You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by Darren Spruell <ph...@gmail.com> on 2007/01/23 18:13:43 UTC

[PATCH] clarification of fallthrough in mod_authnz_ldap

I wanted to propose a point of clarification to the documentation
surrounding the authorization phase described for mod_authnz_ldap.
This point is clarified a little further down in the file but could
stand to be more clear outside of the specific place it is mentioned.

Index: manual/mod/mod_authnz_ldap.xml
===================================================================
--- manual/mod/mod_authnz_ldap.xml      (revision 499068)
+++ manual/mod/mod_authnz_ldap.xml      (working copy)
@@ -226,8 +226,14 @@
       <li>otherwise, deny or decline access</li>
     </ul>

-    <p>Other <directive module="core">Require</directive> values may also be
-    used which may require loading additional authorization modules.</p>
+    <p>Other <directive module="core">Require</directive> values may also
+    be used which may require loading additional authorization modules.
+    Note that if you use a <directive module="core">Require</directive>
+    value from another authorization module, you will need to ensure that
+    <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
+    is set to <code>off</code> to allow the authorization phase to fall
+    back to the module providing the alternate
+    <directive module="core">Require</directive> value.</p>

     <ul>
         <li>Grant access if there is a <a href="#requser"><code>require

-- 
Darren Spruell
phatbuckett@gmail.com

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

Re: [PATCH] clarification of fallthrough in mod_authnz_ldap

Posted by Noirin Plunkett <no...@apache.org>.

+1
Sounds good, thanks for this =)
Noirin

On Tue, Jan 23, 2007 at 10:13:43AM -0700, Darren Spruell wrote:
> I wanted to propose a point of clarification to the documentation
> surrounding the authorization phase described for mod_authnz_ldap.
> This point is clarified a little further down in the file but could
> stand to be more clear outside of the specific place it is mentioned.
> 
> Index: manual/mod/mod_authnz_ldap.xml
> ===================================================================
> --- manual/mod/mod_authnz_ldap.xml      (revision 499068)
> +++ manual/mod/mod_authnz_ldap.xml      (working copy)
> @@ -226,8 +226,14 @@
>       <li>otherwise, deny or decline access</li>
>     </ul>
> 
> -    <p>Other <directive module="core">Require</directive> values may also 
> be
> -    used which may require loading additional authorization modules.</p>
> +    <p>Other <directive module="core">Require</directive> values may also
> +    be used which may require loading additional authorization modules.
> +    Note that if you use a <directive module="core">Require</directive>
> +    value from another authorization module, you will need to ensure that
> +    <directive module="mod_authnz_ldap">AuthzLDAPAuthoritative</directive>
> +    is set to <code>off</code> to allow the authorization phase to fall
> +    back to the module providing the alternate
> +    <directive module="core">Require</directive> value.</p>
> 
>     <ul>
>         <li>Grant access if there is a <a href="#requser"><code>require
> 
> -- 
> Darren Spruell
> phatbuckett@gmail.com
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
> For additional commands, e-mail: docs-help@httpd.apache.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org