Merge r1675436 from trunk:

add a prominent caveat about the effect of caching.

PR55089

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1675438 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml
index 70695f5181725bf14f28cd58f9bdabf1c858e4b0..1a40498e4906bf28448a0ac5d0a55e4a3e157379 100644 (file)
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -68,8 +68,8 @@ for HTTP Basic authentication.</description>
 <section id="contents"><title>Contents</title>
 
     <ul>
-      <li>
-        <a href="#operation">Operation</a>
+      <li> <a href="#gcaveats">General caveats</a> </li>
+      <li> <a href="#operation">Operation</a>
 
         <ul>
           <li><a href="#authenphase">The Authentication
@@ -109,6 +109,16 @@ for HTTP Basic authentication.</description>
     </ul>
 </section>
 
+<section id="gcaveats"><title>General caveats</title>
+<p> This module caches authentication and authorization results based
+on the configuration of <module name="mod_ldap">mod_ldap</module>. Changes
+made to the backing LDAP server will not be immediately reflected on the
+HTTP Server, including but not limited to user lockouts/revocations, 
+password changes, or changes to group memberships.  Consult the directives 
+in <module name="mod_ldap">mod_ldap</module> for details of the cache tunables.
+</p>
+</section>
+
 <section id="operation"><title>Operation</title>
 
     <p>There are two phases in granting access to a user. The first