From: Christophe Jaillet Date: Sat, 23 Jan 2021 06:54:18 +0000 (+0000) Subject: Add some missing hyper links to directives. X-Git-Tag: 2.4.47~123 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70da9dee8a5fc17464b6174a16f6f25f6ec7cdef;p=thirdparty%2Fapache%2Fhttpd.git Add some missing hyper links to directives. Remove some in to be more consistant with the rest of the doc. Remove a duplicated traling ".". (r1885833 on trunk) [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885834 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml index c2db69fecaf..fd998e07156 100644 --- a/docs/manual/mod/mod_ldap.xml +++ b/docs/manual/mod/mod_ldap.xml @@ -119,7 +119,7 @@ LDAPOpCacheTTL 600 caching strategy to minimize the number of times that the LDAP server must be contacted. Caching can easily double or triple the throughput of Apache when it is serving pages protected - with mod_authnz_ldap. In addition, the load on the LDAP server + with mod_authnz_ldap. In addition, the load on the LDAP server will be significantly decreased.

mod_ldap supports two types of LDAP caching during @@ -270,7 +270,8 @@ LDAPTrustedGlobalCert CA_DER "/certs/certfile.der" installation.

Client certificates are specified per connection using the - LDAPTrustedClientCert directive by referring + LDAPTrustedClientCert + directive by referring to the certificate "nickname". An optional password may be specified to unlock the certificate's private key.

@@ -309,13 +310,16 @@ LDAPTrustedGlobalCert CA_SECMOD "/certs/secmod" binary DER or Base64 (PEM) encoded files.

Note: Client certificates are specified globally rather than per - connection, and so must be specified with the LDAPTrustedGlobalCert + connection, and so must be specified with the LDAPTrustedGlobalCert directive as below. Trying to set client certificates via the - LDAPTrustedClientCert directive will cause an error to be logged - when an attempt is made to connect to the LDAP server..

+ LDAPTrustedClientCert + directive will cause an error to be logged + when an attempt is made to connect to the LDAP server.

The SDK supports both SSL and STARTTLS, set using the - LDAPTrustedMode parameter. If an ldaps:// URL is specified, + LDAPTrustedMode parameter. + If an ldaps:// URL is specified, SSL mode is forced, override this directive.

@@ -338,7 +342,8 @@ LDAPTrustedGlobalCert KEY_BASE64 "/certs/key1.pem" [password] binary DER or Base64 (PEM) encoded files.

Both CA and client certificates may be specified globally - (LDAPTrustedGlobalCert) or per-connection (LDAPTrustedClientCert). + (LDAPTrustedGlobalCert) or + per-connection (LDAPTrustedClientCert). When any settings are specified per-connection, the global settings are superseded.

@@ -390,7 +395,8 @@ LDAPTrustedGlobalCert CA_BASE64 "/certs/cacert2.pem" configuration directives are required.

Both SSL and TLS are supported by using the ldaps:// URL - format, or by using the LDAPTrustedMode directive accordingly.

+ format, or by using the LDAPTrustedMode directive accordingly.

Note: The status of support for client certificates is not yet known for this toolkit.

@@ -494,7 +500,7 @@ valid AuthConfig -

This directive, if enabled by the LDAPReferrals directive, +

This directive, if enabled by the LDAPReferrals directive, limits the number of referral hops that are followed before terminating an LDAP query.

@@ -507,7 +513,7 @@ valid LDAPReferrals Enable referral chasing during queries to the LDAP server. -LDAPReferrals On|Off|default +LDAPReferrals On|Off|default LDAPReferrals On directory.htaccess AuthConfig @@ -524,7 +530,7 @@ valid
"on"

When set to "on", the underlying SDK's referral chasing state - is enabled, LDAPReferralHopLimit is used to + is enabled, LDAPReferralHopLimit is used to override the SDK's hop limit, and an LDAP rebind callback is registered.

"off"
@@ -532,12 +538,12 @@ valid is disabled completely.

"default"

When set to "default", the underlying SDK's referral chasing state - is not changed, LDAPReferralHopLimit is not + is not changed, LDAPReferralHopLimit is not used to override the SDK's hop limit, and no LDAP rebind callback is registered.

-

The directive LDAPReferralHopLimit works in conjunction with +

The directive LDAPReferralHopLimit works in conjunction with this directive to limit the number of referral hops to follow before terminating the LDAP query. When referral processing is enabled by a value of "On", client credentials will be provided, via a rebind callback, for any LDAP server requiring them.

@@ -590,7 +596,8 @@ Certificate Authority or global client certificates is applied globally to the entire server installation. Some LDAP toolkits (notably Novell) require all client certificates to be set globally using this directive. Most other toolkits require clients certificates to be set - per Directory or per Location using LDAPTrustedClientCert. If you get this + per Directory or per Location using LDAPTrustedClientCert. If you get this wrong, an error may be logged when an attempt is made to contact the LDAP server, or the connection may silently fail (See the SSL/TLS certificate guide above for details). @@ -629,7 +636,8 @@ connection client certificates. settings. Some LDAP toolkits (notably Novell) do not support per connection client certificates, and will throw an error on LDAP server connection if you try to use this directive - (Use the LDAPTrustedGlobalCert directive instead for Novell client + (Use the LDAPTrustedGlobalCert + directive instead for Novell client certificates - See the SSL/TLS certificate guide above for details). The type specifies the kind of certificate parameter being set, depending on the LDAP toolkit being used. Supported types are:

@@ -665,7 +673,7 @@ connection client certificates.

If an ldaps:// URL is specified, the mode becomes SSL and the setting - of LDAPTrustedMode is ignored.

+ of LDAPTrustedMode is ignored.

 @@ -725,7 +733,7 @@ connection client certificates. LDAPVerifyServerCert Force server certificate verification -LDAPVerifyServerCert On|Off +LDAPVerifyServerCert On|Off LDAPVerifyServerCert On server config