From: Eric Covener <covener@apache.org>
Date: Sat, 29 May 2010 22:49:17 +0000 (+0000)
Subject: emphasize that trying to use the basic auth credentials directly
X-Git-Tag: 2.3.6~83
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1727457dd34f066aeecc71cabbab0ef7f59e0a56;p=apache

emphasize that trying to use the basic auth credentials directly
is a last resort.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@949444 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en
index e4d8fe88bc..831f8536ab 100644
--- a/docs/manual/mod/mod_authnz_ldap.html.en
+++ b/docs/manual/mod/mod_authnz_ldap.html.en
@@ -975,6 +975,11 @@ own username, instead of anonymously or with hard-coded credentials for the serv
      <p> If the verbatim username can't directly bind, but needs some
      cosmetic transformation, see <code class="directive"><a href="#&#10;     authldapinitialbindpattern">
      AuthLDAPInitialBindPattern</a></code>.</p>
+   
+     <p> This directive should only be used when your LDAP server doesn't 
+         accept anonymous searches and you cannot use a dedicated 
+         <code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code>.
+     </p>
 
      <div class="note"><h3>Not available with authorization-only</h3>
          This directive can only be used if this module authenticates the user, and
@@ -1007,6 +1012,11 @@ to perform a DN lookup</td></tr>
     <p> The regular expression argument is compared against the current basic authentication username.
         The substitution argument may contain backreferences, but has no other variable interpolation.</p>
      
+    <p> This directive should only be used when your LDAP server doesn't 
+        accept anonymous searches and you cannot use a dedicated 
+        <code class="directive"><a href="#authldapbinddn">AuthLDAPBindDN</a></code>.
+    </p>
+
     <div class="example"><p><code> AuthLDAPInitialBindPattern (.+) $1@example.com </code></p></div>
     <div class="example"><p><code> AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com</code></p></div>
 
diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml
index 430cbb2367..281c0f41f0 100644
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -824,6 +824,11 @@ own username, instead of anonymously or with hard-coded credentials for the serv
      <p> If the verbatim username can't directly bind, but needs some
      cosmetic transformation, see <directive module="mod_authnz_ldap">
      AuthLDAPInitialBindPattern</directive>.</p>
+   
+     <p> This directive should only be used when your LDAP server doesn't 
+         accept anonymous searches and you cannot use a dedicated 
+         <directive module="mod_authnz_ldap">AuthLDAPBindDN</directive>.
+     </p>
 
      <note><title>Not available with authorization-only</title>
          This directive can only be used if this module authenticates the user, and
@@ -852,6 +857,11 @@ to perform a DN lookup</description>
     <p> The regular expression argument is compared against the current basic authentication username.
         The substitution argument may contain backreferences, but has no other variable interpolation.</p>
      
+    <p> This directive should only be used when your LDAP server doesn't 
+        accept anonymous searches and you cannot use a dedicated 
+        <directive module="mod_authnz_ldap">AuthLDAPBindDN</directive>.
+    </p>
+
     <example> AuthLDAPInitialBindPattern (.+) $1@example.com </example>
     <example> AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com</example>