From dc771bbb4e6dc09e23cfd03a030414d6246b9260 Mon Sep 17 00:00:00 2001
From: Erik Abele <erikabele@apache.org>
Date: Tue, 18 Feb 2003 22:56:35 +0000
Subject: [PATCH] Fixed missing </p> + transformation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98715 13f79535-47bb-0310-9956-ffa450edef68
---
 docs/manual/mod/mod_auth_ldap.html.en |  38 ++--------
 docs/manual/mod/mod_ldap.html.en      | 104 +++++++++++++++++++++-----
 docs/manual/mod/mod_ldap.xml          |   4 +-
 3 files changed, 92 insertions(+), 54 deletions(-)

diff --git a/docs/manual/mod/mod_auth_ldap.html.en b/docs/manual/mod/mod_auth_ldap.html.en
index 35ebe21c43d..0ceb7ca0570 100644
--- a/docs/manual/mod/mod_auth_ldap.html.en
+++ b/docs/manual/mod/mod_auth_ldap.html.en
@@ -32,7 +32,8 @@ for HTTP Basic authentication.</td></tr>
 
     <ul>
       <li>Known to support the <a href="http://www.openldap.org/">OpenLDAP SDK</a> (both 1.x
-      and 2.x), and the <a href="http://www.iplanet.com/downloads/developer/">iPlanet
+      and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">
+      Novell LDAP SDK</a> and the <a href="http://www.iplanet.com/downloads/developer/">iPlanet
       (Netscape)</a> SDK.</li>
 
       <li>Complex authorization policies can be implemented by
@@ -45,7 +46,7 @@ for HTTP Basic authentication.</td></tr>
       <li>Uses extensive caching of LDAP operations via <a href="mod_ldap.html">mod_ldap</a>.</li>
 
       <li>Support for LDAP over SSL (requires the Netscape SDK) or
-      TLS (requires the OpenLDAP 2.x SDK).</li>
+      TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).</li>
     </ul>
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
@@ -61,7 +62,6 @@ for HTTP Basic authentication.</td></tr>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattribute">AuthLDAPGroupAttribute</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapgroupattributeisdn">AuthLDAPGroupAttributeIsDN</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapremoteuserisdn">AuthLDAPRemoteUserIsDN</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#authldapstarttls">AuthLDAPStartTLS</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#authldapurl">AuthLDAPUrl</a></li>
 </ul>
 <h3>Topics</h3>
@@ -444,23 +444,12 @@ require valid-user
 <div class="section">
 <h2><a name="usingtls" id="usingtls">Using TLS</a></h2>
 
-    <p>To use TLS, simply set the <code class="directive"><a href="#authldapstarttls">AuthLDAPStartTLS</a></code> to on.
-    Nothing else needs to be done (other than ensure that your LDAP
-    server is configured for TLS).</p>
+    <p>To use TLS, see the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> directives <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedca">LDAPTrustedCA</a></code> and <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedcatype">LDAPTrustedCAType</a></code>.</p>
 </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
 <h2><a name="usingssl" id="usingssl">Using SSL</a></h2>
 
-    <p>If <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code> is linked against the
-    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
-    unless that server has a certificate signed by a known Certificate
-    Authority. As part of the configuration
-    <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code> needs to be told where it can find
-    a database containing the known CAs. This database is in the same
-    format as Netscape Communicator's <code>cert7.db</code>
-    database. The easiest way to get this file is to start up a fresh
-    copy of Netscape, and grab the resulting
-    <code>$HOME/.netscape/cert7.db</code> file.</p>
+    <p>To use SSL, see the <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> directives <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedca">LDAPTrustedCA</a></code> and <code class="directive"><a href="../mod/mod_ldap.html#ldaptrustedcatype">LDAPTrustedCAType</a></code>.</p>
 
     <p>To specify a secure LDAP server, use <em>ldaps://</em> in the
     <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>
@@ -759,23 +748,6 @@ environment variable</td></tr>
     the username that was passed by the client. It is turned off by
     default.</p>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="AuthLDAPStartTLS" id="AuthLDAPStartTLS">AuthLDAPStartTLS</a> <a name="authldapstarttls" id="authldapstarttls">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Use a secure TLS connection to the LDAP server</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>AuthLDAPStartTLS on|off</code></td></tr>
-<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>AuthLDAPStartTLS off</code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr>
-<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_auth_ldap</td></tr>
-</table>
-    <p>If this directive is set to <code>on</code>,
-    <code class="module"><a href="../mod/mod_auth_ldap.html">mod_auth_ldap</a></code> will start a secure TLS session
-    after connecting to the LDAP server. This requires your LDAP
-    server to support TLS.</p>
-
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="AuthLDAPUrl" id="AuthLDAPUrl">AuthLDAPUrl</a> <a name="authldapurl" id="authldapurl">Directive</a></h2>
diff --git a/docs/manual/mod/mod_ldap.html.en b/docs/manual/mod/mod_ldap.html.en
index 9f66eb8db19..4d73740aa57 100644
--- a/docs/manual/mod/mod_ldap.html.en
+++ b/docs/manual/mod/mod_ldap.html.en
@@ -38,21 +38,30 @@ by other LDAP modules</td></tr>
     apr-util. This is achieved by adding the <code>--with-ldap</code>
     flag to the <code>./configure</code> script when building
     Apache.</p>
+
+    <p>SSL support requires that <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> be linked
+    with one of the following LDAP SDKs: <a href="http://www.openldap.org/">
+    OpenLDAP SDK</a> (both 1.x and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">
+    Novell LDAP SDK</a> or the <a href="http://www.iplanet.com/downloads/developer/">
+    iPlanet(Netscape)</a> SDK.</p>
+
 </div>
 <div id="quickview"><h3 class="directives">Directives</h3>
 <ul id="toc">
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapcacheentries">LDAPCacheEntries</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapcachettl">LDAPCacheTTL</a></li>
-<li><img alt="" src="../images/down.gif" /> <a href="#ldapcertdbpath">LDAPCertDBPath</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcacheentries">LDAPOpCacheEntries</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcachettl">LDAPOpCacheTTL</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachesize">LDAPSharedCacheSize</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedca">LDAPTrustedCA</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedcatype">LDAPTrustedCAType</a></li>
 </ul>
 <h3>Topics</h3>
 <ul id="topics">
 <li><img alt="" src="../images/down.gif" /> <a href="#exampleconfig">Example Configuration</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#pool">LDAP Connection Pool</a></li>
 <li><img alt="" src="../images/down.gif" /> <a href="#cache">LDAP Cache</a></li>
+<li><img alt="" src="../images/down.gif" /> <a href="#usingssltls">Using SSL</a></li>
 </ul></div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="section">
@@ -184,6 +193,51 @@ by other LDAP modules</td></tr>
       information each time, depending on which <code>httpd</code>
       instance processes the request.</p>
     
+</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="section">
+<h2><a name="usingssltls" id="usingssltls">Using SSL</a></h2>
+
+    <p>The ability to create an SSL connections to an LDAP server 
+    is defined by the directives <code class="directive"><a href="#&#10;    ldaptrustedca">
+    LDAPTrustedCA</a></code> and <code class="directive"><a href="#&#10;    ldaptrustedcatype">
+    LDAPTrustedCAType</a></code>. These directives specify the certificate
+    file or database and the certificate type. Whenever the LDAP url
+    includes <em>ldaps://</em>, <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> will establish
+    a secure connection to the LDAP server.</p>
+
+    <div class="example"><p><code>
+      # Establish an SSL LDAP connection. Requires that <br />
+      # mod_ldap and mod_auth_ldap be loaded. Change the <br />
+      # "yourdomain.example.com" to match your domain.<br />
+      <br />
+      LDAPTrustedCA /certs/certfile.der<br />
+      LDAPTrustedCAType DER_FILE<br />
+      <br />
+      &lt;Location /ldap-status&gt;<br />
+      <span class="indent">
+        SetHandler ldap-status<br />
+        Order deny,allow<br />
+        Deny from all<br />
+        Allow from yourdomain.example.com<br />
+        AuthLDAPEnabled on<br />
+        AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
+        AuthLDAPAuthoritative on<br />
+        require valid-user<br />
+      </span>
+      &lt;/Location&gt;
+    </code></p></div>
+
+    <p>If <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> is linked against the
+    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
+    unless that server has a certificate signed by a known Certificate
+    Authority. As part of the configuration
+    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> needs to be told where it can find
+    a database containing the known CAs. This database is in the same
+    format as Netscape Communicator's <code>cert7.db</code>
+    database. The easiest way to get this file is to start up a fresh
+    copy of Netscape, and grab the resulting
+    <code>$HOME/.netscape/cert7.db</code> file.</p>
+
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="LDAPCacheEntries" id="LDAPCacheEntries">LDAPCacheEntries</a> <a name="ldapcacheentries" id="ldapcacheentries">Directive</a></h2>
@@ -215,24 +269,6 @@ by other LDAP modules</td></tr>
     search/bind cache remains valid. The default is 600 seconds (10
     minutes).</p>
 
-</div>
-<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
-<div class="directive-section"><h2><a name="LDAPCertDBPath" id="LDAPCertDBPath">LDAPCertDBPath</a> <a name="ldapcertdbpath" id="ldapcertdbpath">Directive</a></h2>
-<table class="directive">
-<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Directory containing certificates for SSL support</td></tr>
-<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCertDBPath <var>directory-path</var></code></td></tr>
-<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
-<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
-<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
-</table>
-    <p>This directive is only valid if Apache has been linked
-    against the Netscape/iPlanet Directory SDK.</p>
-
-    <p>It specifies in which directory <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
-    should look for the certificate authorities database for SSL
-    support. There should be a file named <code>cert7.db</code> in that
-    directory.</p>
-
 </div>
 <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
 <div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a> <a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
@@ -278,6 +314,36 @@ valid</td></tr>
     <p>Specifies the number of bytes to specify for the shared
     memory cache. The default is 100kb.</p>
 
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPTrustedCA" id="LDAPTrustedCA">LDAPTrustedCA</a> <a name="ldaptrustedca" id="ldaptrustedca">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the file containing the trusted Certificate Authority certificate or database</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCA <var>directory-path/filename</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+    <p>It specifies the directory path and file name of the trusted CA
+    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> should use when establishing an SSL
+    connection to an LDAP server. If using the Netscape/iPlanet Directory
+    SDK, the file name should be <code>cert7.db</code>.</p>
+
+</div>
+<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
+<div class="directive-section"><h2><a name="LDAPTrustedCAType" id="LDAPTrustedCAType">LDAPTrustedCAType</a> <a name="ldaptrustedcatype" id="ldaptrustedcatype">Directive</a></h2>
+<table class="directive">
+<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the type of the Certificate Authority file</td></tr>
+<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCAType <var>type</var></code></td></tr>
+<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
+<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
+<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
+</table>
+    <p>The following types are supported:<br />
+          DER_FILE      - file in binary DER format<br />
+          BASE64_FILE   - file in Base64 format<br />
+          CERT7_DB_PATH - Netscape certificate database file ")</p>
+
 </div>
 </div>
 <div id="footer">
diff --git a/docs/manual/mod/mod_ldap.xml b/docs/manual/mod/mod_ldap.xml
index acb1853b2f0..f00a6977cf1 100644
--- a/docs/manual/mod/mod_ldap.xml
+++ b/docs/manual/mod/mod_ldap.xml
@@ -171,7 +171,7 @@ by other LDAP modules</description>
     LDAPTrustedCAType</directive>. These directives specify the certificate
     file or database and the certificate type. Whenever the LDAP url
     includes <em>ldaps://</em>, <module>mod_ldap</module> will establish
-    a secure connection to the LDAP server.
+    a secure connection to the LDAP server.</p>
 
     <example>
       # Establish an SSL LDAP connection. Requires that <br />
@@ -307,4 +307,4 @@ valid</description>
 </usage>
 </directivesynopsis>
 
-</modulesynopsis>
\ No newline at end of file
+</modulesynopsis>
-- 
2.47.3