add a prominent caveat about the effect of caching.

author Eric Covener <covener@apache.org>

Wed, 22 Apr 2015 17:44:00 +0000 (17:44 +0000)

committer Eric Covener <covener@apache.org>

Wed, 22 Apr 2015 17:44:00 +0000 (17:44 +0000)
author Eric Covener <covener@apache.org>
Wed, 22 Apr 2015 17:44:00 +0000 (17:44 +0000)
committer Eric Covener <covener@apache.org>
Wed, 22 Apr 2015 17:44:00 +0000 (17:44 +0000)
diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml

index 37a3e131c66ba312b00052d65a5950e3c5decc93..80e993833052a3e6803aba688b28d09d1653bbe4 100644 (file)
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -67,8 +67,8 @@ for HTTP Basic authentication.</description>
  <section id="contents"><title>Contents</title>
  
      <ul>
-      <li>
-        <a href="#operation">Operation</a>
+      <li> <a href="#gcaveats">General caveats</a> </li>
+      <li> <a href="#operation">Operation</a>
  
          <ul>
            <li><a href="#authenphase">The Authentication
@@ -109,6 +109,16 @@ for HTTP Basic authentication.</description>
      </ul>
  </section>
  
+<section id="gcaveats"><title>General caveats</title>
+<p> This module caches authentication and authorization results based
+on the configuration of <module name="mod_ldap">mod_ldap</module>. Changes
+made to the backing LDAP server will not be immediately reflected on the
+HTTP Server, including but not limited to user lockouts/revocations, 
+password changes, or changes to group memberships.  Consult the directives 
+in <module name="mod_ldap">mod_ldap</module> for details of the cache tunables.
+</p>
+</section>
+
  <section id="operation"><title>Operation</title>
  
      <p>There are two phases in granting access to a user. The first
author	Eric Covener <covener@apache.org>
	Wed, 22 Apr 2015 17:44:00 +0000 (17:44 +0000)
committer	Eric Covener <covener@apache.org>
	Wed, 22 Apr 2015 17:44:00 +0000 (17:44 +0000)