
 &lt;/Directory&gt;
-</code></pre></div>
+</pre></div>
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthzDBDLoginToReferer" id="AuthzDBDLoginToReferer">AuthzDBDLoginToReferer</a> <a name="authzdbdlogintoreferer" id="authzdbdlogintoreferer">Directive</a></h2>
@@ -151,7 +181,7 @@
 <div class="directive-section"><h2><a name="AuthzDBDQuery" id="AuthzDBDQuery">AuthzDBDQuery</a> <a name="authzdbdquery" id="authzdbdquery">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specify the SQL Query for the required operation</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDQuery SQL-Query</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDQuery <var>query</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_dbd</td></tr>
@@ -161,37 +191,58 @@
     <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directive in
     effect.</p>
     <ul>
-    <li>With <code>Require dbd-group</code>, it specifies a query
-    to look up groups for the current user.  This is the standard
-    functionality of other authz modules such as
+    <li>When used with a <code>Require dbd-group</code> directive,
+    it specifies a query to look up groups for the current user.  This is
+    the standard functionality of other authorization modules such as
     <code class="module"><a href="../mod/mod_authz_file.html">mod_authz_file</a></code> and <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>.
-    In this case it will typically take the form<br />
-    <code>AuthzDBDQuery "SELECT group FROM groups WHERE user= %s"</code>
+    The first column value of each row returned by the query statement
+    should be a string containing a group name.  Zero, one, or more rows
+    may be returned.
+    <div class="example"><h3>Example</h3><pre>
+Require dbd-group
+AuthzDBDQuery \
+  "SELECT group FROM groups WHERE user = %s"
+</pre></div>
     </li>
-    <li>With <code>Require dbd-login</code> or <code>Require dbd-logout</code>,
-    it will never deny access, but will instead execute an SQL Query
-    designed to log the user (who must already be authenticated with
-    <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>) in or out.  Such a query will
-    typically take the form<br />
-    <code>AuthzDBDQuery "UPDATE authn SET login = true WHERE user = %s"</code>
+    <li>When used with a <code>Require dbd-login</code> or
+    <code>Require dbd-logout</code> directive, it will never deny access,
+    but will instead execute a SQL statement designed to log the user
+    in or out.  The user must already be authenticated with
+    <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.
+    <div class="example"><h3>Example</h3><pre>
+Require dbd-login
+AuthzDBDQuery \
+  "UPDATE authn SET login = 'true' WHERE user = %s"
+</pre></div>
     </li>
     </ul>
+    <p>In all cases, the user's ID will be passed as a single string
+    parameter when the SQL query is executed.  It may be referenced within
+    the query statement using a <code>%s</code> format specifier.</p>
 
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthzDBDRedirectQuery" id="AuthzDBDRedirectQuery">AuthzDBDRedirectQuery</a> <a name="authzdbdredirectquery" id="authzdbdredirectquery">Directive</a></h2>
 <table class="directive">
 <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specify a query to look up a login page for the user</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDRedirectQuery SQL-Query</code></td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthzDBDRedirectQuery <var>query</var></code></td></tr>
 <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory</td></tr>
 <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authz_dbd</td></tr>
 </table>
-    <p>Specifies an optional query to use after successful login
-    (or logout) to redirect the user to a page, which may be
-    specific to the user.  Such a query will take the form<br />
-    <code>AuthzDBDRedirectQuery "SELECT userpage FROM userpages WHERE user = %s"</code>
-    </p>
+    <p>Specifies an optional SQL query to use after successful login
+    (or logout) to redirect the user to a URL, which may be
+    specific to the user.  The user's ID will be passed as a single string
+    parameter when the SQL query is executed.  It may be referenced within
+    the query statement using a <code>%s</code> format specifier.</p>
+    <div class="example"><h3>Example</h3><pre>
+AuthzDBDRedirectQuery \
+  "SELECT userpage FROM userpages WHERE user = %s"
+</pre></div>
+    <p>The first column value of the first row returned by the query
+    statement should be a string containing a URL to which to redirect
+    the client.  Subsequent rows will be ignored.  If no rows are returned,
+    the client will not be redirected.</p>
     <p>Note that <code class="directive">AuthzDBDLoginToReferer</code> takes
     precedence if both are set.</p>
 
@@ -200,6 +251,6 @@
 <div class="bottomlang">
 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_dbd.html" title="English">&nbsp;en&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.xml
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.xml?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.xml (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbd.xml Mon Apr  7 09:28:58 2008
@@ -27,27 +27,43 @@
 <status>Extension</status>
 <sourcefile>mod_authz_dbd.c</sourcefile>
 <identifier>authz_dbd_module</identifier>
-<compatibility>Available in Apache 2.2 and later</compatibility>
+<compatibility>Available in Apache 2.4 and later</compatibility>
 
 <summary>
     <p>This module provides authorization capabilities so that
        authenticated users can be allowed or denied access to portions
-       of the web site by group membership. It also provides
-       database/backend login/logout in conjunction with
-       <module>mod_authn_dbd</module>.</p>
+       of the web site by group membership.  Similar functionality is
+       provided by <module>mod_authz_groupfile</module> and
+       <module>mod_authz_dbm</module>, with the exception that
+       this module queries a SQL database to determine whether a
+       user is a member of a group.</p>
+    <p>This module can also provide database-backed user login/logout
+       capabilities.  These are likely to be of most value when used
+       in conjunction with <module>mod_authn_dbd</module>.</p>
+    <p>This module relies on <module>mod_dbd</module> to specify
+       the backend database driver and connection parameters, and
+       manage the database connections.</p>
 </summary>
 
 <seealso><directive module="mod_authz_core">Require</directive></seealso>
+<seealso>
+  <directive module="mod_authz_core">AuthzMergeRules</directive>
+</seealso>
+<seealso>
+  <directive module="mod_authn_dbd">AuthDBDUserPWQuery</directive>
+</seealso>
 <seealso><directive module="mod_dbd">DBDriver</directive></seealso>
 <seealso><directive module="mod_dbd">DBDParams</directive></seealso>
 
 <section id="login">
 <title>Database Login</title>
-<p>In addition to the standard authz function of checking group
-membership, this module provides database Login/Logout capability.
-Specifically, we can maintain a logged in/logged out status in
-the database, and control the status via designated URLs (subject
-of course to users supplying the necessary credentials).</p>
+<p>
+In addition to the standard authorization function of checking group
+membership, this module can also provide server-side user session
+management via database-backed login/logout capabilities.
+Specifically, it can update a user's session status in the database
+whenever the user visits designated URLs (subject of course to users
+supplying the necessary credentials).</p>
 <p>This works by defining two special
 <directive module="mod_authz_core">Require</directive> types:
 <code>Require dbd-login</code> and <code>Require dbd-logout</code>.
@@ -56,22 +72,21 @@
 
 <section id="client">
 <title>Client Login</title>
-<p>In conjunction with server login/logout, we may wish to implement
-clientside login/out, for example by setting and unsetting a cookie
-or other such token.  Although this is not the business of an authz
-module, client session management software should be able to tie its
-operation in to database login/logout.  To support this,
-<module>mod_authz_dbd</module> exports an optional hook that will
-be run whenever a user successfully logs into or out of the database.
-Session management modules can use the hook to implement functions
-to start and end a client session.</p>
+<p>Some administrators may wish to implement client-side session
+management that works in concert with the server-side login/logout
+capabilities offered by this module, for example, by setting or unsetting
+an HTTP cookie or other such token when a user logs in or out.
+To support such integration, <module>mod_authz_dbd</module> exports an
+optional hook that will be run whenever a user's status is updated in
+the database.  Other session management modules can then use the hook
+to implement functions that start and end client-side sessions.</p>
 </section>
 
 <section id="example">
 <title>Configuration Example</title>
-<example><pre><code>
-# DBD Configuration
-DBDriver oracle
+<example><pre>
+# mod_dbd configuration
+DBDriver pgsql
 DBDParams "dbname=apacheauth user=apache pass=xxxxxx"
 
 DBDMin  4
@@ -80,45 +95,59 @@
 DBDExptime 300
 
 &lt;Directory /usr/www/my.site/team-private/&gt;
-   # authn with mod_authn_dbd
-   AuthType Basic
-   AuthName Team
-   AuthBasicProvider dbd
-   AuthDBDUserPWQuery "SELECT pass FROM authn WHERE user = %s AND login = true"
-
-   # Require dbd-group and authz_dbd implementation
-   Require dbd-group team
-   AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
-
-   # When a user fails to authn/authz, invite them to login
-   ErrorDocument 401 /team-private/login-form.html
-
-   &lt;Files login.html&gt;
-      # Don't require that we're already logged in!
-      AuthDBDUserPWQuery "SELECT pass FROM authn WHERE user = %s"
-
-      # dbd-login action executes a query to set our own state
-      Require dbd-login
-      AuthzDBDQuery "UPDATE authn SET login = true WHERE user = %s"
-
-      # Return user to referring page (if any) on successful login
-      AuthzDBDLoginToReferer On
-   &lt;/Files&gt;
-
-   &lt;Files logout.html&gt;
-      # dbd-logout action executes a query to set our own state
-      Require dbd-logout
-      AuthzDBDQuery "UPDATE authn SET login = false WHERE user = %s"
-   &lt;/Files&gt;
+  # mod_authn_core and mod_auth_basic configuration
+  # for mod_authn_dbd
+  AuthType Basic
+  AuthName Team
+  AuthBasicProvider dbd
+
+  # mod_authn_dbd SQL query to authenticate a logged-in user
+  AuthDBDUserPWQuery \
+    "SELECT password FROM authn WHERE user = %s AND login = 'true'"
+
+  # mod_authz_core configuration for mod_authz_dbd
+  AuthzMergeRules Off
+  Require dbd-group team
+
+  # mod_authz_dbd configuration
+  AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
+
+  # when a user fails to be authenticated or authorized,
+  # invite them to login; this page should provide a link
+  # to /team-private/login.html
+  ErrorDocument 401 /login-info.html
+
+  &lt;Files login.html&gt;
+    # don't require user to already be logged in!
+    AuthDBDUserPWQuery \
+      "SELECT password FROM authn WHERE user = %s"
+
+    # dbd-login action executes a statement to log user in
+    AuthzMergeRules Off
+    Require dbd-login
+    AuthzDBDQuery \
+      "UPDATE authn SET login = 'true' WHERE user = %s"
+
+    # return user to referring page (if any) after
+    # successful login
+    AuthzDBDLoginToReferer On
+  &lt;/Files&gt;
+
+  &lt;Files logout.html&gt;
+    # dbd-logout action executes a statement to log user out
+    AuthzMergeRules Off
+    Require dbd-logout
+    AuthzDBDQuery \
+      "UPDATE authn SET login = 'false' WHERE user = %s"
+  &lt;/Files&gt;
 &lt;/Directory&gt;
-</code></pre>
-</example>
+</pre></example>
 </section>
 
 <directivesynopsis>
 <name>AuthzDBDQuery</name>
 <description>Specify the SQL Query for the required operation</description>
-<syntax>AuthzDBDQuery SQL-Query</syntax>
+<syntax>AuthzDBDQuery <var>query</var></syntax>
 <contextlist><context>directory</context></contextlist>
 
 <usage>
@@ -127,36 +156,57 @@
     <directive module="mod_authz_core">Require</directive> directive in
     effect.</p>
     <ul>
-    <li>With <code>Require dbd-group</code>, it specifies a query
-    to look up groups for the current user.  This is the standard
-    functionality of other authz modules such as
+    <li>When used with a <code>Require dbd-group</code> directive,
+    it specifies a query to look up groups for the current user.  This is
+    the standard functionality of other authorization modules such as
     <module>mod_authz_file</module> and <module>mod_authz_dbm</module>.
-    In this case it will typically take the form<br/>
-    <code>AuthzDBDQuery "SELECT group FROM groups WHERE user= %s"</code>
+    The first column value of each row returned by the query statement
+    should be a string containing a group name.  Zero, one, or more rows
+    may be returned.
+    <example><title>Example</title><pre>
+Require dbd-group
+AuthzDBDQuery \
+  "SELECT group FROM groups WHERE user = %s"
+</pre></example>
     </li>
-    <li>With <code>Require dbd-login</code> or <code>Require dbd-logout</code>,
-    it will never deny access, but will instead execute an SQL Query
-    designed to log the user (who must already be authenticated with
-    <module>mod_authn_dbd</module>) in or out.  Such a query will
-    typically take the form<br/>
-    <code>AuthzDBDQuery "UPDATE authn SET login = true WHERE user = %s"</code>
+    <li>When used with a <code>Require dbd-login</code> or
+    <code>Require dbd-logout</code> directive, it will never deny access,
+    but will instead execute a SQL statement designed to log the user
+    in or out.  The user must already be authenticated with
+    <module>mod_authn_dbd</module>.
+    <example><title>Example</title><pre>
+Require dbd-login
+AuthzDBDQuery \
+  "UPDATE authn SET login = 'true' WHERE user = %s"
+</pre></example>
     </li>
     </ul>
+    <p>In all cases, the user's ID will be passed as a single string
+    parameter when the SQL query is executed.  It may be referenced within
+    the query statement using a <code>%s</code> format specifier.</p>
 </usage>
 </directivesynopsis>
 
 <directivesynopsis>
 <name>AuthzDBDRedirectQuery</name>
 <description>Specify a query to look up a login page for the user</description>
-<syntax>AuthzDBDRedirectQuery SQL-Query</syntax>
+<syntax>AuthzDBDRedirectQuery <var>query</var></syntax>
 <contextlist><context>directory</context></contextlist>
 
 <usage>
-    <p>Specifies an optional query to use after successful login
-    (or logout) to redirect the user to a page, which may be
-    specific to the user.  Such a query will take the form<br/>
-    <code>AuthzDBDRedirectQuery "SELECT userpage FROM userpages WHERE user = %s"</code>
-    </p>
+    <p>Specifies an optional SQL query to use after successful login
+    (or logout) to redirect the user to a URL, which may be
+    specific to the user.  The user's ID will be passed as a single string
+    parameter when the SQL query is executed.  It may be referenced within
+    the query statement using a <code>%s</code> format specifier.</p>
+    <example><title>Example</title><pre>
+AuthzDBDRedirectQuery \
+  "SELECT userpage FROM userpages WHERE user = %s"
+</pre></example>
+    <p>The first column value of the first row returned by the query
+    statement should be a string containing a URL to which to redirect
+    the client.  Subsequent rows will be ignored.  If no rows are returned,
+    the client will not be redirected.</p>
     <p>Note that <directive>AuthzDBDLoginToReferer</directive> takes
     precedence if both are set.</p>
 </usage>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.en Mon Apr  7 09:28:58 2008
@@ -131,6 +131,6 @@
 <p><span>Available Languages: </span><a href="../en/mod/mod_authz_dbm.html" title="English">&nbsp;en&nbsp;</a> |
 <a href="../ko/mod/mod_authz_dbm.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.ko.euc-kr
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.ko.euc-kr?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.ko.euc-kr [euc-kr] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_dbm.html.ko.euc-kr [euc-kr] Mon Apr  7 09:28:58 2008
@@ -165,6 +165,6 @@
 <p><span>가능한 언어: </span><a href="../en/mod/mod_authz_dbm.html" hreflang="en" rel="alternate" title="English">&nbsp;en&nbsp;</a> |
 <a href="../ko/mod/mod_authz_dbm.html" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">모듈</a> | <a href="../mod/directives.html">지시어들</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">용어</a> | <a href="../sitemap.html">사이트맵</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html Mon Apr  7 09:28:58 2008
@@ -2,9 +2,9 @@
 Content-Language: en
 Content-type: text/html; charset=ISO-8859-1
 
-URI: mod_authz_default.html.ja.euc-jp
+URI: mod_authz_default.html.ja.utf8
 Content-Language: ja
-Content-type: text/html; charset=EUC-JP
+Content-type: text/html; charset=UTF-8
 
 URI: mod_authz_default.html.ko.euc-kr
 Content-Language: ko

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.en Mon Apr  7 09:28:58 2008
@@ -75,6 +75,6 @@
 <a href="../ja/mod/mod_authz_default.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_default.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.ko.euc-kr
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.ko.euc-kr?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.ko.euc-kr [euc-kr] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_default.html.ko.euc-kr [euc-kr] Mon Apr  7 09:28:58 2008
@@ -73,6 +73,6 @@
 <a href="../ja/mod/mod_authz_default.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_default.html" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">모듈</a> | <a href="../mod/directives.html">지시어들</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">용어</a> | <a href="../sitemap.html">사이트맵</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html Mon Apr  7 09:28:58 2008
@@ -2,9 +2,9 @@
 Content-Language: en
 Content-type: text/html; charset=ISO-8859-1
 
-URI: mod_authz_groupfile.html.ja.euc-jp
+URI: mod_authz_groupfile.html.ja.utf8
 Content-Language: ja
-Content-type: text/html; charset=EUC-JP
+Content-type: text/html; charset=UTF-8
 
 URI: mod_authz_groupfile.html.ko.euc-kr
 Content-Language: ko

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.en Mon Apr  7 09:28:58 2008
@@ -86,6 +86,6 @@
 <a href="../ja/mod/mod_authz_groupfile.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_groupfile.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr [euc-kr] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_groupfile.html.ko.euc-kr [euc-kr] Mon Apr  7 09:28:58 2008
@@ -118,6 +118,6 @@
 <a href="../ja/mod/mod_authz_groupfile.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_groupfile.html" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">모듈</a> | <a href="../mod/directives.html">지시어들</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">용어</a> | <a href="../sitemap.html">사이트맵</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html Mon Apr  7 09:28:58 2008
@@ -2,9 +2,9 @@
 Content-Language: en
 Content-type: text/html; charset=ISO-8859-1
 
-URI: mod_authz_host.html.ja.euc-jp
+URI: mod_authz_host.html.ja.utf8
 Content-Language: ja
-Content-type: text/html; charset=EUC-JP
+Content-type: text/html; charset=UTF-8
 
 URI: mod_authz_host.html.ko.euc-kr
 Content-Language: ko

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.en Mon Apr  7 09:28:58 2008
@@ -57,7 +57,7 @@
             directives.</p>
 <h3>Topics</h3>
 <ul id="topics">
-<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The require Directives</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#requiredirectives">The Require Directives</a></li>
 </ul><h3>See also</h3>
 <ul class="seealso">
 <li><a href="../howto/auth.html">Authentication, Authorization,
@@ -67,7 +67,7 @@
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
-<h2><a name="requiredirectives" id="requiredirectives">The require Directives</a></h2>
+<h2><a name="requiredirectives" id="requiredirectives">The Require Directives</a></h2>
 
     <p>Apache's <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> and 
     <code class="directive"><a href="../mod/mod_authz_core.html#reject">Reject</a></code> directives are 
@@ -83,7 +83,7 @@
     characteristics of the client request captured in environment
     variables.</p>
 
-<h3><a name="reqenv" id="reqenv">require env</a></h3>
+<h3><a name="reqenv" id="reqenv">Require env</a></h3>
 
     <p>The <code>env</code> provider allows access to the server
     to be controlled based on the existence of an <a href="../env.html">environment variable</a>. When <code>Require 
@@ -112,7 +112,7 @@
 
 
 
-<h3><a name="reqip" id="reqip">require ip</a></h3>
+<h3><a name="reqip" id="reqip">Require ip</a></h3>
 
     <p>The <code>ip</code> provider allows access to the server
     to be controlled based on the IP address of the remote client. 
@@ -167,7 +167,7 @@
 
 
 
-<h3><a name="reqhost" id="reqhost">require host</a></h3>
+<h3><a name="reqhost" id="reqhost">Require host</a></h3>
 
     <p>The <code>host</code> provider allows access to the server
     to be controlled based on the host name of the remote client. 
@@ -195,7 +195,7 @@
 
 
 
-<h3><a name="reqall" id="reqall">require all</a></h3>
+<h3><a name="reqall" id="reqall">Require all</a></h3>
 
     <p>The <code>all</code> provider mimics the functionality the
     was previously provided by the 'Allow from all' and 'Deny from all'
@@ -221,6 +221,6 @@
 <a href="../ja/mod/mod_authz_host.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_host.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.ko.euc-kr
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.ko.euc-kr?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.ko.euc-kr [euc-kr] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.html.ko.euc-kr [euc-kr] Mon Apr  7 09:28:58 2008
@@ -305,6 +305,6 @@
 <a href="../ja/mod/mod_authz_host.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_host.html" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">모듈</a> | <a href="../mod/directives.html">지시어들</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">용어</a> | <a href="../sitemap.html">사이트맵</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml Mon Apr  7 09:28:58 2008
@@ -57,7 +57,7 @@
 <seealso><directive module="mod_authz_core">Require</directive></seealso>
 <seealso><directive module="mod_authz_core">Reject</directive></seealso>
 
-<section id="requiredirectives"><title>The require Directives</title>
+<section id="requiredirectives"><title>The Require Directives</title>
 
     <p>Apache's <directive module="mod_authz_core">Require</directive> and 
     <directive module="mod_authz_core">Reject</directive> directives are 
@@ -73,7 +73,7 @@
     characteristics of the client request captured in environment
     variables.</p>
 
-<section id="reqenv"><title>require env</title>
+<section id="reqenv"><title>Require env</title>
 
     <p>The <code>env</code> provider allows access to the server
     to be controlled based on the existence of an <a
@@ -103,7 +103,7 @@
 
 </section>
 
-<section id="reqip"><title>require ip</title>
+<section id="reqip"><title>Require ip</title>
 
     <p>The <code>ip</code> provider allows access to the server
     to be controlled based on the IP address of the remote client. 
@@ -158,7 +158,7 @@
 
 </section>
 
-<section id="reqhost"><title>require host</title>
+<section id="reqhost"><title>Require host</title>
 
     <p>The <code>host</code> provider allows access to the server
     to be controlled based on the host name of the remote client. 
@@ -187,7 +187,7 @@
 
 </section>
 
-<section id="reqall"><title>require all</title>
+<section id="reqall"><title>Require all</title>
 
     <p>The <code>all</code> provider mimics the functionality the
     was previously provided by the 'Allow from all' and 'Deny from all'

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ja
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ja?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ja [iso-2022-jp] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ja [iso-2022-jp] Mon Apr  7 09:28:58 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="iso-2022-jp"?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 327999:420990 (outdated) -->
+<!-- English Revision: 327999:635799 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ko
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ko?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ko [euc-kr] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_host.xml.ko [euc-kr] Mon Apr  7 09:28:58 2008
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="EUC-KR" ?>
 <!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 151408:420990 (outdated) -->
+<!-- English Revision: 151408:635799 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html Mon Apr  7 09:28:58 2008
@@ -2,9 +2,9 @@
 Content-Language: en
 Content-type: text/html; charset=ISO-8859-1
 
-URI: mod_authz_owner.html.ja.euc-jp
+URI: mod_authz_owner.html.ja.utf8
 Content-Language: ja
-Content-type: text/html; charset=EUC-JP
+Content-type: text/html; charset=UTF-8
 
 URI: mod_authz_owner.html.ko.euc-kr
 Content-Language: ko

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.en
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.en?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.en (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.en Mon Apr  7 09:28:58 2008
@@ -142,6 +142,6 @@
 <a href="../ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_owner.html" hreflang="ko" rel="alternate" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.ko.euc-kr
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.ko.euc-kr?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.ko.euc-kr [euc-kr] (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_owner.html.ko.euc-kr [euc-kr] Mon Apr  7 09:28:58 2008
@@ -179,6 +179,6 @@
 <a href="../ja/mod/mod_authz_owner.html" hreflang="ja" rel="alternate" title="Japanese">&nbsp;ja&nbsp;</a> |
 <a href="../ko/mod/mod_authz_owner.html" title="Korean">&nbsp;ko&nbsp;</a></p>
 </div><div id="footer">
-<p class="apache">Copyright 2007 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
+<p class="apache">Copyright 2008 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
 <p class="menu"><a href="../mod/">모듈</a> | <a href="../mod/directives.html">지시어들</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">용어</a> | <a href="../sitemap.html">사이트맵</a></p></div>
 </body></html>

Modified: httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_user.html
URL: http://svn.apache.org/viewvc/httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_user.html?rev=645594&r1=645593&r2=645594&view=diff
==============================================================================
--- httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_user.html (original)
+++ httpd/sandbox/amsterdam/d/docs/manual/mod/mod_authz_user.html Mon Apr  7 09:28:58 2008
@@ -2,9 +2,9 @@
 Content-Language: en
 Content-type: text/html; charset=ISO-8859-1
 
-URI: mod_authz_user.html.ja.euc-jp
+URI: mod_authz_user.html.ja.utf8
 Content-Language: ja
-Content-type: text/html; charset=EUC-JP
+Content-type: text/html; charset=UTF-8
 
 URI: mod_authz_user.html.ko.euc-kr
 Content-Language: ko



Mime
View raw message