From f6973e9d861eb8c974cdc53a7b092935c045a39f Mon Sep 17 00:00:00 2001 From: Christophe Jaillet Date: Sat, 26 Mar 2016 07:51:51 +0000 Subject: [PATCH] Add missing space between directives and parameters. Improve syntax highlight. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1736683 13f79535-47bb-0310-9956-ffa450edef68 --- docs/manual/mod/mod_authnz_ldap.xml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml index e122707554..6707a034e3 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml +++ b/docs/manual/mod/mod_authnz_ldap.xml @@ -855,7 +855,7 @@ authorization AuthLDAPBindAuthoritative Determines if other authentication providers are used when a user can be mapped to a DN but the server cannot successfully bind with the user's credentials. -AuthLDAPBindAuthoritativeoff|on +AuthLDAPBindAuthoritative off|on AuthLDAPBindAuthoritative on directory.htaccess @@ -864,7 +864,7 @@ authorization

By default, subsequent authentication providers are only queried if a user cannot be mapped to a DN, but not if the user can be mapped to a DN and their password cannot be verified with an LDAP bind. - If AuthLDAPBindAuthoritative + If AuthLDAPBindAuthoritative is set to off, other configured authentication modules will have a chance to validate the user if the LDAP bind (with the current user's credentials) fails for any reason.

@@ -881,7 +881,7 @@ authorization AuthLDAPInitialBindAsUser Determines if the server does the initial DN lookup using the basic authentication users' own username, instead of anonymously or with hard-coded credentials for the server -AuthLDAPInitialBindAsUser off|on +AuthLDAPInitialBindAsUser off|on AuthLDAPInitialBindAsUser off directory.htaccess @@ -918,7 +918,7 @@ own username, instead of anonymously or with hard-coded credentials for the serv AuthLDAPInitialBindPattern Specifies the transformation of the basic authentication username to be used when binding to the LDAP server to perform a DN lookup -AuthLDAPInitialBindPatternregex substitution +AuthLDAPInitialBindPattern regex substitution AuthLDAPInitialBindPattern (.*) $1 (remote username used verbatim) directory.htaccess @@ -987,7 +987,7 @@ AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com that the bind password is probably sensitive data, and should be properly protected. You should only use the AuthLDAPBindDN and AuthLDAPBindPassword if you + >AuthLDAPBindPassword if you absolutely need them to search the directory.

If the value begins with exec: the resulting command will be @@ -1274,8 +1274,9 @@ are groups.

An LDAP group object may contain members that are users and members that are groups (called nested or sub groups). The - AuthLDAPSubGroupAttribute directive identifies the - labels of group members and the AuthLDAPGroupAttribute + AuthLDAPSubGroupAttribute directive identifies the + labels of group members and the AuthLDAPGroupAttribute directive identifies the labels of the user members. Multiple attributes can be used by specifying this directive multiple times. If not specified, then mod_authnz_ldap uses the @@ -1297,9 +1298,10 @@ objects that are groups during sub-group processing.

An LDAP group object may contain members that are users and members that are groups (called nested or sub groups). The - AuthLDAPSubGroupAttribute directive identifies the + AuthLDAPSubGroupAttribute + directive identifies the labels of members that may be sub-groups of the current group - (as opposed to user members). The AuthLDAPSubGroupClass + (as opposed to user members). The AuthLDAPSubGroupClass directive specifies the LDAP objectClass values used in verifying that these potential sub-groups are in fact group objects. Verified sub-groups can then be searched for more user or sub-group members. Multiple @@ -1429,7 +1431,7 @@ You can of course use search parameters on each of these.

See above for examples of AuthLDAPURL URLs.

+ module="mod_authnz_ldap">AuthLDAPUrl URLs.

 -- 2.50.1