From: Eric Covener <covener@apache.org>
Date: Sat, 4 Oct 2008 14:59:09 +0000 (+0000)
Subject: AuthbasicProvider of something other then LDAP, with AuthLDAPURL in the per-dir config
X-Git-Tag: 2.2.10~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0f6da1aed208432308bb6bae8466a5b6455baf95;p=thirdparty%2Fapache%2Fhttpd.git

AuthbasicProvider of something other then LDAP, with AuthLDAPURL in the per-dir config
behaves a little unintuitively. Document the behavior if/until LDAP can better step
out of the way during authorization.

PR#45946



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@701648 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en
index ef5684c0465..51065919909 100644
--- a/docs/manual/mod/mod_authnz_ldap.html.en
+++ b/docs/manual/mod/mod_authnz_ldap.html.en
@@ -953,6 +953,14 @@ environment variable</td></tr>
 
     <p>See above for examples of <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code> URLs.</p>
 
+    <p> When <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>
+    is enabled in a particular context, but some other module has performed
+    authentication for the request, the server will try to map the username to a DN
+    during authorization regardless of whether or not LDAP-specific requirements
+    are present. To ignore the failures to map a username to a DN during
+    authorization, set <code class="directive"><a href="#&#10;    authzldapautoritative">
+    AuthzLDAPAutoritative</a></code> to "off".</p>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthzLDAPAuthoritative" id="AuthzLDAPAuthoritative">AuthzLDAPAuthoritative</a> <a name="authzldapauthoritative" id="authzldapauthoritative">Directive</a></h2>
diff --git a/docs/manual/mod/mod_authnz_ldap.xml b/docs/manual/mod/mod_authnz_ldap.xml
index d3b2787d5a0..4d799d12adf 100644
--- a/docs/manual/mod/mod_authnz_ldap.xml
+++ b/docs/manual/mod/mod_authnz_ldap.xml
@@ -974,6 +974,14 @@ environment variable</description>
 
     <p>See above for examples of <directive
     module="mod_authnz_ldap">AuthLDAPURL</directive> URLs.</p>
+
+    <p> When <directive module="mod_authnz_ldap">AuthLDAPURL</directive>
+    is enabled in a particular context, but some other module has performed
+    authentication for the request, the server will try to map the username to a DN
+    during authorization regardless of whether or not LDAP-specific requirements
+    are present. To ignore the failures to map a username to a DN during
+    authorization, set <directive module="mod_authnz_ldap">
+    AuthzLDAPAutoritative</directive> to "off".</p>
 </usage>
 </directivesynopsis>