httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brad Nicholes" <BNICHO...@novell.com>
Subject Re: cvs commit: httpd-2.0/docs/manual/mod mod_ldap.xml mod_auth_ldap.xml
Date Tue, 18 Feb 2003 22:24:13 GMT
Could one of the doc gurus please review the changes to the XML in the
LDAP pages to make sure that it is correct.  Also regenerate the HTML
pages.

Brad

Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

>>> bnicholes@apache.org Tuesday, February 18, 2003 3:21:24 PM >>>
bnicholes    2003/02/18 14:21:24

  Modified:    docs/manual/mod mod_ldap.xml mod_auth_ldap.xml
  Log:
  Update the mod_auth_ldap and mod_ldap documentation to show the new
  directives for establishing an SSL connection and the addition of the
Novell
  LDAP SDK.
  
  Revision  Changes    Path
  1.4       +72 -9     httpd-2.0/docs/manual/mod/mod_ldap.xml
  
  Index: mod_ldap.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_ldap.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- mod_ldap.xml	16 Nov 2002 20:21:38 -0000	1.3
  +++ mod_ldap.xml	18 Feb 2003 22:21:24 -0000	1.4
  @@ -22,6 +22,13 @@
       apr-util. This is achieved by adding the
<code>--with-ldap</code>
       flag to the <code>./configure</code> script when building
       Apache.</p>
  +
  +    <p>SSL support requires that <module>mod_ldap</module> be
linked
  +    with one of the following LDAP SDKs: <a
href="http://www.openldap.org/">
  +    OpenLDAP SDK</a> (both 1.x and 2.x), <a
href="http://developer.novell.com/ndk/cldap.htm">
  +    Novell LDAP SDK</a> or the <a
href="http://www.iplanet.com/downloads/developer/">
  +    iPlanet(Netscape)</a> SDK.</p>
  +
   </summary>
   
   <section id="exampleconfig"><title>Example Configuration</title>
  @@ -156,6 +163,51 @@
       </section>
   </section>
   
  +<section id="usingssltls"><title>Using SSL</title>
  +
  +    <p>The ability to create an SSL connections to an LDAP server 
  +    is defined by the directives <directive module="mod_ldap">
  +    LDAPTrustedCA</directive> and <directive module="mod_ldap">
  +    LDAPTrustedCAType</directive>. These directives specify the
certificate
  +    file or database and the certificate type. Whenever the LDAP
url
  +    includes <em>ldaps://</em>, <module>mod_ldap</module> will
establish
  +    a secure connection to the LDAP server.
  +
  +    <example>
  +      # Establish an SSL LDAP connection. Requires that <br />
  +      # mod_ldap and mod_auth_ldap be loaded. Change the <br />
  +      # "yourdomain.example.com" to match your domain.<br />
  +      <br />
  +      LDAPTrustedCA /certs/certfile.der<br />
  +      LDAPTrustedCAType DER_FILE<br />
  +      <br />
  +      &lt;Location /ldap-status&gt;<br />
  +      <indent>
  +        SetHandler ldap-status<br />
  +        Order deny,allow<br />
  +        Deny from all<br />
  +        Allow from yourdomain.example.com<br />
  +        AuthLDAPEnabled on<br />
  +        AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br
/>
  +        AuthLDAPAuthoritative on<br />
  +        require valid-user<br />
  +      </indent>
  +      &lt;/Location&gt;
  +    </example>
  +
  +    <p>If <module>mod_ldap</module> is linked against the
  +    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
  +    unless that server has a certificate signed by a known
Certificate
  +    Authority. As part of the configuration
  +    <module>mod_ldap</module> needs to be told where it can find
  +    a database containing the known CAs. This database is in the
same
  +    format as Netscape Communicator's <code>cert7.db</code>
  +    database. The easiest way to get this file is to start up a
fresh
  +    copy of Netscape, and grab the resulting
  +    <code>$HOME/.netscape/cert7.db</code> file.</p>
  +
  +</section>
  +
   <directivesynopsis>
   <name>LDAPSharedCacheSize</name>
   <description>Size in bytes of the shared-memory cache</description>
  @@ -228,19 +280,30 @@
   </directivesynopsis>
   
   <directivesynopsis>
  -<name>LDAPCertDBPath</name>
  -<description>Directory containing certificates for SSL
support</description>
  -<syntax>LDAPCertDBPath <var>directory-path</var></syntax>
  +<name>LDAPTrustedCA</name>
  +<description>Sets the file containing the trusted Certificate
Authority certificate or database</description>
  +<syntax>LDAPTrustedCA <var>directory-path/filename</var></syntax>
   <contextlist><context>server config</context></contextlist>
   
   <usage>
  -    <p>This directive is only valid if Apache has been linked
  -    against the Netscape/iPlanet Directory SDK.</p>
  +    <p>It specifies the directory path and file name of the trusted
CA
  +    <module>mod_ldap</module> should use when establishing an SSL
  +    connection to an LDAP server. If using the Netscape/iPlanet
Directory
  +    SDK, the file name should be <code>cert7.db</code>.</p>
  +</usage>
  +</directivesynopsis>
   
  -    <p>It specifies in which directory <module>mod_ldap</module>
  -    should look for the certificate authorities database for SSL
  -    support. There should be a file named <code>cert7.db</code> in
that
  -    directory.</p>
  +<directivesynopsis>
  +<name>LDAPTrustedCAType</name>
  +<description>Specifies the type of the Certificate Authority
file</description>
  +<syntax>LDAPTrustedCAType <var>type</var></syntax>
  +<contextlist><context>server config</context></contextlist>
  +
  +<usage>
  +    <p>The following types are supported:<br />
  +          DER_FILE      - file in binary DER format<br />
  +          BASE64_FILE   - file in Base64 format<br />
  +          CERT7_DB_PATH - Netscape certificate database file ")</p>
   </usage>
   </directivesynopsis>
   
  
  
  
  1.12      +9 -33     httpd-2.0/docs/manual/mod/mod_auth_ldap.xml
  
  Index: mod_auth_ldap.xml
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/docs/manual/mod/mod_auth_ldap.xml,v
  retrieving revision 1.11
  retrieving revision 1.12
  diff -u -r1.11 -r1.12
  --- mod_auth_ldap.xml	22 Jan 2003 07:09:12 -0000	1.11
  +++ mod_auth_ldap.xml	18 Feb 2003 22:21:24 -0000	1.12
  @@ -17,7 +17,8 @@
       <ul>
         <li>Known to support the <a
         href="http://www.openldap.org/">OpenLDAP SDK</a> (both 1.x
  -      and 2.x), and the <a
  +      and 2.x), <a
href="http://developer.novell.com/ndk/cldap.htm">
  +      Novell LDAP SDK</a> and the <a
         href="http://www.iplanet.com/downloads/developer/">iPlanet
         (Netscape)</a> SDK.</li>
   
  @@ -32,7 +33,7 @@
         href="mod_ldap.html">mod_ldap</a>.</li>
   
         <li>Support for LDAP over SSL (requires the Netscape SDK) or
  -      TLS (requires the OpenLDAP 2.x SDK).</li>
  +      TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).</li>
       </ul>
   </summary>
   
  @@ -413,24 +414,16 @@
   
   <section id="usingtls"><title>Using TLS</title>
   
  -    <p>To use TLS, simply set the <directive
  -    module="mod_auth_ldap">AuthLDAPStartTLS</directive> to on.
  -    Nothing else needs to be done (other than ensure that your LDAP
  -    server is configured for TLS).</p>
  +    <p>To use TLS, see the <module>mod_ldap</module> directives
<directive
  +    module="mod_ldap">LDAPTrustedCA</directive> and <directive
  +    module="mod_ldap">LDAPTrustedCAType</directive>.</p>
   </section>
   
   <section id="usingssl"><title>Using SSL</title>
   
  -    <p>If <module>mod_auth_ldap</module> is linked against the
  -    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
  -    unless that server has a certificate signed by a known
Certificate
  -    Authority. As part of the configuration
  -    <module>mod_auth_ldap</module> needs to be told where it can
find
  -    a database containing the known CAs. This database is in the
same
  -    format as Netscape Communicator's <code>cert7.db</code>
  -    database. The easiest way to get this file is to start up a
fresh
  -    copy of Netscape, and grab the resulting
  -    <code>$HOME/.netscape/cert7.db</code> file.</p>
  +    <p>To use SSL, see the <module>mod_ldap</module> directives
<directive
  +    module="mod_ldap">LDAPTrustedCA</directive> and <directive
  +    module="mod_ldap">LDAPTrustedCAType</directive>.</p>
   
       <p>To specify a secure LDAP server, use <em>ldaps://</em> in
the
       <directive module="mod_auth_ldap">AuthLDAPURL</directive>
  @@ -735,23 +728,6 @@
       distinguished name of the authenticated user, rather than just
       the username that was passed by the client. It is turned off by
       default.</p>
  -</usage>
  -</directivesynopsis>
  -
  -<directivesynopsis>
  -<name>AuthLDAPStartTLS</name>
  -<description>Use a secure TLS connection to the LDAP
server</description>
  -<syntax>AuthLDAPStartTLS on|off</syntax>
  -<default>AuthLDAPStartTLS off</default>
 
-<contextlist><context>directory</context><context>.htaccess</context>
  -</contextlist>
  -<override>AuthConfig</override>
  -
  -<usage>
  -    <p>If this directive is set to <code>on</code>,
  -    <module>mod_auth_ldap</module> will start a secure TLS session
  -    after connecting to the LDAP server. This requires your LDAP
  -    server to support TLS.</p>
   </usage>
   </directivesynopsis>
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message