Document the new optional parameter for AuthLDAPUrl

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151743 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 8224f78692d58cbf26c072c7afd904898d017c0c..b19d2a46385d6cd3010560b3a601e569e90b697c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,11 @@ Changes with Apache 2.1.3
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_authnz_ldap: Added an optional second parameter to AuthLDAPURL
+     to allow it to override the connection type set in mod_ldap. This
+     parameter can be set to NONE, SSL or TLS | STARTTLS.
+     [Brad Nicholes]
+
   *) Fix --with-apr=/usr and/or --with-apr-util=/usr.  PR 29740.
      [Max Bowsher <maxb ukf.net>]
 

diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml
index c25f273f32990ee993eb696ddb186338d4c8b5e6..526de29f98c5356b74ca17bb8fb0c79c9c904a71 100644 (file)
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -532,15 +532,23 @@ require valid-user
 <section id="usingtls"><title>Using TLS</title>
 
     <p>To use TLS, see the <module>mod_ldap</module> directives <directive
-    module="mod_ldap">LDAPTrustedCA</directive> and <directive
-    module="mod_ldap">LDAPTrustedCAType</directive>.</p>
+    module="mod_ldap">LDAPTrustedClientCert</directive>, <directive
+    module="mod_ldap">LDAPTrustedGlobalCert</directive> and <directive
+    module="mod_ldap">LDAPTrustedMode</directive>.</p>
+
+    <p>An optional second parameter can be added to the 
+    <directive module="mod_authnz_ldap">AuthLDAPURL</directive> to override
+    the default connection type set by <directive module="mod_ldap">LDAPTrustedMode</directive>.
+    This will allow the connection established by an <em>ldap://</em> Url 
+    to be upgraded to a secure connection on the same port.</p>
 </section>
 
 <section id="usingssl"><title>Using SSL</title>
 
     <p>To use SSL, see the <module>mod_ldap</module> directives <directive
-    module="mod_ldap">LDAPTrustedCA</directive> and <directive
-    module="mod_ldap">LDAPTrustedCAType</directive>.</p>
+    module="mod_ldap">LDAPTrustedClientCert</directive>, <directive
+    module="mod_ldap">LDAPTrustedGlobalCert</directive> and <directive
+    module="mod_ldap">LDAPTrustedMode</directive>.</p>
 
     <p>To specify a secure LDAP server, use <em>ldaps://</em> in the
     <directive module="mod_authnz_ldap">AuthLDAPURL</directive>
@@ -816,7 +824,7 @@ environment variable</description>
 <directivesynopsis>
 <name>AuthLDAPUrl</name>
 <description>URL specifying the LDAP search parameters</description>
-<syntax>AuthLDAPUrl <em>url</em></syntax>
+<syntax>AuthLDAPUrl <em>url [NONE|SSL|TLS|STARTTLS]</em></syntax>
 <contextlist><context>directory</context><context>.htaccess</context>
 </contextlist>
 <override>AuthConfig</override>
@@ -904,6 +912,22 @@ environment variable</description>
     Jenson</code>, the resulting search filter will be
     <code>(&amp;(posixid=*)(cn=Babs Jenson))</code>.</p>
 
+    <p>An optional parameter can be added to allow the LDAP Url to override 
+    the connection type.  This parameter can be one of the following:</p>
+
+<dl>
+    <dt>NONE</dt>
+        <dd>Establish an unsecure connection on the default LDAP port. This
+        is the same as <code>ldap://</code> on port 389.</dd>
+    <dt>SSL</dt>
+        <dd>Establish a secure connection on the default secure LDAP port.
+        This is the same as <code>ldaps://</code></dd>
+    <dt>TLS | STARTTLS</dt>
+        <dd>Establish an upgraded secure connection on the default LDAP port.
+        This connection will be initiated on port 389 by default and then 
+        upgraded to a secure connection on the same port.</dd>
+</dl>
+
     <p>See above for examples of <directive
     module="mod_authnz_ldap">AuthLDAPURL</directive> URLs.</p>
 </usage>