From: Erik Abele Date: Tue, 18 Feb 2003 22:56:35 +0000 (+0000) Subject: Fixed missing

+ transformation. X-Git-Tag: pre_ajp_proxy~2111 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0f1460ba6a4360e14b09276b20f8f9ef81190bd2;p=apache Fixed missing

+ transformation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98715 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_auth_ldap.html.en b/docs/manual/mod/mod_auth_ldap.html.en index 35ebe21c43..0ceb7ca057 100644 --- a/docs/manual/mod/mod_auth_ldap.html.en +++ b/docs/manual/mod/mod_auth_ldap.html.en @@ -32,7 +32,8 @@ for HTTP Basic authentication.

Directives

@@ -61,7 +62,6 @@ for HTTP Basic authentication.
  • AuthLDAPGroupAttribute
  • AuthLDAPGroupAttributeIsDN
  • AuthLDAPRemoteUserIsDN
  • -
  • AuthLDAPStartTLS
  • AuthLDAPUrl
  • Topics

    @@ -444,23 +444,12 @@ require valid-user

    Using TLS

    -

    To use TLS, simply set the AuthLDAPStartTLS to on. - Nothing else needs to be done (other than ensure that your LDAP - server is configured for TLS).

    +

    To use TLS, see the mod_ldap directives LDAPTrustedCA and LDAPTrustedCAType.

    top

    Using SSL

    -

    If mod_auth_ldap is linked against the - Netscape/iPlanet LDAP SDK, it will not talk to any SSL server - unless that server has a certificate signed by a known Certificate - Authority. As part of the configuration - mod_auth_ldap needs to be told where it can find - a database containing the known CAs. This database is in the same - format as Netscape Communicator's cert7.db - database. The easiest way to get this file is to start up a fresh - copy of Netscape, and grab the resulting - $HOME/.netscape/cert7.db file.

    +

    To use SSL, see the mod_ldap directives LDAPTrustedCA and LDAPTrustedCAType.

    To specify a secure LDAP server, use ldaps:// in the AuthLDAPURL @@ -759,23 +748,6 @@ environment variable the username that was passed by the client. It is turned off by default.

    -
    -
    top
    -

    AuthLDAPStartTLS Directive

    - - - - - - - - -
    Description:Use a secure TLS connection to the LDAP server
    Syntax:AuthLDAPStartTLS on|off
    Default:AuthLDAPStartTLS off
    Context:directory, .htaccess
    Override:AuthConfig
    Status:Experimental
    Module:mod_auth_ldap
    -

    If this directive is set to on, - mod_auth_ldap will start a secure TLS session - after connecting to the LDAP server. This requires your LDAP - server to support TLS.

    -
    top

    AuthLDAPUrl Directive

    diff --git a/docs/manual/mod/mod_ldap.html.en b/docs/manual/mod/mod_ldap.html.en index 9f66eb8db1..4d73740aa5 100644 --- a/docs/manual/mod/mod_ldap.html.en +++ b/docs/manual/mod/mod_ldap.html.en @@ -38,21 +38,30 @@ by other LDAP modules apr-util. This is achieved by adding the --with-ldap flag to the ./configure script when building Apache.

    + +

    SSL support requires that mod_ldap be linked + with one of the following LDAP SDKs: + OpenLDAP SDK (both 1.x and 2.x), + Novell LDAP SDK or the + iPlanet(Netscape) SDK.

    +
    top
    @@ -184,6 +193,51 @@ by other LDAP modules information each time, depending on which httpd instance processes the request.

    +
    top
    +
    +

    Using SSL

    + +

    The ability to create an SSL connections to an LDAP server + is defined by the directives + LDAPTrustedCA and + LDAPTrustedCAType. These directives specify the certificate + file or database and the certificate type. Whenever the LDAP url + includes ldaps://, mod_ldap will establish + a secure connection to the LDAP server.

    + +

    + # Establish an SSL LDAP connection. Requires that
    + # mod_ldap and mod_auth_ldap be loaded. Change the
    + # "yourdomain.example.com" to match your domain.
    +
    + LDAPTrustedCA /certs/certfile.der
    + LDAPTrustedCAType DER_FILE
    +
    + <Location /ldap-status>
    + + SetHandler ldap-status
    + Order deny,allow
    + Deny from all
    + Allow from yourdomain.example.com
    + AuthLDAPEnabled on
    + AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one
    + AuthLDAPAuthoritative on
    + require valid-user
    +
    + </Location> +

    + +

    If mod_ldap is linked against the + Netscape/iPlanet LDAP SDK, it will not talk to any SSL server + unless that server has a certificate signed by a known Certificate + Authority. As part of the configuration + mod_ldap needs to be told where it can find + a database containing the known CAs. This database is in the same + format as Netscape Communicator's cert7.db + database. The easiest way to get this file is to start up a fresh + copy of Netscape, and grab the resulting + $HOME/.netscape/cert7.db file.

    +
    top

    LDAPCacheEntries Directive

    @@ -215,24 +269,6 @@ by other LDAP modules search/bind cache remains valid. The default is 600 seconds (10 minutes).

    -
    -
    top
    -

    LDAPCertDBPath Directive

    - - - - - - -
    Description:Directory containing certificates for SSL support
    Syntax:LDAPCertDBPath directory-path
    Context:server config
    Status:Experimental
    Module:mod_ldap
    -

    This directive is only valid if Apache has been linked - against the Netscape/iPlanet Directory SDK.

    - -

    It specifies in which directory mod_ldap - should look for the certificate authorities database for SSL - support. There should be a file named cert7.db in that - directory.

    -
    top

    LDAPOpCacheEntries Directive

    @@ -278,6 +314,36 @@ valid

    Specifies the number of bytes to specify for the shared memory cache. The default is 100kb.

    +
    +
    top
    +

    LDAPTrustedCA Directive

    + + + + + + +
    Description:Sets the file containing the trusted Certificate Authority certificate or database
    Syntax:LDAPTrustedCA directory-path/filename
    Context:server config
    Status:Experimental
    Module:mod_ldap
    +

    It specifies the directory path and file name of the trusted CA + mod_ldap should use when establishing an SSL + connection to an LDAP server. If using the Netscape/iPlanet Directory + SDK, the file name should be cert7.db.

    + +
    +
    top
    +

    LDAPTrustedCAType Directive

    + + + + + + +
    Description:Specifies the type of the Certificate Authority file
    Syntax:LDAPTrustedCAType type
    Context:server config
    Status:Experimental
    Module:mod_ldap
    +

    The following types are supported:
    + DER_FILE - file in binary DER format
    + BASE64_FILE - file in Base64 format
    + CERT7_DB_PATH - Netscape certificate database file ")

    +