Add doc for the new mod_ldap referral directives.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@615097 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index 97c53d645a2e69c1a320aeca049f8c823b6f00f5..50a68dc0ad5d42f43a6ce5a806cbb1dca7c7407c 100644 (file)
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -104,6 +104,15 @@ by other LDAP modules</description>
     <p>There is no need to manually enable connection pooling in
     the Apache configuration. Any module using this module for
     access to LDAP services will share the connection pool.</p>
+
+    <p>LDAP connections can keep track of the ldap client
+    credentials used when binding to an LDAP server. These
+    credentials can be provided to LDAP servers that do not
+    allow anonymous binds during referral chasing. To control
+    this feature, see the <directive module="mod_ldap">
+    LDAPReferrals</directive> and <directive module="mod_ldap">
+    LDAPReferralHopLimit</directive> directives. By default,
+    this feature is enabled.</p>
 </section>
 
 <section id="cache"><title>LDAP Cache</title>
@@ -469,6 +478,40 @@ valid</description>
 </usage>
 </directivesynopsis>
 
+<directivesynopsis>
+<name>LDAPReferralHopLimit</name>
+<description>The maximum number of referral hops to chase before terminating an LDAP query.</description>
+<syntax>LDAPReferralHopLimit <var>number</var></syntax>
+<default>LDAPReferralHopLimit 5</default>
+<contextlist><context>directory</context><context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+    <p>This directive, if enabled by the <code>LDAPReferrals</code> directive,
+    limits the number of referral hops that are followed before terminating an
+    LDAP query.</p>
+</usage>
+</directivesynopsis>
+
+<directivesynopsis>
+<name>LDAPReferrals</name>
+<description>Enable referral chasing during queries to the LDAP server.</description>
+<syntax>LDAPReferrals <var>On|Off</var></syntax>
+<default>LDAPReferrals On</default>
+<contextlist><context>directory</context><context>.htaccess</context></contextlist>
+<override>AuthConfig</override>
+
+<usage>
+    <p>Some LDAP servers divide their directory among multiple domains and use referrals
+    to direct a client when a domain boundary is crossed. By setting <code>LDAPReferrals On</code>
+    referrals will be chased (setting it to off causes referrals to be ignored). The directive
+    <code>LDAPReferralHopLimit</code> works in conjunction with this directive to limit the
+    number of referral hops to follow before terminating the LDAP query. When referral processing
+    is enabled client credentials will be provided, via a rebind callback, for any LDAP server
+    requiring them. </p> 
+</usage>
+</directivesynopsis>
+
 <directivesynopsis>
 <name>LDAPTrustedGlobalCert</name>
 <description>Sets the file or database containing global trusted