From: Igor Galić Date: Thu, 26 Apr 2012 16:18:54 +0000 (+0000) Subject: ./build.sh all X-Git-Tag: 2.5.0-alpha~7008 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd1694d46e32ccbed29218b5f6bdc6165597a580;p=thirdparty%2Fapache%2Fhttpd.git ./build.sh all git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1330924 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/manual/bind.html.de b/docs/manual/bind.html.de index 9334f6fa8d5..e69de29bb2d 100644 --- a/docs/manual/bind.html.de +++ b/docs/manual/bind.html.de @@ -1,180 +0,0 @@ - - - -Anbindung - Apache HTTP Server - - - - - - -
-

Module | Direktiven | FAQ | Glossar | Seitenindex

-

Apache HTTP Server Version 2.5

-
-
<-
-
-Apache > HTTP-Server > Dokumentation > Version 2.5

Anbindung

-
-

Verfügbare Sprachen:  de  | - en  | - fr  | - ja  | - ko  | - tr 

-
-
Diese Übersetzung ist möglicherweise - nicht mehr aktuell. Bitte prüfen Sie die englische Version auf - die neuesten Änderungen.
- -

Konfiguration der vom Apache verwendeten Adressen und Ports.

-
- -
top
-
-

Überblick

- - -
Referenzierte ModuleReferenzierte Direktiven
- -

Beim Start bindet sich der Apache an bestimmte Adressen und Ports - der lokalen Maschine und wartet auf eingehende Anfragen. - Standardmäßig lauscht er an allen Adressen des Systems. - Es kann jeodch notwendig sein, ihm mit zuteilen, nur an bestimmten Ports - zu lauschen oder nur an ausgewählten Adressen, bzw. einer - Kombination aus beidem. Dies wird oft mit der Funktionalität - virtueller Hosts kombiniert, die bestimmt, wie der Apache auf - verschiedene IP-Adressen, Hostnamen und Ports reagiert.

- -

Die Direktive Listen - weist den Server an, eingehende Anfragen nur an bestimmten Ports oder - Adress/Port-Kombinationen zu akzeptieren. Wenn bei der Listen-Direktive nur eine Portnummer - angegeben wird, dann lauscht der Server auf allen Netzwerkinterfaces an - dem angegebenen Port. Ist auch eine IP-Adresse angegeben, dann lauscht der - Server an der angegebenen Schnittstelle auf dem angegebenen Port. Es - können mehrere Listen-Anweisungen verwendet werden, um - eine Reihe von Adressen und Ports anzugeben, an denen gelauscht werden - soll. Der Server wird dann auf Anfragen an jeder der abgehörten - Adressen und Ports antworten.

- -

Um beispielsweise den Server zu veranlassen, auf allen - Netzwerkinterfaces sowohl an Port 80, als auch an Port 8000 Verbindungen - zu akzeptieren, geben Sie an:

- -

- Listen 80
- Listen 8000 -

- -

Um den Server Verbindungen an Port 80 auf einem Netzwerkinterface - akzeptieren zu lassen und an Port 8080 auf einem anderen Interface, geben - Sie an:

- -

- Listen 192.0.2.1:80
- Listen 192.0.2.5:8000 -

- -

IPv6-Adressen müssen wie im folgenden Beispiel in eckigen - Klammern angegeben werden:

- -

- Listen [2001:db8::a00:20ff:fea7:ccea]:80 -

-
top
-
-

Betrachtung von IPv6-Besonderheiten

- - -

Eine wachsende Anzahl von Plattformen implementiert IPv6. Die - APR - unterstützt IPv6 auf den meisten dieser Plattformen und - ermöglicht dem Apache, IPv6-Sockets zu verwenden und über IPv6 - gesendete Anfragen zu behandeln.

- -

Für Apache-Administratoren kommt erschwerend die Frage hinzu, ob - IPv6-Sockets sowohl IPv4- als auch IPv6-Verbindungen - handhaben können. Zum Betrieb von IPv4-Verbindungen an - IPv6-Sockets werden auf IPv6 abgebildete IPv4-Adressen - (Anm.d.Ü.: so genannete IPv4-gemappte IPv6-Adressen) - verwendet, welche standardmäßig auf den meisten Plattformen - erlaubt sind. Unter FreeBSD, NetBSD und OpenBSD jedoch sind sie - standardmäßig deaktiviert, um den Systemgrundsätzen dieser - Plattformen zu entsprechen. Auf Systemen, wo dies - standardmäßig dekativiert ist, kann dieses Verhalten mit einem - speziellen configure-Parameter für den Apache - geändert werden.

- -

Auf der anderen Seite ist die Verwendung von gemappten Adressen bei - einigen Plattformen wie Linux und True64 der einzige - Weg, sowohl IPv4 wie auch IPv6 zu verwenden. Wenn Sie möchten, dass - der Apache IPv4- und IPv6-Verbindungen mit einem Minimum an Sockets - behandelt, was die Verwendung von IPv4-gemappten IPv6-Adressen - erfordert, dann müssen Sie die configure-Option --enable-v4-mapped angeben.

- -

--enable-v4-mapped ist die Voreinstellung auf allen - Plattformen außer FreeBSD, NetBSD und OpenBSD, so dass Ihr Apache - wahrscheinlich so übersetzt wurde.

- -

Geben Sie wie in dem folgenden Beispiel bei allen Listen-Anweisungen eine IPv4-Adresse - an, wenn Sie möchten, dass Ihr Apache lediglich IPv4-Adressen - behandelt, unabhängig davon, was Ihre Plattform und die APR - unterstützen:

- -

- Listen 0.0.0.0:80
- Listen 192.0.2.1:80 -

- -

Wenn Sie möchten, dass der Apache IPv4- und IPv6-Verbindungen an - separaten Sockets behandelt (d.h. IPv4-gemappte Adressen deaktiviert - werden sollen) und Ihre Plattform es unterstützt, dann müssen - Sie die configure-Option - --disable-v4-mapped angeben. - Unter FreeBSD, NetBSD und OpenBSD ist --disable-v4-mapped - voreingestellt.

-
top
-
-

Das Zusammenspiel mit virtuellen Hosts

- - -

Die Direktive Listen - implementiert keine virtuellen Hosts - sie teilt dem Hauptserver lediglich - mit, an welchen Adressen und Ports er zu lauschen hat. Werden keine - <VirtualHost>-Container - verwendet, dann verhält sich der Server bei allen angenommenen - Anfragen gleich. <VirtualHost>-Abschnitte können jedoch dazu - verwendet werden, ein unterschiedliches Verhalten für eine oder - mehrere Adressen und Ports festzulegen. Um einen virtuellen Host - einzurichten, muss dem Server zunächst mitgeteilt werden, an den - betreffenden Adressen oder Ports zu lauschen. Dann sollte ein <VirtualHost>-Abschnitt für - die angebene Adresse und den angegebenen Port erstellt werden, um das - Verhalten dieses virtuellen Hosts festzulegen. Beachten Sie bitte, dass - auf einen <VirtualHost> - nicht zugegriffen werden kann, wenn er für eine Adresse und einen - Port eingerichtet wurde, an dem der Server nicht lauscht.

-
-
-

Verfügbare Sprachen:  de  | - en  | - fr  | - ja  | - ko  | - tr 

-
- \ No newline at end of file diff --git a/docs/manual/mod/mod_access_compat.html.en b/docs/manual/mod/mod_access_compat.html.en index d669a820fba..8c0e1f9e91f 100644 --- a/docs/manual/mod/mod_access_compat.html.en +++ b/docs/manual/mod/mod_access_compat.html.en @@ -123,10 +123,11 @@ server
A (partial) domain-name
-

Example:

- Allow from example.org
- Allow from .net example.edu -

+ 
+Allow from example.org
+Allow from .net example.edu
+
+

Hosts whose names match, or end in, this string are allowed access. Only complete components are matched, so the above example will match foo.example.org but it will not @@ -142,37 +143,41 @@ server

A full IP address
-

Example:

- Allow from 10.1.2.3
- Allow from 192.168.1.104 192.168.1.205 -

+ 
+Allow from 10.1.2.3
+Allow from 192.168.1.104 192.168.1.205
+
+

An IP address of a host allowed access

A partial IP address
-

Example:

- Allow from 10.1
- Allow from 10 172.20 192.168.2 -

+ 
+Allow from 10.1
+Allow from 10 172.20 192.168.2
+
+

The first 1 to 3 bytes of an IP address, for subnet restriction.

A network/netmask pair
-

Example:

+ 

         Allow from 10.1.0.0/255.255.0.0
-
+ +

A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.

A network/nnn CIDR specification
-

Example:

+ 

         Allow from 10.1.0.0/16
-
+ +

Similar to the previous case, except the netmask consists of nnn high-order 1 bits.

@@ -183,10 +188,11 @@ server

IPv6 addresses and IPv6 subnets can be specified as shown below:

-

- Allow from 2001:db8::a00:20ff:fea7:ccea
- Allow from 2001:db8::a00:20ff:fea7:ccea/10 -

+ 
+Allow from 2001:db8::a00:20ff:fea7:ccea
+Allow from 2001:db8::a00:20ff:fea7:ccea/10
+
+

The third format of the arguments to the Allow directive allows access to the server @@ -204,16 +210,15 @@ server User-Agent (browser type), Referer, or other HTTP request header fields.

-

Example:

- SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
- <Directory /docroot>
- - Order Deny,Allow
- Deny from all
- Allow from env=let_me_in
- - </Directory> -

+ 
+SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+<Directory /docroot>
+    Order Deny,Allow
+    Deny from all
+    Allow from env=let_me_in
+</Directory>
+
+

In this case, browsers with a user-agent string beginning with KnockKnock/2.0 will be allowed access, and all @@ -335,11 +340,12 @@ evaluated.

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

-

- Order Deny,Allow
- Deny from all
- Allow from example.org -

+ 
+Order Deny,Allow
+Deny from all
+Allow from example.org
+
+

In the next example, all hosts in the example.org domain are allowed access, except for the hosts which are in the @@ -348,11 +354,12 @@ evaluated. state is to Deny access to the server.

-

- Order Allow,Deny
- Allow from example.org
- Deny from foo.example.org -

+ 
+Order Allow,Deny
+Allow from example.org
+Deny from foo.example.org
+
+

On the other hand, if the Order in the last example is changed to Deny,Allow, all hosts will @@ -370,13 +377,12 @@ evaluated. directives because of its effect on the default access state. For example,

-

- <Directory /www>
- - Order Allow,Deny
- - </Directory> -

+ 
+<Directory /www>
+    Order Allow,Deny
+</Directory>
+
+

will Deny all access to the /www directory because the default access state is set to @@ -433,27 +439,29 @@ later people outside of your network provide a password, you could use a configuration similar to the following:

-

- Require valid-user
- Allow from 192.168.1
- Satisfy Any -

+ 
+Require valid-user
+Allow from 192.168.1
+Satisfy Any
+
+

Another frequent use of the Satisfy directive is to relax access restrictions for a subdirectory:

-

- <Directory /var/www/private>
- Require valid-user
- </Directory>
-
- <Directory /var/www/private/public>
- Allow from all
- Satisfy Any
- </Directory> -

+ 
+<Directory /var/www/private>
+    Require valid-user
+</Directory>
+
+<Directory /var/www/private/public>
+    Allow from all
+    Satisfy Any
+</Directory>
+
+

In the above example, authentication will be required for the /var/www/private directory, but will not be required diff --git a/docs/manual/mod/mod_access_compat.html.fr b/docs/manual/mod/mod_access_compat.html.fr index 3e4aaae6874..6f563af4f07 100644 --- a/docs/manual/mod/mod_access_compat.html.fr +++ b/docs/manual/mod/mod_access_compat.html.fr @@ -28,6 +28,8 @@  fr  |  ja 

+
Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.
diff --git a/docs/manual/mod/mod_access_compat.xml.fr b/docs/manual/mod/mod_access_compat.xml.fr index 21099d42a1b..f2cdfd7231b 100644 --- a/docs/manual/mod/mod_access_compat.xml.fr +++ b/docs/manual/mod/mod_access_compat.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/mod/mod_access_compat.xml.ja b/docs/manual/mod/mod_access_compat.xml.ja index 8b76311b594..558781a669e 100644 --- a/docs/manual/mod/mod_access_compat.xml.ja +++ b/docs/manual/mod/mod_access_compat.xml.ja @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/mod_actions.xml.ja b/docs/manual/mod/mod_actions.xml.ja index 8d2be3e31bd..037331ec4a3 100644 --- a/docs/manual/mod/mod_actions.xml.ja +++ b/docs/manual/mod/mod_actions.xml.ja @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/mod_alias.xml.ja b/docs/manual/mod/mod_alias.xml.ja index cf7ec990afd..f675699cffc 100644 --- a/docs/manual/mod/mod_alias.xml.ja +++ b/docs/manual/mod/mod_alias.xml.ja @@ -1,7 +1,7 @@ - + + + + diff --git a/docs/manual/mod/mod_asis.xml.ja b/docs/manual/mod/mod_asis.xml.ja index bee53d36513..c8e30525973 100644 --- a/docs/manual/mod/mod_asis.xml.ja +++ b/docs/manual/mod/mod_asis.xml.ja @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/mod_auth_basic.xml.ja b/docs/manual/mod/mod_auth_basic.xml.ja index f809103cf4f..699d7b56351 100644 --- a/docs/manual/mod/mod_auth_basic.xml.ja +++ b/docs/manual/mod/mod_auth_basic.xml.ja @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/mod_auth_digest.xml.ko b/docs/manual/mod/mod_auth_digest.xml.ko index 6352d2ecb90..288784b26fd 100644 --- a/docs/manual/mod/mod_auth_digest.xml.ko +++ b/docs/manual/mod/mod_auth_digest.xml.ko @@ -1,7 +1,7 @@ - + + + + diff --git a/docs/manual/mod/mod_authn_dbd.html.en b/docs/manual/mod/mod_authn_dbd.html.en index dfad5515850..0e26612d509 100644 --- a/docs/manual/mod/mod_authn_dbd.html.en +++ b/docs/manual/mod/mod_authn_dbd.html.en @@ -88,7 +88,7 @@ to cache credentials and take most of the load off the database.

This simple example shows use of this module in the context of the Authentication and DBD frameworks.

-
+
 # mod_dbd configuration
 # UPDATED to include authentication cacheing
 DBDriver pgsql
@@ -116,10 +116,10 @@ DBDExptime 300
   Require valid-user
 
   # mod_authn_dbd SQL query to authenticate a user
-  AuthDBDUserPWQuery \
-    "SELECT password FROM authn WHERE user = %s"
+  AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
 </Directory>
-
+ +
top

Exposing Login Information

@@ -152,10 +152,10 @@ configuration required in some web applications. will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

-

Example

-AuthDBDUserPWQuery \
-  "SELECT password FROM authn WHERE user = %s"
-
+ 
+AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
+
+

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user @@ -186,10 +186,10 @@ AuthDBDUserPWQuery \ The user's ID and the realm, in that order, will be passed as string parameters when the SQL query is executed. They may be referenced within the query statement using %s format specifiers.

-

Example

-AuthDBDUserRealmQuery \
-  "SELECT password FROM authn WHERE user = %s AND realm = %s"
-
+ 
+AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s"
+
+

The first column value of the first row returned by the query statement should be a string containing the encrypted password. Subsequent rows will be ignored. If no rows are returned, the user diff --git a/docs/manual/mod/mod_authn_socache.html.en b/docs/manual/mod/mod_authn_socache.html.en index 2f5627aa6df..2cbf27bf017 100644 --- a/docs/manual/mod/mod_authn_socache.html.en +++ b/docs/manual/mod/mod_authn_socache.html.en @@ -84,18 +84,19 @@ the load on backends

A simple usage example to accelerate mod_authn_dbd using dbm as a cache engine:

- 
-    <Directory /usr/www/myhost/private>
-        AuthType Basic
-        AuthName "Cached Authentication Example"
-        AuthBasicProvider socache dbd
-        AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
-        AuthnCacheProvideFor dbd
-        AuthnCacheContext dbd-authn-example
-        AuthnCacheSOCache dbm
-        Require valid-user
-    </Directory>
-
+ 
+<Directory /usr/www/myhost/private>
+    AuthType Basic
+    AuthName "Cached Authentication Example"
+    AuthBasicProvider socache dbd
+    AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
+    AuthnCacheProvideFor dbd
+    AuthnCacheContext dbd-authn-example
+    AuthnCacheSOCache dbm
+    Require valid-user
+</Directory>
+
+
top

Cacheing with custom modules

@@ -171,9 +172,10 @@ the load on backends

For example, to cache credentials found by mod_authn_dbd or by a custom provider myprovider, but leave those looked up by lightweight providers like file or dbm lookup alone:

-

- AuthnCacheProvideFor dbd myprovider -

+ 
+AuthnCacheProvideFor dbd myprovider
+
+
top
diff --git a/docs/manual/mod/mod_authnz_ldap.html.en b/docs/manual/mod/mod_authnz_ldap.html.en index 4c35a543a66..7047f03fe2e 100644 --- a/docs/manual/mod/mod_authnz_ldap.html.en +++ b/docs/manual/mod/mod_authnz_ldap.html.en @@ -366,11 +366,12 @@ for HTTP Basic authentication.ldap://ldap/o=Example?cn (i.e., cn is used for searches), the following Require directives could be used to restrict access:

-

-Require ldap-user "Barbara Jenson"
-Require ldap-user "Fred User"
-Require ldap-user "Joe Manager"
-

+
+Require ldap-user "Barbara Jenson"
+Require ldap-user "Fred User"
+Require ldap-user "Joe Manager"
+
+

Because of the way that mod_authnz_ldap handles this directive, Barbara Jenson could sign on as Barbara @@ -382,7 +383,8 @@ Require ldap-user "Joe Manager"

If the uid attribute was used instead of the cn attribute in the URL above, the above three lines could be condensed to

-

Require ldap-user bjenson fuser jmanager

+
Require ldap-user bjenson fuser jmanager
+

Require ldap-group

@@ -392,58 +394,60 @@ Require ldap-user "Joe Manager"
group. Note: Do not surround the group name with quotes. For example, assume that the following entry existed in the LDAP directory:

-

-dn: cn=Administrators, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Barbara Jenson, o=Example
-uniqueMember: cn=Fred User, o=Example
-

+
+dn: cn=Administrators, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Barbara Jenson, o=Example
+uniqueMember: cn=Fred User, o=Example
+

The following directive would grant access to both Fred and Barbara:

-

Require ldap-group cn=Administrators, o=Example

+
Require ldap-group cn=Administrators, o=Example
+

Members can also be found within sub-groups of a specified LDAP group if AuthLDAPMaxSubGroupDepth is set to a value greater than 0. For example, assume the following entries exist in the LDAP directory:

-

-dn: cn=Employees, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Managers, o=Example
-uniqueMember: cn=Administrators, o=Example
-uniqueMember: cn=Users, o=Example
-
-dn: cn=Managers, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Bob Ellis, o=Example
-uniqueMember: cn=Tom Jackson, o=Example
-
-dn: cn=Administrators, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Barbara Jenson, o=Example
-uniqueMember: cn=Fred User, o=Example
-
-dn: cn=Users, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Allan Jefferson, o=Example
-uniqueMember: cn=Paul Tilley, o=Example
-uniqueMember: cn=Temporary Employees, o=Example
-
-dn: cn=Temporary Employees, o=Example
-objectClass: groupOfUniqueNames
-uniqueMember: cn=Jim Swenson, o=Example
-uniqueMember: cn=Elliot Rhodes, o=Example
-

+
+dn: cn=Employees, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Managers, o=Example
+uniqueMember: cn=Administrators, o=Example
+uniqueMember: cn=Users, o=Example
+
+dn: cn=Managers, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Bob Ellis, o=Example
+uniqueMember: cn=Tom Jackson, o=Example
+
+dn: cn=Administrators, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Barbara Jenson, o=Example
+uniqueMember: cn=Fred User, o=Example
+
+dn: cn=Users, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Allan Jefferson, o=Example
+uniqueMember: cn=Paul Tilley, o=Example
+uniqueMember: cn=Temporary Employees, o=Example
+
+dn: cn=Temporary Employees, o=Example
+objectClass: groupOfUniqueNames
+uniqueMember: cn=Jim Swenson, o=Example
+uniqueMember: cn=Elliot Rhodes, o=Example
+

The following directives would allow access for Bob Ellis, Tom Jackson, Barbara Jensen, Fred User, Allan Jefferson, and Paul Tilley but would not allow access for Jim Swenson, or Elliot Rhodes (since they are at a sub-group depth of 2):

-

-Require ldap-group cn=Employees, o-Example
-AuthLDAPSubGroupDepth 1
-

+
+Require ldap-group cn=Employees, o-Example
+AuthLDAPSubGroupDepth 1
+
+

Behavior of this directive is modified by the AuthLDAPGroupAttribute, AuthLDAPGroupAttributeIsDN, AuthLDAPMaxSubGroupDepth, AuthLDAPSubGroupAttribute, and AuthLDAPSubGroupClass directives.

@@ -461,7 +465,8 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to a specific DN:

-

Require ldap-dn cn=Barbara Jenson, o=Example

+
Require ldap-dn cn=Barbara Jenson, o=Example
+

Behavior of this directive is modified by the AuthLDAPCompareDNOnServer directive.

@@ -477,7 +482,8 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to anyone with the attribute employeeType = active

-

Require ldap-attribute employeeType=active

+ 
Require ldap-attribute employeeType=active
+

Multiple attribute/value pairs can be specified on the same line separated by spaces or they can be specified in multiple @@ -490,7 +496,8 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to anyone with the city attribute equal to "San Jose" or status equal to "Active"

-

Require ldap-attribute city="San Jose" status=active

+ 
Require ldap-attribute city="San Jose" status=active
+ @@ -504,7 +511,8 @@ AuthLDAPSubGroupDepth 1

The following directive would grant access to anyone having a cell phone and is in the marketing department

-

Require ldap-filter &(cell=*)(department=marketing)

+ 
Require ldap-filter &(cell=*)(department=marketing)
+

The difference between the Require ldap-filter directive and the Require ldap-attribute directive is that ldap-filter @@ -524,19 +532,21 @@ AuthLDAPSubGroupDepth 1

  • Grant access to anyone who exists in the LDAP directory, using their UID for searches. -

    -AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)"
    +

    +AuthLDAPURL "ldap://ldap1.example.com:389/ou=People, o=Example?uid?sub?(objectClass=*)"
 Require valid-user
-
    + +
  • The next example is the same as above; but with the fields that have useful defaults omitted. Also, note the use of a redundant LDAP server. -

    AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example"
    +

    AuthLDAPURL "ldap://ldap1.example.com ldap2.example.com/ou=People, o=Example"
 Require valid-user
-
    + +
  • @@ -548,19 +558,21 @@ Require valid-user this approach is not recommended: it's a better idea to choose an attribute that is guaranteed unique in your directory, such as uid. -

    -AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn"
    +

    +AuthLDAPURL "ldap://ldap.example.com/ou=People, o=Example?cn"
 Require valid-user
-
    + +
  • Grant access to anybody in the Administrators group. The users must authenticate using their UID. -

    -AuthLDAPURL ldap://ldap.example.com/o=Example?uid
    +

    +AuthLDAPURL ldap://ldap.example.com/o=Example?uid
 Require ldap-group cn=Administrators, o=Example
-
    + +
  • @@ -569,10 +581,11 @@ Require ldap-group cn=Administrators, o=Example of qpagePagerID. The example will grant access only to people (authenticated via their UID) who have alphanumeric pagers: -

    -AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*)
    +

    +AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(qpagePagerID=*)
 Require valid-user
-
    + +
  • @@ -585,10 +598,11 @@ Require valid-user a pager, plus grant access to Joe Manager, who doesn't have a pager, but does need to access the same resource:

    -

    -AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(|(qpagePagerID=*)(uid=jmanager))
    +

    +AuthLDAPURL ldap://ldap.example.com/o=Example?uid??(|(qpagePagerID=*)(uid=jmanager))
 Require valid-user
-
    + +

    This last may look confusing at first, so it helps to evaluate what the search filter will look like based on who @@ -677,11 +691,12 @@ Require valid-user subtree search for the attribute userPrincipalName, with an empty search root, like so:

    -

    -AuthLDAPBindDN apache@example.com
    -AuthLDAPBindPassword password
    +

    +AuthLDAPBindDN apache@example.com
+AuthLDAPBindPassword password
 AuthLDAPURL ldap://10.0.0.1:3268/?userPrincipalName?sub
-
    + +

    Users will need to enter their User Principal Name as a login, in the form somebody@nz.example.com.

    @@ -704,11 +719,12 @@ AuthLDAPURL ldap://10.0.0.1:3268/?userPrincipalName?sub authentication to it is a matter of adding the following directives to every .htaccess file that gets created in the web

    -
    +
     AuthLDAPURL            "the url"
 AuthGroupFile mygroupfile
 Require group mygroupfile
-
    + +

    How It Works

    @@ -1059,8 +1075,10 @@ to perform a DN lookup AuthLDAPBindDN.

    -

    AuthLDAPInitialBindPattern (.+) $1@example.com

    -

    AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com

    + 
     AuthLDAPInitialBindPattern (.+) $1@example.com
    + + 
     AuthLDAPInitialBindPattern (.+) cn=$1,dc=example,dc=com
    +

    Not available with authorization-only

    This directive can only be used if this module authenticates the user, and @@ -1242,7 +1260,8 @@ objects that are groups during sub-group processing. to use. The syntax of the URL is

    ldap://host:port/basedn?attribute?scope?filter

    If you want to specify more than one LDAP URL that Apache should try in turn, the syntax is:

    -

    AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."

    +
    AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."
    +

    Caveat: If you specify multiple servers, you need to enclose the entire URL string in quotes; otherwise you will get an error: "AuthLDAPURL takes one argument, URL to define LDAP connection.." You can of course use search parameters on each of these.

    diff --git a/docs/manual/mod/mod_authnz_ldap.html.fr b/docs/manual/mod/mod_authnz_ldap.html.fr index e595926fadb..0f6e2fb1874 100644 --- a/docs/manual/mod/mod_authnz_ldap.html.fr +++ b/docs/manual/mod/mod_authnz_ldap.html.fr @@ -27,6 +27,8 @@

    Langues Disponibles:  en  |  fr 

    +
    Cette traduction peut être périmée. Vérifiez la version + anglaise pour les changements récents.
    • Description:Autorisations de groupe à base de nom d'hôte (nom ou adresse IP)
    Statut:Extension
    diff --git a/docs/manual/mod/mod_authnz_ldap.xml.fr b/docs/manual/mod/mod_authnz_ldap.xml.fr index a191acf023b..acd0fb2f45d 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml.fr +++ b/docs/manual/mod/mod_authnz_ldap.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/mod/mod_authnz_ldap.xml.meta b/docs/manual/mod/mod_authnz_ldap.xml.meta index 4ec661a32dd..7a6a237d9a1 100644 --- a/docs/manual/mod/mod_authnz_ldap.xml.meta +++ b/docs/manual/mod/mod_authnz_ldap.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/mod/mod_authz_core.html.en b/docs/manual/mod/mod_authz_core.html.en index 5ee99291294..9590e511624 100644 --- a/docs/manual/mod/mod_authz_core.html.en +++ b/docs/manual/mod/mod_authz_core.html.en @@ -78,38 +78,34 @@ multiple ldap hosts:

    -

    Example

    - <AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
    - - AuthLDAPBindDN cn=youruser,o=ctx
    - AuthLDAPBindPassword yourpassword
    - AuthLDAPURL ldap://ldap.host/o=ctx
    -     - </AuthzProviderAlias>

    - <AuthzProviderAlias ldap-group ldap-group-alias2 - cn=my-other-group,o=dev>
    - - AuthLDAPBindDN cn=yourotheruser,o=dev
    - AuthLDAPBindPassword yourotherpassword
    - AuthLDAPURL ldap://other.ldap.host/o=dev?cn
    -     - </AuthzProviderAlias>

    - - Alias /secure /webpages/secure
    - <Directory /webpages/secure>
    - - Require all granted

    - - AuthBasicProvider file

    - - AuthType Basic
    - AuthName LDAP_Protected_Place

    - - #implied OR operation
    - Require ldap-group-alias1
    - Require ldap-group-alias2
    -     </Directory>
    -

    + 
    +<AuthzProviderAlias ldap-group ldap-group-alias1 cn=my-group,o=ctx>
+    AuthLDAPBindDN cn=youruser,o=ctx
+    AuthLDAPBindPassword yourpassword
+    AuthLDAPURL ldap://ldap.host/o=ctx
+</AuthzProviderAlias>
+
+<AuthzProviderAlias ldap-group ldap-group-alias2 cn=my-other-group,o=dev>
+    AuthLDAPBindDN cn=yourotheruser,o=dev
+    AuthLDAPBindPassword yourotherpassword
+    AuthLDAPURL ldap://other.ldap.host/o=dev?cn
+</AuthzProviderAlias>
+
+Alias /secure /webpages/secure
+<Directory /webpages/secure>
+    Require all granted
+    
+    AuthBasicProvider file
+    
+    AuthType Basic
+    AuthName LDAP_Protected_Place
+    
+    #implied OR operation
+    Require ldap-group-alias1
+    Require ldap-group-alias2
+</Directory>
+
    +
    top
    @@ -135,39 +131,28 @@ not belong to either the temps group or the LDAP group Temporary Employees.

    -

    - <Directory /www/mydocs> - + 

    +<Directory /www/mydocs>
+    <RequireAll>
+        <RequireAny>
+            Require user superadmin
             <RequireAll>
-            
+                Require group admins
+                Require ldap-group cn=Administrators,o=Airius
                 <RequireAny>
-                
-                    Require user superadmin
    
-                    <RequireAll>
-                    
-                        Require group admins
    
-                        Require ldap-group cn=Administrators,o=Airius
    
-                        <RequireAny>
-                        
-                            Require group sales
    
-                            Require ldap-attribute dept="sales"
-                            
-                        </RequireAny>
-                        
-                    </RequireAll>
-                    
-                </RequireAny>
    
-                <RequireNone>
-                
-                    Require group temps
    
-                    Require ldap-group cn=Temporary Employees,o=Airius
-                    
-                </RequireNone>
-                
+                    Require group sales
+                    Require ldap-attribute dept="sales"
+                </RequireAny>
             </RequireAll>
-        
-        </Directory>
-
    + </RequireAny> + <RequireNone> + Require group temps + Require ldap-group cn=Temporary Employees,o=Airius + </RequireNone> + </RequireAll> +</Directory> + +
    top

    The Require Directives

    @@ -190,14 +175,13 @@ User-Agent (browser type), Referer, or other HTTP request header fields.

    -

    Example:

    - SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
    - <Directory /docroot>
    - - Require env let_me_in
    -     - </Directory> -

    + 
    +SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
+<Directory /docroot>
+    Require env let_me_in
+</Directory>
+
    +

    In this case, browsers with a user-agent string beginning with KnockKnock/2.0 will be allowed access, and all @@ -213,13 +197,15 @@ 'granted' or 'denied'. The following examples will grant or deny access to all requests.

    -

    - Require all granted
    -

    + 
    +    Require all granted
+
    + + + 
    +    Require all denied
+
    -

    - Require all denied
    -

    @@ -233,20 +219,22 @@

    The following example will only allow GET, HEAD, POST, and OPTIONS requests:

    -

    - Require method GET POST OPTIONS
    -

    + 
    +        Require method GET POST OPTIONS
+
    +

    The following example will allow GET, HEAD, POST, and OPTIONS requests without authentication, and require a valid user for all other methods:

    -

    - <RequireAny>
    -  Require method GET POST OPTIONS
    -  Require valid-user
    - </RequireAny>
    -

    + 
    +<RequireAny>
+     Require method GET POST OPTIONS
+     Require valid-user
+</RequireAny>
+
    + @@ -255,9 +243,10 @@

    The expr provider allows to base authorization decisions on arbitrary expressions.

    -

    - Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17
    -

    + 
    +        Require expr %{TIME_HOUR} >= 9 && %{TIME_HOUR} <= 17 
+
    +

    The syntax is described in the ap_expr documentation.

    @@ -314,30 +303,25 @@ sections. preceding sections. Thus only users belong to the group gamma may access /www/docs/ab/gamma.
    -

    - <Directory /www/docs> - - AuthType Basic
    - AuthName Documents
    - AuthBasicProvider file
    - AuthUserFile /usr/local/apache/passwd/passwords
    - Require group alpha -     - </Directory>
    -
    - <Directory /www/docs/ab> - - AuthMerging Or
    - Require group beta -     - </Directory>
    -
    - <Directory /www/docs/ab/gamma> - - Require group gamma - - </Directory> -

    + 
    +<Directory /www/docs>
+    AuthType Basic
+    AuthName Documents
+    AuthBasicProvider file
+    AuthUserFile /usr/local/apache/passwd/passwords
+    Require group alpha
+</Directory>
+
+<Directory /www/docs/ab>
+    AuthMerging Or
+    Require group beta
+</Directory>
+
+<Directory /www/docs/ab/gamma>
+    Require group gamma
+</Directory>
+
    +
    top
    @@ -460,14 +444,15 @@ an authorization provider. and AuthGroupFile (to define users and groups) in order to work correctly. Example:

    -

    - AuthType Basic
    - AuthName "Restricted Resource"
    - AuthBasicProvider file
    - AuthUserFile /web/users
    - AuthGroupFile /web/groups
    - Require group admin -

    + 
    +AuthType Basic
+AuthName "Restricted Resource"
+AuthBasicProvider file
+AuthUserFile /web/users
+AuthGroupFile /web/groups
+Require group admin
+
    +

    Access controls which are applied in this way are effective for all methods. This is what is normally @@ -489,18 +474,15 @@ an authorization provider. and beta groups are authorized, except for those who are also in the reject group.

    -

    - <Directory /www/docs> - - <RequireAll> - - Require group alpha beta
    - Require not group reject -     - </RequireAll> -     - </Directory> -

    + 
    +<Directory /www/docs>
+    <RequireAll>
+        Require group alpha beta
+        Require not group reject
+    </RequireAll>
+</Directory>
+
    +

    When multiple Require directives are used in a single diff --git a/docs/manual/mod/mod_authz_dbd.html.en b/docs/manual/mod/mod_authz_dbd.html.en index fc4876c4f45..e4d92c9d379 100644 --- a/docs/manual/mod/mod_authz_dbd.html.en +++ b/docs/manual/mod/mod_authz_dbd.html.en @@ -57,7 +57,7 @@

    See also

    • Require
      • @@ -96,9 +96,9 @@ the database. Other session management modules can then use the hook to implement functions that start and end client-side sessions.

      top
      -

      Configuration Example

      +

      Configuration example

      -
      +
       # mod_dbd configuration
 DBDriver pgsql
 DBDParams "dbname=apacheauth user=apache pass=xxxxxx"
@@ -132,13 +132,11 @@ DBDExptime 300
 
   <Files login.html>
     # don't require user to already be logged in!
-    AuthDBDUserPWQuery \
-      "SELECT password FROM authn WHERE user = %s"
+    AuthDBDUserPWQuery "SELECT password FROM authn WHERE user = %s"
 
     # dbd-login action executes a statement to log user in
     Require dbd-login
-    AuthzDBDQuery \
-      "UPDATE authn SET login = 'true' WHERE user = %s"
+    AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s"
 
     # return user to referring page (if any) after
     # successful login
@@ -148,11 +146,11 @@ DBDExptime 300
   <Files logout.html>
     # dbd-logout action executes a statement to log user out
     Require dbd-logout
-    AuthzDBDQuery \
-      "UPDATE authn SET login = 'false' WHERE user = %s"
+    AuthzDBDQuery "UPDATE authn SET login = 'false' WHERE user = %s"
   </Files>
 </Directory>
-
      + +
      top

      AuthzDBDLoginToReferer Directive

      @@ -195,22 +193,22 @@ header is present The first column value of each row returned by the query statement should be a string containing a group name. Zero, one, or more rows may be returned. -

      Example

      +    
       Require dbd-group
-AuthzDBDQuery \
-  "SELECT group FROM groups WHERE user = %s"
-
      +AuthzDBDQuery "SELECT group FROM groups WHERE user = %s" + +
    • When used with a Require dbd-login or Require dbd-logout directive, it will never deny access, but will instead execute a SQL statement designed to log the user in or out. The user must already be authenticated with mod_authn_dbd. -

      Example

      +    
       Require dbd-login
-AuthzDBDQuery \
-  "UPDATE authn SET login = 'true' WHERE user = %s"
-
      +AuthzDBDQuery "UPDATE authn SET login = 'true' WHERE user = %s" + +

    In all cases, the user's ID will be passed as a single string @@ -232,10 +230,10 @@ AuthzDBDQuery \ specific to the user. The user's ID will be passed as a single string parameter when the SQL query is executed. It may be referenced within the query statement using a %s format specifier.

    -

    Example

    -AuthzDBDRedirectQuery \
-  "SELECT userpage FROM userpages WHERE user = %s"
-
    + 
    +AuthzDBDRedirectQuery "SELECT userpage FROM userpages WHERE user = %s"
+
    +

    The first column value of the first row returned by the query statement should be a string containing a URL to which to redirect the client. Subsequent rows will be ignored. If no rows are returned, diff --git a/docs/manual/mod/mod_authz_dbm.html.en b/docs/manual/mod/mod_authz_dbm.html.en index 319f732521b..087b0025bf6 100644 --- a/docs/manual/mod/mod_authz_dbm.html.en +++ b/docs/manual/mod/mod_authz_dbm.html.en @@ -87,10 +87,11 @@ of user groups for authorization accomplished by first setting the group and password files to point to the same DBM:

    -

    - AuthDBMGroupFile /www/userbase
    - AuthDBMUserFile /www/userbase -

    + 
    +AuthDBMGroupFile /www/userbase
+AuthDBMUserFile /www/userbase
+
    +

    The key for the single DBM is the username. The value consists of

    diff --git a/docs/manual/mod/mod_authz_dbm.xml.ko b/docs/manual/mod/mod_authz_dbm.xml.ko index 01f5c29e2f9..5c72eeb87e7 100644 --- a/docs/manual/mod/mod_authz_dbm.xml.ko +++ b/docs/manual/mod/mod_authz_dbm.xml.ko @@ -1,7 +1,7 @@ - + + diff --git a/docs/manual/mod/mod_authz_host.xml.meta b/docs/manual/mod/mod_authz_host.xml.meta index 2df68a979b0..c67d019aa9f 100644 --- a/docs/manual/mod/mod_authz_host.xml.meta +++ b/docs/manual/mod/mod_authz_host.xml.meta @@ -8,6 +8,6 @@ en - fr + fr diff --git a/docs/manual/mod/mod_authz_owner.html.en b/docs/manual/mod/mod_authz_owner.html.en index d114de58269..c3df5d5fcb7 100644 --- a/docs/manual/mod/mod_authz_owner.html.en +++ b/docs/manual/mod/mod_authz_owner.html.en @@ -97,17 +97,16 @@ files in /home/smith/public_html/private unless they were owned by jones instead of smith.

    -

    - <Directory /home/*/public_html/private>
    - - AuthType Basic
    - AuthName MyPrivateFiles
    - AuthBasicProvider dbm
    - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
    - Require file-owner
    -     - </Directory> -

    + 
    +<Directory /home/*/public_html/private>
+    AuthType Basic
+    AuthName MyPrivateFiles
+    AuthBasicProvider dbm
+    AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
+    Require file-owner
+</Directory>
+
    +

    Require file-group

    @@ -122,22 +121,21 @@ authorized to access the project-foo directories of each other.

    -

    - <Directory /home/*/public_html/project-foo>
    - - AuthType Basic
    - AuthName "Project Foo Files"
    - AuthBasicProvider dbm
    -
    - # combined user/group database
    - AuthDBMUserFile /usr/local/apache2/etc/.htdbm-all
    - AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
    -
    - Satisfy All
    - Require file-group
    -     - </Directory> -

    + 
    +<Directory /home/*/public_html/project-foo>
+    AuthType Basic
+    AuthName "Project Foo Files"
+    AuthBasicProvider dbm
+    
+    # combined user/group database
+    AuthDBMUserFile  /usr/local/apache2/etc/.htdbm-all
+    AuthDBMGroupFile /usr/local/apache2/etc/.htdbm-all
+    
+    Satisfy All
+    Require file-group
+</Directory>
+
    + diff --git a/docs/manual/mod/mod_authz_owner.xml.fr b/docs/manual/mod/mod_authz_owner.xml.fr index cb1d5746951..ad569c4f453 100644 --- a/docs/manual/mod/mod_authz_owner.xml.fr +++ b/docs/manual/mod/mod_authz_owner.xml.fr @@ -1,7 +1,7 @@ - + diff --git a/docs/manual/mod/mod_authz_owner.xml.ja b/docs/manual/mod/mod_authz_owner.xml.ja index 6294f38139a..6c15c70051a 100644 --- a/docs/manual/mod/mod_authz_owner.xml.ja +++ b/docs/manual/mod/mod_authz_owner.xml.ja @@ -1,7 +1,7 @@ - + + + diff --git a/docs/manual/mod/mod_autoindex.xml.ja b/docs/manual/mod/mod_autoindex.xml.ja index 91ca85e3fff..27bfa145d2a 100644 --- a/docs/manual/mod/mod_autoindex.xml.ja +++ b/docs/manual/mod/mod_autoindex.xml.ja @@ -1,7 +1,7 @@ - + + + + + +
    Description:Permet d'utiliser un annuaire LDAP pour l'authentification HTTP de base.
    Statut:Extension