</div>
<div id="quickview"><h3 class="directives">Directives</h3>
<ul id="toc">
-<li><img alt="" src="../images/down.gif" /> <a href="#authldapallowdnauth">AuthLDAPAllowDNAuth</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapbinddn">AuthLDAPBindDN</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapbindpassword">AuthLDAPBindPassword</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapcharsetconfig">AuthLDAPCharsetConfig</a></li>
and won't be able to find the FrontPage-managed user file.</li>
</ul>
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPAllowDNAuth" id="AuthLDAPAllowDNAuth">AuthLDAPAllowDNAuth</a> <a name="authldapallowdnauth" id="authldapallowdnauth">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Allow the user to authenticate by passing a fully distinguished
-user name.</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPAllowDNAuth on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPAllowDNAuth off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
-</table>
- <p>If this directive is set to ON, users are allowed to pass a fully
- distinguished user name as the user ID. Regardless of this setting,
- Auth_LDAP will still allow a contextless login. This directive is
- turned off by default.</p>
-
- <div class="note"><h3>Note</h3>
- <p>If a full user DN is allowed for authentication and the value of
- <code class="directive"><a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></code>
- is set to OFF, the value of the REMOTE_USER environment variable
- will contain the actual user name value passed in the request. If
- this directive is set to ON, the REMOTE_USER environment variable
- will always be set to the user DN retrieved from the LDAP directory.
- If a contextless user ID is required in all cases instead of a
- full DN, it is possible to retrieve the desired attribute value
- from the user object by specifying an attribute list in the
- <code class="directive"><a href="#authldapurl">AuthLDAPUrl</a></code> directive.</p>
- </div>
-
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPBindDN" id="AuthLDAPBindDN">AuthLDAPBindDN</a> <a name="authldapbinddn" id="authldapbinddn">Directive</a></h2>
the username that was passed by the client. It is turned off by
default.</p>
-<h3>See also</h3>
-<ul>
-<li><code class="directive"><a href="#authldapallowdnauth">AuthLDAPAllowDNAuth</a></code></li>
-</ul>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2>
<dt>attribute</dt>
- <dd>The attribute to search for as well as additional attribute
- values to extract from the authenticated user object.
+ <dd>The attribute to search for.
Although RFC 2255 allows a comma-separated list of
attributes, only the first attribute will be used, no
- matter how many are provided. The values of all other listed
- attributes will be extracted from the user object and assigned
- to environment variables (AUTHENTICATE_<Attribute>=value).
- If no attributes are provided, the default is to use <code>uid</code>.
- It's a good idea to choose an attribute that will be unique across
- all entries in the subtree you will be searching.</dd>
+ matter how many are provided. If no attributes are
+ provided, the default is to use <code>uid</code>. It's a good
+ idea to choose an attribute that will be unique across all
+ entries in the subtree you will be using.</dd>
<dt>scope</dt>
</Proxy>
</code></p></div>
- <p>New in Apache 2.1, is the ability to set the various connection
- parameters to a backend server. The connection parameters are in
- the form <code>key=value</code>.
- </p>
- <table>
- <tr><th>Parameter</th>
- <th>Default</th>
- <th>Description</th></tr>
- <tr><td>min</td>
- <td>0</td>
- <td>Minumum number of connections that will always
- be open to the backend server.</td></tr>
- <tr><td>max</td>
- <td>1...n</td>
- <td>Hard Maximum number of connections that will be
- allowed to the backend server. The default for a Hard Maximum
- for the number of connections is the number of threads per process in the
- active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM
- it is controlled by the <code class="directive">ThreadsPerChild</code>.
- Apache will never create more than the Hard Maximum connections
- to the backend server.</td></tr>
- <tr><td>smax</td>
- <td>max</td>
- <td>Upto the Soft Maximum
- number of connections will be created on demand. Any connections above
- <code>smax</code> are subject to a time to live or <code>ttl</code>.
- </td></tr>
- <tr><td>ttl</td>
- <td>-</td>
- <td>Time To Live for the inactive connections above the
- <code>smax</code> connections in seconds. Apache will close all
- connections that has not been used inside that time period.
- </td></tr>
- <tr><td>timeout</td>
- <td><code class="directive">Timeout</code></td>
- <td>Connection timeout in seconds.
- If not set the Apache will wait until the free connection
- is available. This directive is used for limiting the number
- of connections to the backend server together with <code>max</code>
- parameter.
- </td></tr>
- <tr><td>acquire</td>
- <td>-</td>
- <td>If set this will be the maximum time to wait for a free
- connection in the connection pool. If there are no free connections
- in the pool the Apache will return <code>SERVER_BUSY</code> status to
- the client.
- </td></tr>
- <tr><td>keepalive</td>
- <td>Off</td>
- <td>This parameter should be used when you have a firewall between your
- Apache and the backend server, who tend to drop inactive connections.
- This flag will tell the Operating System to send <code>KEEP_ALIVE</code>
- messages on inactive connections (interval depends on global OS settings,
- generally 120ms), and thus prevent the firewall to drop the connection.
- To enable keepalive set this property value to <code>On</code>.
- </td></tr>
- <tr><td>retry</td>
- <td>60</td>
- <td>Connection pool worker retry timeout in seconds.
- If the connection pool worker to the backend server is in the error state,
- Apache will not forward any requests to that server until the timeout
- expires. This enables to shut down the backend server for maintenance,
- and bring it back online later.
- </td></tr>
- <tr><td>loadfactor</td>
- <td>1</td>
- <td>Worker load factor. Used with BalancerMember.
- It is a number between 1 and 100 and defines the normalized weighted
- load applied to the worker.
- </td></tr>
- <tr><td>route</td>
- <td>-</td>
- <td>Route of the worker when used inside load balancer.
- The route is a value appended to seesion id.
- </td></tr>
- <tr><td>redirect</td>
- <td>-</td>
- <td>Redirection Route of the worker. This value is usually
- set dynamically to enable safe removal of the node from
- the cluster. If set all requests without session id will be
- redirected to the BalancerMember that has route parametar
- equal as this value.
- </td></tr>
-
- </table>
-
- <p>If the Proxy directive scheme starts with the
- <code>balancer://</code> then a virtual worker that does not really
- communicate with the backend server will be created. Instead it is responsible
- for the management of several "real" workers. In that case the special set of
- parameters can be add to this virtual worker.
- </p>
- <table>
- <tr><th>Parameter</th>
- <th>Default</th>
- <th>Description</th></tr>
- <tr><td>lbmethod</td>
- <td>-</td>
- <td>Balancer load-balance method. Select the load-balancing scheduler
- method to use. Either <code>requests</code>, to perform weighted
- request counting or <code>traffic</code>, to perform weighted
- traffic byte count balancing. Default is <code>requests</code>.
- </td></tr>
- <tr><td>stickysession</td>
- <td>-</td>
- <td>Balancer sticky session name. The value is usually set to something
- like <code>JSESSIONID</code> or <code>PHPSESSIONID</code>,
- and it depends on the backend application server that support sessions.
- </td></tr>
- <tr><td>nofailover</td>
- <td>Off</td>
- <td>If set to <code>On</code> the session will break if the worker is in
- error state or disabled. Set this value to On if backend servers do not
- support session replication.
- </td></tr>
- <tr><td>timeout</td>
- <td>0</td>
- <td>Balancer timeout in seconds. If set this will be the maximum time
- to wait for a free worker. Default is not to wait.
- </td></tr>
- <tr><td>maxattempts</td>
- <td>1</td>
- <td>Maximum number of failover attempts before giving up.
- </td></tr>
-
- </table>
- <div class="example"><p><code>
- <Proxy balancer://mycluster stickysession=jsessionid nofailover=On><br />
- <span class="indent">
- BalancerMember http://1.2.3.4:8009<br />
- BalancerMember http://1.2.3.5:8009<br />
- BalancerMember http://1.2.3.6:8009<br />
- </span>
- </Proxy>
- </code></p></div>
-
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
is a partial URL for the remote server and cannot include a query
string.</p>
+ <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
+ usually be set <strong>off</strong> when using
+ <code class="directive">ProxyPass</code>.</div>
+
<p>Suppose the local server has address <code>http://example.com/</code>;
then</p>
ProxyPass /example http://backend.example.com smax=5 max=20 ttl=120 retry=300
</code></p></div>
+ <table>
+ <tr><th>Parameter</th>
+ <th>Default</th>
+ <th>Description</th></tr>
+ <tr><td>min</td>
+ <td>0</td>
+ <td>Minumum number of connections that will always
+ be open to the backend server.</td></tr>
+ <tr><td>max</td>
+ <td>1...n</td>
+ <td>Hard Maximum number of connections that will be
+ allowed to the backend server. The default for a Hard Maximum
+ for the number of connections is the number of threads per process in the
+ active MPM. In the Prefork MPM, this is always 1, while with the Worker MPM
+ it is controlled by the <code class="directive">ThreadsPerChild</code>.
+ Apache will never create more than the Hard Maximum connections
+ to the backend server.</td></tr>
+ <tr><td>smax</td>
+ <td>max</td>
+ <td>Upto the Soft Maximum
+ number of connections will be created on demand. Any connections above
+ <code>smax</code> are subject to a time to live or <code>ttl</code>.
+ </td></tr>
+ <tr><td>ttl</td>
+ <td>-</td>
+ <td>Time To Live for the inactive connections above the
+ <code>smax</code> connections in seconds. Apache will close all
+ connections that has not been used inside that time period.
+ </td></tr>
+ <tr><td>timeout</td>
+ <td><code class="directive">Timeout</code></td>
+ <td>Connection timeout in seconds.
+ If not set the Apache will wait until the free connection
+ is available. This directive is used for limiting the number
+ of connections to the backend server together with <code>max</code>
+ parameter.
+ </td></tr>
+ <tr><td>acquire</td>
+ <td>-</td>
+ <td>If set this will be the maximum time to wait for a free
+ connection in the connection pool. If there are no free connections
+ in the pool the Apache will return <code>SERVER_BUSY</code> status to
+ the client.
+ </td></tr>
+ <tr><td>keepalive</td>
+ <td>Off</td>
+ <td>This parameter should be used when you have a firewall between your
+ Apache and the backend server, who tend to drop inactive connections.
+ This flag will tell the Operating System to send <code>KEEP_ALIVE</code>
+ messages on inactive connections (interval depends on global OS settings,
+ generally 120ms), and thus prevent the firewall to drop the connection.
+ To enable keepalive set this property value to <code>On</code>.
+ </td></tr>
+ <tr><td>retry</td>
+ <td>60</td>
+ <td>Connection pool worker retry timeout in seconds.
+ If the connection pool worker to the backend server is in the error state,
+ Apache will not forward any requests to that server until the timeout
+ expires. This enables to shut down the backend server for maintenance,
+ and bring it back online later.
+ </td></tr>
+ <tr><td>loadfactor</td>
+ <td>1</td>
+ <td>Worker load factor. Used with BalancerMember.
+ It is a number between 1 and 100 and defines the normalized weighted
+ load applied to the worker.
+ </td></tr>
+ <tr><td>route</td>
+ <td>-</td>
+ <td>Route of the worker when used inside load balancer.
+ The route is a value appended to seesion id.
+ </td></tr>
+ <tr><td>redirect</td>
+ <td>-</td>
+ <td>Redirection Route of the worker. This value is usually
+ set dynamically to enable safe removal of the node from
+ the cluster. If set all requests without session id will be
+ redirected to the BalancerMember that has route parametar
+ equal as this value.
+ </td></tr>
+
+ </table>
+
+ <p>If the Proxy directive scheme starts with the
+ <code>balancer://</code> then a virtual worker that does not really
+ communicate with the backend server will be created. Instead it is responsible
+ for the management of several "real" workers. In that case the special set of
+ parameters can be add to this virtual worker.
+ </p>
+ <table>
+ <tr><th>Parameter</th>
+ <th>Default</th>
+ <th>Description</th></tr>
+ <tr><td>lbmethod</td>
+ <td>-</td>
+ <td>Balancer load-balance method. Select the load-balancing scheduler
+ method to use. Either <code>requests</code>, to perform weighted
+ request counting or <code>traffic</code>, to perform weighted
+ traffic byte count balancing. Default is <code>requests</code>.
+ </td></tr>
+ <tr><td>stickysession</td>
+ <td>-</td>
+ <td>Balancer sticky session name. The value is usually set to something
+ like <code>JSESSIONID</code> or <code>PHPSESSIONID</code>,
+ and it depends on the backend application server that support sessions.
+ </td></tr>
+ <tr><td>nofailover</td>
+ <td>Off</td>
+ <td>If set to <code>On</code> the session will break if the worker is in
+ error state or disabled. Set this value to On if backend servers do not
+ support session replication.
+ </td></tr>
+ <tr><td>timeout</td>
+ <td>0</td>
+ <td>Balancer timeout in seconds. If set this will be the maximum time
+ to wait for a free worker. Default is not to wait.
+ </td></tr>
+ <tr><td>maxattempts</td>
+ <td>1</td>
+ <td>Maximum number of failover attempts before giving up.
+ </td></tr>
+
+ </table>
+ <div class="example"><p><code>
+ ProxyPass /special-area http://special.example.com/ smax=5 max=10<br />
+ ProxyPass / balancer://mycluster stickysession=jsessionid nofailover=On<br />
+ <Proxy balancer://mycluster><br />
+ <span class="indent">
+ BalancerMember http://1.2.3.4:8009<br />
+ BalancerMember http://1.2.3.5:8009 smax=10<br />
+ # Less powerful server, don't send as many requests there<br />
+ BalancerMember http://1.2.3.6:8009 smax=1 loadfactor=20<br />
+ </span>
+ </Proxy>
+ </code></p></div>
+
<p>When used inside a <code class="directive"><a href="../mod/core.html#location"><Location></a></code> section, the first argument is omitted and the local
directory is obtained from the <code class="directive"><a href="../mod/core.html#location"><Location></a></code>.</p>
- <div class="warning">The <code class="directive"><a href="#proxyrequests">ProxyRequests</a></code> directive should
- usually be set <strong>off</strong> when using
- <code class="directive">ProxyPass</code>.</div>
-
<p>If you require a more flexible reverse-proxy configuration, see the
<code class="directive"><a href="../mod/mod_rewrite.html#rewriterule">RewriteRule</a></code> directive with the
<code>[P]</code> flag.</p>
projects / apache / commitdiff