httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cove...@apache.org
Subject svn commit: r701645 - in /httpd/httpd/branches/2.2.x/docs/manual/mod: mod_authnz_ldap.html.en mod_authnz_ldap.xml
Date Sat, 04 Oct 2008 14:45:49 GMT
Author: covener
Date: Sat Oct  4 07:45:49 2008
New Revision: 701645

URL: http://svn.apache.org/viewvc?rev=701645&view=rev
Log:
shore up AuthzLDAPAuthoritative

Modified:
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.html.en
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.html.en
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.html.en?rev=701645&r1=701644&r2=701645&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.html.en (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.html.en Sat Oct  4 07:45:49
2008
@@ -254,7 +254,11 @@
     <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
     is set to <code>off</code> to allow the authorization phase to fall
     back to the module providing the alternate
-    <code class="directive"><a href="../mod/core.html#require">Require</a></code>
value.</p>
+    <code class="directive"><a href="../mod/core.html#require">Require</a></code>
value. When no 
+    LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code>
 directives
+    are used, authorization is allowed to fall back to other modules
+    as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
+    was set to <code>off</code>. </p>
 
     <ul>
         <li>Grant access if there is a <a href="#requser"><code>Require
@@ -324,9 +328,7 @@
     <p>If this directive exists, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
grants
     access to any user that has successfully authenticated during the
     search/bind phase.  Requires that <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code>
be 
-    loaded and that the 
-    <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
-    directive be set to off.</p>
+    loaded.</p>
 
 
 <h3><a name="requser" id="requser">Require ldap-user</a></h3>
@@ -602,17 +604,10 @@
     that gets created in the web</p>
 <div class="example"><pre>
 AuthLDAPURL            "the url"
-AuthzLDAPAuthoritative off
 AuthGroupFile <em>mygroupfile</em>
 Require group <em>mygroupfile</em>
 </pre></div>
 
-    <p><code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>

-    must be off to allow <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code>
to decline group
-    authentication so that Apache will fall back to file
-    authentication for checking group membership. This allows the
-    FrontPage-managed group file to be used.</p>
-
 <h3><a name="howitworks" id="howitworks">How It Works</a></h3>
 
     <p>FrontPage restricts access to a web by adding the <code>Require
@@ -972,10 +967,14 @@
 <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
 </table>
     <p>Set to <code>off</code> if this module should let other
-    authentication modules attempt to authenticate the user, should
-    authentication with this module fail. Control is only passed on
+    authorization modules attempt to authorize the user, should
+    authorization with this module fail. Control is only passed on
     to lower modules if there is no DN or rule that matches the
     supplied user name (as passed by the client).</p>
+    <p> When no LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code>
 directives
+    are used, authorization is allowed to fall back to other modules
+    as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
+    was set to <code>off</code>. </p>
 
 </div>
 </div>

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml?rev=701645&r1=701644&r2=701645&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_authnz_ldap.xml Sat Oct  4 07:45:49 2008
@@ -233,7 +233,11 @@
     <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
     is set to <code>off</code> to allow the authorization phase to fall
     back to the module providing the alternate
-    <directive module="core">Require</directive> value.</p>
+    <directive module="core">Require</directive> value. When no 
+    LDAP-specific <directive module="core">Require</directive>  directives
+    are used, authorization is allowed to fall back to other modules
+    as if <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
+    was set to <code>off</code>. </p>
 
     <ul>
         <li>Grant access if there is a <a href="#requser"><code>Require
@@ -307,9 +311,7 @@
     <p>If this directive exists, <module>mod_authnz_ldap</module> grants
     access to any user that has successfully authenticated during the
     search/bind phase.  Requires that <module>mod_authz_user</module> be 
-    loaded and that the 
-    <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
-    directive be set to off.</p>
+    loaded.</p>
 </section>
 
 <section id="requser"><title>Require ldap-user</title>
@@ -595,17 +597,10 @@
     that gets created in the web</p>
 <example><pre>
 AuthLDAPURL            "the url"
-AuthzLDAPAuthoritative off
 AuthGroupFile <em>mygroupfile</em>
 Require group <em>mygroupfile</em>
 </pre></example>
 
-    <p><directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>

-    must be off to allow <module>mod_authnz_ldap</module> to decline group
-    authentication so that Apache will fall back to file
-    authentication for checking group membership. This allows the
-    FrontPage-managed group file to be used.</p>
-
 <section id="howitworks"><title>How It Works</title>
 
     <p>FrontPage restricts access to a web by adding the <code>Require
@@ -677,10 +672,14 @@
 
 <usage>
     <p>Set to <code>off</code> if this module should let other
-    authentication modules attempt to authenticate the user, should
-    authentication with this module fail. Control is only passed on
+    authorization modules attempt to authorize the user, should
+    authorization with this module fail. Control is only passed on
     to lower modules if there is no DN or rule that matches the
     supplied user name (as passed by the client).</p>
+    <p> When no LDAP-specific <directive module="core">Require</directive>
 directives
+    are used, authorization is allowed to fall back to other modules
+    as if <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
+    was set to <code>off</code>. </p>
 </usage>
 </directivesynopsis>
 



Mime
View raw message