From aa34d6321966e45bcc432caf1f715657e250be56 Mon Sep 17 00:00:00 2001
From: Chris Darroch <chrisd@apache.org>
Date: Tue, 25 Mar 2008 19:27:11 +0000
Subject: [PATCH] Update transformation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@640954 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/howto/auth.html.en        | 12 ++---
 docs/manual/howto/auth.xml.ja         |  2 +-
 docs/manual/howto/auth.xml.ko         |  2 +-
 docs/manual/mod/mod_authz_dbd.html.en | 65 +++++++++++++++++----------
 4 files changed, 50 insertions(+), 31 deletions(-)

diff --git a/docs/manual/howto/auth.html.en b/docs/manual/howto/auth.html.en
index 3ccf1a7c1b..876d439548 100644
--- a/docs/manual/howto/auth.html.en
+++ b/docs/manual/howto/auth.html.en
@@ -392,7 +392,7 @@ person in</a></h2>
     authentication or authorization method. In fact any number of the 
     providers can be mixed and matched to provide you with exactly the 
     scheme that meets your needs. In the following example, both the 
-    file and ldap based authentication providers are being used.</p>
+    file and LDAP based authentication providers are being used.</p>
 
     <div class="example"><p><code>
     &lt;Directory /www/docs/private&gt;<br />
@@ -406,17 +406,17 @@ person in</a></h2>
     </code></p></div>
 
     <p>In this example the file provider will attempt to authenticate
-    the user first. If it is unable to authenticate the user, the ldap
+    the user first. If it is unable to authenticate the user, the LDAP
     provider will be called. This allows the scope of authentication
     to be broadened if your organization implements more than
     one type of authentication store. Other authentication and authorization
     scenarios may include mixing one type of authentication with a
     different type of authorization. For example, authenticating against
-    a password file yet authorizing against and ldap directory.</p>
+    a password file yet authorizing against an LDAP directory.</p>
 
     <p>Just as multiple authentication providers can be implemented, multiple
     authorization methods can also be used. In this example both file group
-    authorization as well as ldap group authorization is being used.</p>
+    authorization as well as LDAP group authorization is being used.</p>
 
     <div class="example"><p><code>
     &lt;Directory /www/docs/private&gt;<br />
@@ -472,7 +472,7 @@ person in</a></h2>
 
         <div class="example"><p><code>
           # if ((user == "John") ||<br />
-          # &nbsp;&nbsp; ((Group == "admin")<br />
+          # &nbsp;&nbsp; ((Group == "admins")<br />
           # &nbsp; &nbsp; &amp;&amp; (ldap-group &lt;ldap-object&gt; contains auth'ed_user)<br />
           # &nbsp; &nbsp; &amp;&amp; ((ldap-attribute dept == "sales")<br />
           # &nbsp; &nbsp; &nbsp; &nbsp; || (file-group contains auth'ed_user))))<br />
@@ -504,7 +504,7 @@ person in</a></h2>
         </code></p></div>
 
         <p>By default all <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> 
-        directives are handled through and OR operation. In other words, if 
+        directives are handled through an OR operation. In other words, if 
         any of the specified authorization methods succeed, then authorization 
         is granted. By enclosing a set of 
         <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> directives within
diff --git a/docs/manual/howto/auth.xml.ja b/docs/manual/howto/auth.xml.ja
index addac5edab..681005a006 100644
--- a/docs/manual/howto/auth.xml.ja
+++ b/docs/manual/howto/auth.xml.ja
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='iso-2022-jp' ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ja.xsl"?>
-<!-- English Revision: 479777:582395 (outdated) -->
+<!-- English Revision: 479777:640952 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
diff --git a/docs/manual/howto/auth.xml.ko b/docs/manual/howto/auth.xml.ko
index db3aa5ec16..e5e1d54a2d 100644
--- a/docs/manual/howto/auth.xml.ko
+++ b/docs/manual/howto/auth.xml.ko
@@ -1,7 +1,7 @@
 <?xml version='1.0' encoding='EUC-KR' ?>
 <!DOCTYPE manualpage SYSTEM "../style/manualpage.dtd">
 <?xml-stylesheet type="text/xsl" href="../style/manual.ko.xsl"?>
-<!-- English Revision: 105989:582395 (outdated) -->
+<!-- English Revision: 105989:640952 (outdated) -->
 
 <!--
  Licensed to the Apache Software Foundation (ASF) under one or more
diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en
index 2a39f07a3d..f52ee17614 100644
--- a/docs/manual/mod/mod_authz_dbd.html.en
+++ b/docs/manual/mod/mod_authz_dbd.html.en
@@ -32,9 +32,17 @@
 
     <p>This module provides authorization capabilities so that
        authenticated users can be allowed or denied access to portions
-       of the web site by group membership. It also provides
-       database/backend login/logout in conjunction with
-       <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.</p>
+       of the web site by group membership.  Similar functionality is
+       provided by <code class="module"><a href="../mod/mod_authz_groupfile.html">mod_authz_groupfile</a></code> and
+       <code class="module"><a href="../mod/mod_authz_dbm.html">mod_authz_dbm</a></code>, with the exception that
+       this module queries a SQL database to determine whether a
+       user is a member of a group.</p>
+    <p>This module can also provide database-backed user login/logout
+       capabilities.  These are likely to be of most value when used
+       in conjunction with <code class="module"><a href="../mod/mod_authn_dbd.html">mod_authn_dbd</a></code>.</p>
+    <p>This module relies on <code class="module"><a href="../mod/mod_dbd.html">mod_dbd</a></code> to specify
+       the backend database driver and connection parameters, and
+       manage the database connections.</p>
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
@@ -50,6 +58,12 @@
 </ul><h3>See also</h3>
 <ul class="seealso">
 <li><code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code></li>
+<li>
+  <code class="directive"><a href="../mod/mod_authz_core.html#authzmergerules">AuthzMergeRules</a></code>
+</li>
+<li>
+  <code class="directive"><a href="../mod/mod_authn_dbd.html#authdbduserpwquery">AuthDBDUserPWQuery</a></code>
+</li>
 <li><code class="directive"><a href="../mod/mod_dbd.html#dbdriver">DBDriver</a></code></li>
 <li><code class="directive"><a href="../mod/mod_dbd.html#dbdparams">DBDParams</a></code></li>
 </ul></div>
@@ -57,11 +71,13 @@
 <div class="section">
 <h2><a name="login" id="login">Database Login</a></h2>
 
-<p>In addition to the standard authz function of checking group
-membership, this module provides database Login/Logout capability.
-Specifically, we can maintain a logged in/logged out status in
-the database, and control the status via designated URLs (subject
-of course to users supplying the necessary credentials).</p>
+<p>
+In addition to the standard authorization function of checking group
+membership, this module can also provide server-side user session
+management via database-backed login/logout capabilities.
+Specifically, it can update a user's session status in the database
+whenever the user visits designated URLs (subject of course to users
+supplying the necessary credentials).</p>
 <p>This works by defining two special
 <code class="directive"><a href="../mod/mod_authz_core.html#require">Require</a></code> types:
 <code>Require dbd-login</code> and <code>Require dbd-logout</code>.
@@ -70,15 +86,14 @@ For usage details, see the configuration example below.</p>
 <div class="section">
 <h2><a name="client" id="client">Client Login</a></h2>
 
-<p>In conjunction with server login/logout, we may wish to implement
-clientside login/out, for example by setting and unsetting a cookie
-or other such token.  Although this is not the business of an authz
-module, client session management software should be able to tie its
-operation in to database login/logout.  To support this,
-<code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an optional hook that will
-be run whenever a user successfully logs into or out of the database.
-Session management modules can use the hook to implement functions
-to start and end a client session.</p>
+<p>Some administrators may wish to implement client-side session
+management that works in concert with the server-side login/logout
+capabilities offered by this module, for example, by setting or unsetting
+an HTTP cookie or other such token when a user logs in or out.
+To support such integration, <code class="module"><a href="../mod/mod_authz_dbd.html">mod_authz_dbd</a></code> exports an
+optional hook that will be run whenever a user's status is updated in
+the database.  Other session management modules can then use the hook
+to implement functions that start and end client-side sessions.</p>
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="example" id="example">Configuration Example</a></h2>
@@ -102,17 +117,19 @@ DBDExptime 300
 
   # mod_authn_dbd SQL query to authenticate a logged-in user
   AuthDBDUserPWQuery \
-    "SELECT password FROM authn WHERE user = %s AND login = true"
+    "SELECT password FROM authn WHERE user = %s AND login = 'true'"
 
   # mod_authz_core configuration for mod_authz_dbd
+  AuthzMergeRules Off
   Require dbd-group team
 
   # mod_authz_dbd configuration
   AuthzDBDQuery "SELECT group FROM authz WHERE user = %s"
 
   # when a user fails to be authenticated or authorized,
-  # invite them to login
-  ErrorDocument 401 /team-private/login-form.html
+  # invite them to login; this page should provide a link
+  # to /team-private/login.html
+  ErrorDocument 401 /login-info.html
 
   &lt;Files login.html&gt;
     # don't require user to already be logged in!
@@ -120,9 +137,10 @@ DBDExptime 300
       "SELECT password FROM authn WHERE user = %s"
 
     # dbd-login action executes a statement to log user in
+    AuthzMergeRules Off
     Require dbd-login
     AuthzDBDQuery \
-      "UPDATE authn SET login = true WHERE user = %s"
+      "UPDATE authn SET login = 'true' WHERE user = %s"
 
     # return user to referring page (if any) after
     # successful login
@@ -131,9 +149,10 @@ DBDExptime 300
 
   &lt;Files logout.html&gt;
     # dbd-logout action executes a statement to log user out
+    AuthzMergeRules Off
     Require dbd-logout
     AuthzDBDQuery \
-      "UPDATE authn SET login = false WHERE user = %s"
+      "UPDATE authn SET login = 'false' WHERE user = %s"
   &lt;/Files&gt;
 &lt;/Directory&gt;
 </pre></div>
@@ -193,7 +212,7 @@ AuthzDBDQuery \
     <div class="example"><h3>Example</h3><pre>
 Require dbd-login
 AuthzDBDQuery \
-  "UPDATE authn SET login = true WHERE user = %s"
+  "UPDATE authn SET login = 'true' WHERE user = %s"
 </pre></div>
     </li>
     </ul>
-- 
2.40.0