<code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
is set to <code>off</code> to allow the authorization phase to fall
back to the module providing the alternate
- <code class="directive"><a href="../mod/core.html#require">Require</a></code> value.</p>
+ <code class="directive"><a href="../mod/core.html#require">Require</a></code> value. When no
+ LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code> directives
+ are used, authorization is allowed to fall back to other modules
+ as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
+ was set to <code>off</code>. </p>
<ul>
<li>Grant access if there is a <a href="#requser"><code>Require
<p>If this directive exists, <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> grants
access to any user that has successfully authenticated during the
search/bind phase. Requires that <code class="module"><a href="../mod/mod_authz_user.html">mod_authz_user</a></code> be
- loaded and that the
- <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
- directive be set to off.</p>
+ loaded.</p>
<h3><a name="requser" id="requser">Require ldap-user</a></h3>
that gets created in the web</p>
<div class="example"><pre>
AuthLDAPURL "the url"
-AuthzLDAPAuthoritative off
AuthGroupFile <em>mygroupfile</em>
Require group <em>mygroupfile</em>
</pre></div>
- <p><code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
- must be off to allow <code class="module"><a href="../mod/mod_authnz_ldap.html">mod_authnz_ldap</a></code> to decline group
- authentication so that Apache will fall back to file
- authentication for checking group membership. This allows the
- FrontPage-managed group file to be used.</p>
-
<h3><a name="howitworks" id="howitworks">How It Works</a></h3>
<p>FrontPage restricts access to a web by adding the <code>Require
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_authnz_ldap</td></tr>
</table>
<p>Set to <code>off</code> if this module should let other
- authentication modules attempt to authenticate the user, should
- authentication with this module fail. Control is only passed on
+ authorization modules attempt to authorize the user, should
+ authorization with this module fail. Control is only passed on
to lower modules if there is no DN or rule that matches the
supplied user name (as passed by the client).</p>
+ <p> When no LDAP-specific <code class="directive"><a href="../mod/core.html#require">Require</a></code> directives
+ are used, authorization is allowed to fall back to other modules
+ as if <code class="directive"><a href="#authzldapauthoritative">AuthzLDAPAuthoritative</a></code>
+ was set to <code>off</code>. </p>
</div>
</div>
<directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
is set to <code>off</code> to allow the authorization phase to fall
back to the module providing the alternate
- <directive module="core">Require</directive> value.</p>
+ <directive module="core">Require</directive> value. When no
+ LDAP-specific <directive module="core">Require</directive> directives
+ are used, authorization is allowed to fall back to other modules
+ as if <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
+ was set to <code>off</code>. </p>
<ul>
<li>Grant access if there is a <a href="#requser"><code>Require
<p>If this directive exists, <module>mod_authnz_ldap</module> grants
access to any user that has successfully authenticated during the
search/bind phase. Requires that <module>mod_authz_user</module> be
- loaded and that the
- <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
- directive be set to off.</p>
+ loaded.</p>
</section>
<section id="requser"><title>Require ldap-user</title>
that gets created in the web</p>
<example><pre>
AuthLDAPURL "the url"
-AuthzLDAPAuthoritative off
AuthGroupFile <em>mygroupfile</em>
Require group <em>mygroupfile</em>
</pre></example>
- <p><directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
- must be off to allow <module>mod_authnz_ldap</module> to decline group
- authentication so that Apache will fall back to file
- authentication for checking group membership. This allows the
- FrontPage-managed group file to be used.</p>
-
<section id="howitworks"><title>How It Works</title>
<p>FrontPage restricts access to a web by adding the <code>Require
<usage>
<p>Set to <code>off</code> if this module should let other
- authentication modules attempt to authenticate the user, should
- authentication with this module fail. Control is only passed on
+ authorization modules attempt to authorize the user, should
+ authorization with this module fail. Control is only passed on
to lower modules if there is no DN or rule that matches the
supplied user name (as passed by the client).</p>
+ <p> When no LDAP-specific <directive module="core">Require</directive> directives
+ are used, authorization is allowed to fall back to other modules
+ as if <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
+ was set to <code>off</code>. </p>
</usage>
</directivesynopsis>