www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-05 16:55:50 +03:00
Code Activity

latest docco xform updates

Browse Source 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@596716 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Jim Jagielski
2007-11-20 15:15:05 +00:00
parent 45a8151be4
commit 7c35c7a836
7 changed files with 574 additions and 410 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/manual/env.html.en
View File

@@ -324,6 +324,19 @@
set for the redirection text, and these broken browsers will then correctly set for the redirection text, and these broken browsers will then correctly
use that of the destination page.</p> use that of the destination page.</p>
<div class="warning">
<h3>Security note</h3>
<p>Sending error pages without a specified character set may
allow a cross-site-scripting attack for existing browsers (MSIE)
which do not follow the HTTP/1.1 specification and attempt to
"guess" the character set from the content. Such browsers can
be easily fooled into using the UTF-7 character set, and UTF-7
content from input data (such as the request-URI) will not be
escaped by the usual escaping mechanisms designed to prevent
cross-site-scripting attacks.</p>
</div>
<h3><a name="proxy" id="proxy">force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked, proxy-sendcl</a></h3> <h3><a name="proxy" id="proxy">force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked, proxy-sendcl</a></h3>

2
docs/manual/env.xml.ja
View File

@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="iso-2022-jp" ?> <?xml version="1.0" encoding="iso-2022-jp" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?> <?xml-stylesheet type="text/xsl" href="./style/manual.ja.xsl"?>
<!-- English Revision: 420990:580734 (outdated) --> <!-- English Revision: 420990:595288 (outdated) -->
<!-- <!--
Licensed to the Apache Software Foundation (ASF) under one or more Licensed to the Apache Software Foundation (ASF) under one or more

2
docs/manual/env.xml.ko
View File

@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="EUC-KR" ?> <?xml version="1.0" encoding="EUC-KR" ?>
<!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd"> <!DOCTYPE manualpage SYSTEM "./style/manualpage.dtd">
<?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?> <?xml-stylesheet type="text/xsl" href="./style/manual.ko.xsl"?>
<!-- English Revision: 105989:580734 (outdated) --> <!-- English Revision: 105989:595288 (outdated) -->
<!-- <!--
Licensed to the Apache Software Foundation (ASF) under one or more Licensed to the Apache Software Foundation (ASF) under one or more

3
docs/manual/mod/directives.html.en
View File

@@ -99,8 +99,11 @@
<li><a href="mod_authnz_ldap.html#authldapdereferencealiases">AuthLDAPDereferenceAliases</a></li> <li><a href="mod_authnz_ldap.html#authldapdereferencealiases">AuthLDAPDereferenceAliases</a></li>
<li><a href="mod_authnz_ldap.html#authldapgroupattribute">AuthLDAPGroupAttribute</a></li> <li><a href="mod_authnz_ldap.html#authldapgroupattribute">AuthLDAPGroupAttribute</a></li>
<li><a href="mod_authnz_ldap.html#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li> <li><a href="mod_authnz_ldap.html#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li>
<li><a href="mod_authnz_ldap.html#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></li>
<li><a href="mod_authnz_ldap.html#authldapremoteuserattribute">AuthLDAPRemoteUserAttribute</a></li> <li><a href="mod_authnz_ldap.html#authldapremoteuserattribute">AuthLDAPRemoteUserAttribute</a></li>
<li><a href="mod_authnz_ldap.html#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li> <li><a href="mod_authnz_ldap.html#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li>
<li><a href="mod_authnz_ldap.html#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></li>
<li><a href="mod_authnz_ldap.html#authldapsubgroupclass">AuthLDAPSubGroupClass</a></li>
<li><a href="mod_authnz_ldap.html#authldapurl">AuthLDAPUrl</a></li> <li><a href="mod_authnz_ldap.html#authldapurl">AuthLDAPUrl</a></li>
<li><a href="mod_authn_core.html#authname">AuthName</a></li> <li><a href="mod_authn_core.html#authname">AuthName</a></li>
<li><a href="mod_authn_core.html#authnprovideralias">&lt;AuthnProviderAlias&gt;</a></li> <li><a href="mod_authn_core.html#authnprovideralias">&lt;AuthnProviderAlias&gt;</a></li>

149
docs/manual/mod/mod_authnz_ldap.html.en
View File

@@ -65,8 +65,11 @@ for HTTP Basic authentication.</td></tr>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapdereferencealiases">AuthLDAPDereferenceAliases</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#authldapdereferencealiases">AuthLDAPDereferenceAliases</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserattribute">AuthLDAPRemoteUserAttribute</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserattribute">AuthLDAPRemoteUserAttribute</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapsubgroupclass">AuthLDAPSubGroupClass</a></li>
<li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li>
</ul> </ul>
<h3>Topics</h3> <h3>Topics</h3>
@@ -233,7 +236,8 @@ for HTTP Basic authentication.</td></tr>
<li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-group</code></a> directive, and <li>Grant access if there is a <a href="#reqgroup"><code>Require ldap-group</code></a> directive, and
the DN fetched from the LDAP directory (or the username the DN fetched from the LDAP directory (or the username
passed by the client) occurs in the LDAP group.</li> passed by the client) occurs in the LDAP group or, potentially, in
one of its sub-groups.</li>
<li>Grant access if there is a <a href="#reqattribute"> <li>Grant access if there is a <a href="#reqattribute">
<code>Require ldap-attribute</code></a> <code>Require ldap-attribute</code></a>
@@ -306,6 +310,29 @@ for HTTP Basic authentication.</td></tr>
user DN or the username when doing comparisons for the user DN or the username when doing comparisons for the
<code>Require ldap-group</code> directive.</td> <code>Require ldap-group</code> directive.</td>
</tr> </tr>
<tr>
<td><code class="directive"><a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></code></td>
<td>Determines the maximum depth of sub-groups that will be evaluated
during comparisons in the <code>Require ldap-group</code> directive.</td>
</tr>
<tr>
<td><code class="directive"><a href="#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></code></td>
<td>Determines the attribute to use when obtaining sub-group members
of the current group during comparisons in the <code>Require ldap-group</code>
directive.</td>
</tr>
<tr>
<td><code class="directive"><a href="#authldapsubgroupclass">AuthLDAPSubGroupClass</a></code></td>
<td>Specifies the LDAP objectClass values used to identify if queried directory
objects really are group objects (as opposed to user objects) during the
<code>Require ldap-group</code> directive's sub-group processing.</td>
</tr>
</table> </table>
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
@@ -381,8 +408,49 @@ uniqueMember: cn=Fred User, o=Airius<br />
Barbara:</p> Barbara:</p>
<div class="example"><p><code>Require ldap-group cn=Administrators, o=Airius</code></p></div> <div class="example"><p><code>Require ldap-group cn=Administrators, o=Airius</code></p></div>
<p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></code> and <p>Members can also be found within sub-groups of a specified LDAP group
<code class="directive"><a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></code> if <code class="directive"><a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></code>
is set to a value greater than 0. For example, assume the following entries
exist in the LDAP directory:</p>
<div class="example"><p><code>
dn: cn=Employees, o=Airius<br />
objectClass: groupOfUniqueNames<br />
uniqueMember: cn=Managers, o=Airius<br />
uniqueMember: cn=Administrators, o=Airius<br />
uniqueMember: cn=Users, o=Airius<br />
<br />
dn: cn=Managers, o=Airius<br />
objectClass: groupOfUniqueNames<br />
uniqueMember: cn=Bob Ellis, o=Airius<br />
uniqueMember: cn=Tom Jackson, o=Airius<br />
<br />
dn: cn=Administrators, o=Airius<br />
objectClass: groupOfUniqueNames<br />
uniqueMember: cn=Barbara Jenson, o=Airius<br />
uniqueMember: cn=Fred User, o=Airius<br />
<br />
dn: cn=Users, o=Airius<br />
objectClass: groupOfUniqueNames<br />
uniqueMember: cn=Allan Jefferson, o=Airius<br />
uniqueMember: cn=Paul Tilley, o=Airius<br />
uniqueMember: cn=Temporary Employees, o=Airius<br />
<br />
dn: cn=Temporary Employees, o=Airius<br />
objectClass: groupOfUniqueNames<br />
uniqueMember: cn=Jim Swenson, o=Airius<br />
uniqueMember: cn=Elliot Rhodes, o=Airius<br />
</code></p></div>
<p>The following directives would allow access for Bob Ellis, Tom Jackson,
Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not
allow access for Jim Swenson, or Elliot Rhodes (since they are at a
sub-group depth of 2):</p>
<div class="example"><p><code>
Require ldap-group cn=Employees, o-Airius<br />
AuthLDAPSubGroupDepth 1<br />
</code></p></div>
<p>Behavior of this directive is modified by the <code class="directive"><a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></code>, <code class="directive"><a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></code>, <code class="directive"><a href="#authldapmaxsubgroupdepth">AuthLDAPMaxSubGroupDepth</a></code>, <code class="directive"><a href="#authldapsubgroupattribute">AuthLDAPSubGroupAttribute</a></code>, and <code class="directive"><a href="#authldapsubgroupclass">AuthLDAPSubGroupClass</a></code>
directives.</p> directives.</p>
@@ -798,7 +866,8 @@ Require group <em>mygroupfile</em>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPGroupAttribute" id="AuthLDAPGroupAttribute">AuthLDAPGroupAttribute</a> <a name="authldapgroupattribute" id="authldapgroupattribute">Directive</a></h2> <div class="directive-section"><h2><a name="AuthLDAPGroupAttribute" id="AuthLDAPGroupAttribute">AuthLDAPGroupAttribute</a> <a name="authldapgroupattribute" id="authldapgroupattribute">Directive</a></h2>
<table class="directive"> <table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>LDAP attributes used to check for group membership</td></tr> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>LDAP attributes used to identify the user members of
groups.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttribute <em>attribute</em></code></td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPGroupAttribute <em>attribute</em></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr> <tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> <tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
@@ -806,8 +875,8 @@ Require group <em>mygroupfile</em>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
</table> </table>
<p>This directive specifies which LDAP attributes are used to <p>This directive specifies which LDAP attributes are used to
check for group membership. Multiple attributes can be used by check for user members within groups. Multiple attributes can be used
specifying this directive multiple times. If not specified, by specifying this directive multiple times. If not specified,
then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the <code>member</code> and then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the <code>member</code> and
<code>uniquemember</code> attributes.</p> <code>uniquemember</code> attributes.</p>
@@ -835,6 +904,28 @@ group membership</td></tr>
directive is not set, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will directive is not set, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> will
check if the group has <code>bjenson</code> as a member.</p> check if the group has <code>bjenson</code> as a member.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPMaxSubGroupDepth" id="AuthLDAPMaxSubGroupDepth">AuthLDAPMaxSubGroupDepth</a> <a name="authldapmaxsubgroupdepth" id="authldapmaxsubgroupdepth">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the maximum sub-group nesting depth that will be
evaluated before the user search is discontinued.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPMaxSubGroupDepth <var>Number</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPMaxSubGroupDepth 10</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
</table>
<p>When this directive is set to a non-zero value <code>X</code>
combined with use of the <code>Require ldap-group someGroupDN</code>
directive, the provided user credentials will be searched for
as a member of the <code>someGroupDN</code> directory object or of
any group member of the current group up to the maximum nesting
level <code>X</code> specified by this directive.</p>
<p>See the <a href="#reqgroup"><code>Require ldap-group</code></a>
section for a more detailed example.</p>
</div> </div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2> <div class="directive-section"><h2><a name="AuthLDAPRemoteUserAttribute" id="AuthLDAPRemoteUserAttribute">AuthLDAPRemoteUserAttribute</a> <a name="authldapremoteuserattribute" id="authldapremoteuserattribute">Directive</a></h2>
@@ -877,6 +968,52 @@ environment variable</td></tr>
the username that was passed by the client. It is turned off by the username that was passed by the client. It is turned off by
default.</p> default.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPSubGroupAttribute" id="AuthLDAPSubGroupAttribute">AuthLDAPSubGroupAttribute</a> <a name="authldapsubgroupattribute" id="authldapsubgroupattribute">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the attribute labels, one value per
directive line, used to distinguish the members of the current group that
are groups.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPSubGroupAttribute <em>attribute</em></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
</table>
<p>An LDAP group object may contain members that are users and
members that are groups (called nested or sub groups). The
<code>AuthLDAPSubGroupAttribute</code> directive identifies the
labels of group members and the <code>AuthLDAPGroupAttribute</code>
directive identifies the labels of the user members. Multiple
attributes can be used by specifying this directive multiple times.
If not specified, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the
<code>member</code> and <code>uniqueMember</code> attributes.</p>
</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPSubGroupClass" id="AuthLDAPSubGroupClass">AuthLDAPSubGroupClass</a> <a name="authldapsubgroupclass" id="authldapsubgroupclass">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies which LDAP objectClass values identify directory
objects that are groups during sub-group processing.</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPSubGroupClass <em>LdapObjectClass</em></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
</table>
<p>An LDAP group object may contain members that are users and
members that are groups (called nested or sub groups). The
<code>AuthLDAPSubGroupAttribute</code> directive identifies the
labels of members that may be sub-groups of the current group
(as opposed to user members). The <code>AuthLDAPSubGroupClass</code>
directive specifies the LDAP objectClass values used in verifying that
these potential sub-groups are in fact group objects. Verified sub-groups
can then be searched for more user or sub-group members. Multiple
attributes can be used by specifying this directive multiple times.
If not specified, then <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> uses the
<code>groupOfNames</code> and <code>groupOfUniqueNames</code> values.</p>
</div> </div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2> <div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2>

3
docs/manual/mod/mod_ldap.html.en
View File

@@ -176,6 +176,9 @@ by other LDAP modules</td></tr>
the results of comparisons done between distinguished the results of comparisons done between distinguished
names.</p> names.</p>
<p>Note that, when group membership is being checked, any sub-group
comparison results are cached to speed future sub-group comparisons.</p>
<p>The behavior of both of these caches is controlled with <p>The behavior of both of these caches is controlled with
the <code class="directive"><a href="#ldapopcacheentries">LDAPOpCacheEntries</a></code> the <code class="directive"><a href="#ldapopcacheentries">LDAPOpCacheEntries</a></code>
and <code class="directive"><a href="#ldapopcachettl">LDAPOpCacheTTL</a></code> and <code class="directive"><a href="#ldapopcachettl">LDAPOpCacheTTL</a></code>

812
docs/manual/mod/quickreference.html.en
View File

File diff suppressed because it is too large Load Diff