diff options
| author | Arno Töll <debian@toell.net> | 2012-01-08 22:53:17 +0100 |
|---|---|---|
| committer | Arno Töll <debian@toell.net> | 2012-01-08 22:53:17 +0100 |
| commit | e072a2dd866b7cb9f14319b80326a4e7fd16fcdf (patch) | |
| tree | a49dfc56d94a26011fe157835ff6cbe14edbd8a9 /docs/manual/mod/mod_ldap.html.en | |
| parent | 0890390c00801651d08d3794e13b31a5dabbf5ef (diff) | |
| download | apache2-e072a2dd866b7cb9f14319b80326a4e7fd16fcdf.tar.gz | |
Imported Upstream version 2.3.16-beta
Diffstat (limited to 'docs/manual/mod/mod_ldap.html.en')
| -rw-r--r-- | docs/manual/mod/mod_ldap.html.en | 248 |
1 files changed, 204 insertions, 44 deletions
diff --git a/docs/manual/mod/mod_ldap.html.en b/docs/manual/mod/mod_ldap.html.en index 69c7ff66..29285c3c 100644 --- a/docs/manual/mod/mod_ldap.html.en +++ b/docs/manual/mod/mod_ldap.html.en @@ -13,15 +13,16 @@ <body> <div id="page-header"> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p> -<p class="apache">Apache HTTP Server Version 2.2</p> +<p class="apache">Apache HTTP Server Version 2.3</p> <img alt="" src="../images/feather.gif" /></div> <div class="up"><a href="./"><img title="<-" alt="<-" src="../images/left.gif" /></a></div> <div id="path"> -<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.2</a> > <a href="./">Modules</a></div> +<a href="http://www.apache.org/">Apache</a> > <a href="http://httpd.apache.org/">HTTP Server</a> > <a href="http://httpd.apache.org/docs/">Documentation</a> > <a href="../">Version 2.3</a> > <a href="./">Modules</a></div> <div id="page-content"> <div id="preamble"><h1>Apache Module mod_ldap</h1> <div class="toplang"> -<p><span>Available Languages: </span><a href="../en/mod/mod_ldap.html" title="English"> en </a></p> +<p><span>Available Languages: </span><a href="../en/mod/mod_ldap.html" title="English"> en </a> | +<a href="../fr/mod/mod_ldap.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p> </div> <table class="module"><tr><th><a href="module-dict.html#Description">Description:</a></th><td>LDAP connection pooling and result caching services for use by other LDAP modules</td></tr> @@ -58,11 +59,16 @@ by other LDAP modules</td></tr> <ul id="toc"> <li><img alt="" src="../images/down.gif" /> <a href="#ldapcacheentries">LDAPCacheEntries</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldapcachettl">LDAPCacheTTL</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ldapconnectionpoolttl">LDAPConnectionPoolTTL</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldapconnectiontimeout">LDAPConnectionTimeout</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ldaplibrarydebug">LDAPLibraryDebug</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcacheentries">LDAPOpCacheEntries</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldapopcachettl">LDAPOpCacheTTL</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ldapreferralhoplimit">LDAPReferralHopLimit</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ldapreferrals">LDAPReferrals</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachefile">LDAPSharedCacheFile</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldapsharedcachesize">LDAPSharedCacheSize</a></li> +<li><img alt="" src="../images/down.gif" /> <a href="#ldaptimeout">LDAPTimeout</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedclientcert">LDAPTrustedClientCert</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedglobalcert">LDAPTrustedGlobalCert</a></li> <li><img alt="" src="../images/down.gif" /> <a href="#ldaptrustedmode">LDAPTrustedMode</a></li> @@ -99,11 +105,14 @@ by other LDAP modules</td></tr> <Location /ldap-status><br /> <span class="indent"> SetHandler ldap-status<br /> - Order deny,allow<br /> - Deny from all<br /> - Allow from yourdomain.example.com<br /> + + Require host yourdomain.example.com<br /> + + Satisfy any<br /> + AuthType Basic<br /> + AuthName "LDAP Protected"<br /> + AuthBasicProvider ldap<br /> AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one<br /> - AuthzLDAPAuthoritative off<br /> Require valid-user<br /> </span> </Location> @@ -127,6 +136,15 @@ by other LDAP modules</td></tr> <p>There is no need to manually enable connection pooling in the Apache configuration. Any module using this module for access to LDAP services will share the connection pool.</p> + + <p>LDAP connections can keep track of the ldap client + credentials used when binding to an LDAP server. These + credentials can be provided to LDAP servers that do not + allow anonymous binds during referral chasing. To control + this feature, see the <code class="directive"><a href="# ldapreferrals"> + LDAPReferrals</a></code> and <code class="directive"><a href="# ldapreferralhoplimit"> + LDAPReferralHopLimit</a></code> directives. By default, + this feature is enabled.</p> </div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="section"> <h2><a name="cache" id="cache">LDAP Cache</a></h2> @@ -176,6 +194,9 @@ by other LDAP modules</td></tr> the results of comparisons done between distinguished names.</p> + <p>Note that, when group membership is being checked, any sub-group + comparison results are cached to speed future sub-group comparisons.</p> + <p>The behavior of both of these caches is controlled with the <code class="directive"><a href="#ldapopcacheentries">LDAPOpCacheEntries</a></code> and <code class="directive"><a href="#ldapopcachettl">LDAPOpCacheTTL</a></code> @@ -209,7 +230,7 @@ by other LDAP modules</td></tr> <div class="section"> <h2><a name="usingssltls" id="usingssltls">Using SSL/TLS</a></h2> - <p>The ability to create an SSL and TLS connections to an LDAP server + <p>The ability to create an SSL and TLS connections to an LDAP server is defined by the directives <code class="directive"><a href="# ldaptrustedglobalcert"> LDAPTrustedGlobalCert</a></code>, <code class="directive"><a href="# ldaptrustedclientcert"> LDAPTrustedClientCert</a></code> and <code class="directive"><a href="# ldaptrustedmode"> @@ -227,11 +248,14 @@ by other LDAP modules</td></tr> <Location /ldap-status><br /> <span class="indent"> SetHandler ldap-status<br /> - Order deny,allow<br /> - Deny from all<br /> - Allow from yourdomain.example.com<br /> + + Require host yourdomain.example.com<br /> + + Satisfy any<br /> + AuthType Basic<br /> + AuthName "LDAP Protected"<br /> + AuthBasicProvider ldap<br /> AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br /> - AuthzLDAPAuthoritative off<br /> Require valid-user<br /> </span> </Location> @@ -247,11 +271,14 @@ by other LDAP modules</td></tr> <Location /ldap-status><br /> <span class="indent"> SetHandler ldap-status<br /> - Order deny,allow<br /> - Deny from all<br /> - Allow from yourdomain.example.com<br /> + + Require host yourdomain.example.com<br /> + + Satisfy any<br /> + AuthType Basic<br /> + AuthName "LDAP Protected"<br /> + AuthBasicProvider ldap<br /> AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one TLS<br /> - AuthzLDAPAuthoritative off<br /> Require valid-user<br /> </span> </Location> @@ -298,12 +325,15 @@ by other LDAP modules</td></tr> <Location /ldap-status><br /> <span class="indent"> SetHandler ldap-status<br /> - Order deny,allow<br /> - Deny from all<br /> - Allow from yourdomain.example.com<br /> + + Require host yourdomain.example.com<br /> + + Satisfy any<br /> + AuthType Basic<br /> + AuthName "LDAP Protected"<br /> + AuthBasicProvider ldap<br /> LDAPTrustedClientCert CERT_NICKNAME <nickname> [password]<br /> AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br /> - AuthzLDAPAuthoritative off<br /> Require valid-user<br /> </span> </Location> @@ -346,8 +376,10 @@ by other LDAP modules</td></tr> SDK to work correctly. These certificates can be specified as binary DER or Base64 (PEM) encoded files.</p> - <p>Client certificates are specified per connection using the - LDAPTrustedClientCert directive.</p> + <p>Both CA and client certificates may be specified globally + (LDAPTrustedGlobalCert) or per-connection (LDAPTrustedClientCert). + When any settings are specified per-connection, the global + settings are superceded.</p> <p>The documentation for the SDK claims to support both SSL and STARTTLS, however STARTTLS does not seem to work on all versions @@ -364,13 +396,19 @@ by other LDAP modules</td></tr> <Location /ldap-status><br /> <span class="indent"> SetHandler ldap-status<br /> - Order deny,allow<br /> - Deny from all<br /> - Allow from yourdomain.example.com<br /> + + Require host yourdomain.example.com<br /> + LDAPTrustedClientCert CERT_BASE64 /certs/cert1.pem<br /> LDAPTrustedClientCert KEY_BASE64 /certs/key1.pem<br /> + # CA certs respecified due to per-directory client certs<br /> + LDAPTrustedClientCert CA_DER /certs/cacert1.der<br /> + LDAPTrustedClientCert CA_BASE64 /certs/cacert2.pem<br /> + Satisfy any<br /> + AuthType Basic<br /> + AuthName "LDAP Protected"<br /> + AuthBasicProvider ldap<br /> AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br /> - AuthzLDAPAuthoritative off<br /> Require valid-user<br /> </span> </Location> @@ -433,6 +471,30 @@ by other LDAP modules</td></tr> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="LDAPConnectionPoolTTL" id="LDAPConnectionPoolTTL">LDAPConnectionPoolTTL</a> <a name="ldapconnectionpoolttl" id="ldapconnectionpoolttl">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Discard backend connections that have been sitting in the connection pool too long</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPConnectionPoolTTL <var>n</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPConnectionPoolTTL -1</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.3.12 and later</td></tr> +</table> + <p>Specifies the maximum age, in seconds, that a pooled LDAP connection can remain idle + and still be available for use. Connections are cleaned up when they are next needed, + not asynchronously.</p> + + <p>A setting of 0 causes connections to never be saved in the backend + connection pool. The default value of -1, and any other negative value, + allows connections of any age to be reused.</p> + + <div class="note"><p>This timeout defaults to units of seconds, but accepts + suffixes for milliseconds (ms), minutes (min), and hours (h). + </p></div> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="LDAPConnectionTimeout" id="LDAPConnectionTimeout">LDAPConnectionTimeout</a> <a name="ldapconnectiontimeout" id="ldapconnectiontimeout">Directive</a></h2> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the socket connection timeout in seconds</td></tr> @@ -441,29 +503,58 @@ by other LDAP modules</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> </table> - <p>This directive configures the LDAP_OPT_NETWORK_TIMEOUT option in the - underlying LDAP client library, when available. This value typically - controls how long the LDAP client library will wait for the TCP connection - to the LDAP server to complete.</p> - - <p> If a connection is not successful with the timeout period, either an error will be - returned or the LDAP client library will attempt to connect to a secondary LDAP - server if one is specified (via a space-separated list of hostnames in the + <p>This directive configures the LDAP_OPT_NETWORK_TIMEOUT (or LDAP_OPT_CONNECT_TIMEOUT) + option in the underlying LDAP client library, when available. This value + typically controls how long the LDAP client library will wait for the TCP + connection to the LDAP server to complete.</p> + + <p> If a connection is not successful with the timeout period, either an error will be + returned or the LDAP client library will attempt to connect to a secondary LDAP + server if one is specified (via a space-separated list of hostnames in the <code class="directive"><a href="#authldapurl">AuthLDAPURL</a></code>).</p> - <p>The default is 10 seconds, if the LDAP client library linked with the + <p>The default is 10 seconds, if the LDAP client library linked with the server supports the LDAP_OPT_NETWORK_TIMEOUT option.</p> <div class="note">LDAPConnectionTimeout is only available when the LDAP client library linked - with the server supports the LDAP_OPT_NETWORK_TIMEOUT option, and the - ultimate behavior is dictated entirely by the LDAP client library. + with the server supports the LDAP_OPT_NETWORK_TIMEOUT + (or LDAP_OPT_CONNECT_TIMEOUT) option, and the ultimate behavior is + dictated entirely by the LDAP client library. </div> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="LDAPLibraryDebug" id="LDAPLibraryDebug">LDAPLibraryDebug</a> <a name="ldaplibrarydebug" id="ldaplibrarydebug">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable debugging in the LDAP SDK</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPLibraryDebug <var>7</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>disabled</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> +</table> + <p>Turns on SDK-specific LDAP debug options that generally cause the LDAP + SDK to log verbose trace information to the main Apache error log. + The trace messages from the LDAP SDK provide gory details that + can be useful during debugging of connectivity problems with backend LDAP servers</p> + + <p>This option is only configurable when Apache HTTP Server is linked with + an LDAP SDK that implements <code>LDAP_OPT_DEBUG</code> or + <code>LDAP_OPT_DEBUG_LEVEL</code>, such as OpenLDAP (a value of 7 is verbose) + or Tivoli Directory Server (a value of 65535 is verbose).</p> + + <div class="warning"> + <p>The logged information will likely contain plaintext credentials being used or + validated by LDAP authentication, so care should be taken in protecting and purging + the error log when this directive is used.</p> + </div> + + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a> <a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2> <table class="directive"> -<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number of entries used to cache LDAP compare +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number of entries used to cache LDAP compare operations</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheEntries <var>number</var></code></td></tr> <tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheEntries 1024</code></td></tr> @@ -492,6 +583,46 @@ valid</td></tr> </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="LDAPReferralHopLimit" id="LDAPReferralHopLimit">LDAPReferralHopLimit</a> <a name="ldapreferralhoplimit" id="ldapreferralhoplimit">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>The maximum number of referral hops to chase before terminating an LDAP query.</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPReferralHopLimit <var>number</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>SDK dependent, typically between 5 and 10</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> +</table> + <p>This directive, if enabled by the <code>LDAPReferrals</code> directive, + limits the number of referral hops that are followed before terminating an + LDAP query.</p> + +<div class="warning"> +<p> Support for this tunable is uncommon in LDAP SDKs.</p> +</div> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="LDAPReferrals" id="LDAPReferrals">LDAPReferrals</a> <a name="ldapreferrals" id="ldapreferrals">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Enable referral chasing during queries to the LDAP server.</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPReferrals <var>On|Off</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPReferrals On</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr> +<tr><th><a href="directive-dict.html#Override">Override:</a></th><td>AuthConfig</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> +</table> + <p>Some LDAP servers divide their directory among multiple domains and use referrals + to direct a client when a domain boundary is crossed. By setting <code>LDAPReferrals On</code> + referrals will be chased (setting it to off causes referrals to be ignored). The directive + <code>LDAPReferralHopLimit</code> works in conjunction with this directive to limit the + number of referral hops to follow before terminating the LDAP query. When referral processing + is enabled client credentials will be provided, via a rebind callback, for any LDAP server + requiring them. </p> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> <div class="directive-section"><h2><a name="LDAPSharedCacheFile" id="LDAPSharedCacheFile">LDAPSharedCacheFile</a> <a name="ldapsharedcachefile" id="ldapsharedcachefile">Directive</a></h2> <table class="directive"> <tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the shared memory cache file</td></tr> @@ -517,7 +648,33 @@ valid</td></tr> </table> <p>Specifies the number of bytes to allocate for the shared memory cache. The default is 500kb. If set to 0, shared memory - caching will not be used.</p> + caching will not be used and every HTTPD process will create its + own cache.</p> + +</div> +<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> +<div class="directive-section"><h2><a name="LDAPTimeout" id="LDAPTimeout">LDAPTimeout</a> <a name="ldaptimeout" id="ldaptimeout">Directive</a></h2> +<table class="directive"> +<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the timeout for LDAP search and bind operations, in seconds</td></tr> +<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTimeout <var>seconds</var></code></td></tr> +<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPTimeout 60</code></td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr> +<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> +<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> +<tr><th><a href="directive-dict.html#Compatibility">Compatibility:</a></th><td>Apache HTTP Server 2.3.5 and later</td></tr> +</table> + <p>This directive configures the timeout for bind and search operations, as well as + the LDAP_OPT_TIMEOUT option in the underlying LDAP client library, when available.</p> + + <p> If the timeout expires, httpd will retry in case an existing connection has + been silently dropped by a firewall. However, performance will be much better if + the firewall is configured to send TCP RST packets instead of silently dropping + packets.</p> + + <div class="note"> + <p>Timeouts for ldap compare operations requires an SDK with LDAP_OPT_TIMEOUT, such as OpenLDAP >= 2.4.4.</p> + </div> + </div> <div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div> @@ -527,7 +684,7 @@ valid</td></tr> connection client certificate. Not all LDAP toolkits support per connection client certificates.</td></tr> <tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedClientCert <var>type</var> <var>directory-path/filename/nickname</var> <var>[password]</var></code></td></tr> -<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config, virtual host, directory, .htaccess</td></tr> +<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>directory, .htaccess</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> </table> @@ -543,6 +700,8 @@ connection client certificates.</td></tr> The type specifies the kind of certificate parameter being set, depending on the LDAP toolkit being used. Supported types are:</p> <ul> + <li>CA_DER - binary DER encoded CA certificate</li> + <li>CA_BASE64 - PEM encoded CA certificate</li> <li>CERT_DER - binary DER encoded client certificate</li> <li>CERT_BASE64 - PEM encoded client certificate</li> <li>CERT_NICKNAME - Client certificate "nickname" (Netscape SDK)</li> @@ -625,14 +784,15 @@ Certificate Authority or global client certificates</td></tr> <tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Extension</td></tr> <tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr> </table> - <p>Specifies whether to force the verification of a - server certificate when establishing an SSL connection to the - LDAP server.</p> + <p>Specifies whether to force the verification of a + server certificate when establishing an SSL connection to the + LDAP server.</p> </div> </div> <div class="bottomlang"> -<p><span>Available Languages: </span><a href="../en/mod/mod_ldap.html" title="English"> en </a></p> +<p><span>Available Languages: </span><a href="../en/mod/mod_ldap.html" title="English"> en </a> | +<a href="../fr/mod/mod_ldap.html" hreflang="fr" rel="alternate" title="Français"> fr </a></p> </div><div id="footer"> <p class="apache">Copyright 2011 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> |