mod_ldap.html.en

最新apache的源代码

      support shared memory, then each <code class="program"><a href="../programs/httpd.html">httpd</a></code> instance has its
      own cache, so reloading the URL will result in different
      information each time, depending on which <code class="program"><a href="../programs/httpd.html">httpd</a></code>
      instance processes the request.</p>
    
</div><div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="section">
<h2><a name="usingssltls" id="usingssltls">Using SSL</a></h2>

    <p>The ability to create an SSL connections to an LDAP server 
    is defined by the directives <code class="directive"><a href="#&#10;    ldaptrustedca">
    LDAPTrustedCA</a></code> and <code class="directive"><a href="#&#10;    ldaptrustedcatype">
    LDAPTrustedCAType</a></code>. These directives specify the certificate
    file or database and the certificate type. Whenever the LDAP url
    includes <em>ldaps://</em>, <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> will establish
    a secure connection to the LDAP server.</p>

    <div class="example"><p><code>
      # Establish an SSL LDAP connection. Requires that <br />
      # mod_ldap and mod_auth_ldap be loaded. Change the <br />
      # "yourdomain.example.com" to match your domain.<br />
      <br />
      LDAPTrustedCA /certs/certfile.der<br />
      LDAPTrustedCAType DER_FILE<br />
      <br />
      &lt;Location /ldap-status&gt;<br />
      <span class="indent">
        SetHandler ldap-status<br />
        Order deny,allow<br />
        Deny from all<br />
        Allow from yourdomain.example.com<br />
        AuthLDAPEnabled on<br />
        AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />
        AuthLDAPAuthoritative on<br />
        require valid-user<br />
      </span>
      &lt;/Location&gt;
    </code></p></div>

    <p>If <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> is linked against the
    Netscape/iPlanet LDAP SDK, it will not talk to any SSL server
    unless that server has a certificate signed by a known Certificate
    Authority. As part of the configuration
    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> needs to be told where it can find
    a database containing the known CAs. This database is in the same
    format as Netscape Communicator's <code>cert7.db</code>
    database. The easiest way to get this file is to start up a fresh
    copy of Netscape, and grab the resulting
    <code>$HOME/.netscape/cert7.db</code> file.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPCacheEntries" id="LDAPCacheEntries">LDAPCacheEntries</a> <a name="ldapcacheentries" id="ldapcacheentries">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Maximum number of entries in the primary LDAP cache</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCacheEntries <var>number</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPCacheEntries 1024</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>Specifies the maximum size of the primary LDAP cache. This
    cache contains successful search/binds. Set it to 0 to turn off
    search/bind caching. The default size is 1024 cached
    searches.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPCacheTTL" id="LDAPCacheTTL">LDAPCacheTTL</a> <a name="ldapcachettl" id="ldapcachettl">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Time that cached items remain valid</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPCacheTTL <var>seconds</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPCacheTTL 600</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>Specifies the time (in seconds) that an item in the
    search/bind cache remains valid. The default is 600 seconds (10
    minutes).</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPConnectionTimeout" id="LDAPConnectionTimeout">LDAPConnectionTimeout</a> <a name="ldapconnectiontimeout" id="ldapconnectiontimeout">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the socket connection timeout in seconds</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPConnectionTimeout <var>seconds</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>Specifies the timeout value (in seconds) in which the module will
    attempt to connect to the LDAP server.  If a connection is not
    successful with the timeout period, either an error will be 
    returned or the module will attempt to connect to a secondary LDAP 
    server if one is specified. The default is 10 seconds.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPOpCacheEntries" id="LDAPOpCacheEntries">LDAPOpCacheEntries</a> <a name="ldapopcacheentries" id="ldapopcacheentries">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Number of entries used to cache LDAP compare 
operations</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheEntries <var>number</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheEntries 1024</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>This specifies the number of entries <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code>
    will use to cache LDAP compare operations. The default is 1024
    entries.  Setting it to 0 disables operation caching.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPOpCacheTTL" id="LDAPOpCacheTTL">LDAPOpCacheTTL</a> <a name="ldapopcachettl" id="ldapopcachettl">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Time that entries in the operation cache remain
valid</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPOpCacheTTL <var>seconds</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPOpCacheTTL 600</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>Specifies the time (in seconds) that entries in the
    operation cache remain valid. The default is 600 seconds.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPSharedCacheFile" id="LDAPSharedCacheFile">LDAPSharedCacheFile</a> <a name="ldapsharedcachefile" id="ldapsharedcachefile">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the shared memory cache file</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPSharedCacheFile <var>directory-path/filename</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>Specifies the directory path and file name of the shared memory
    cache file. If not set, anonymous shared memory will be used if the
    platform supports it.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPSharedCacheSize" id="LDAPSharedCacheSize">LDAPSharedCacheSize</a> <a name="ldapsharedcachesize" id="ldapsharedcachesize">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Size in bytes of the shared-memory cache</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPSharedCacheSize <var>bytes</var></code></td></tr>
<tr><th><a href="directive-dict.html#Default">Default:</a></th><td><code>LDAPSharedCacheSize 102400</code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>Specifies the number of bytes to allocate for the shared
    memory cache. The default is 100kb. If set to 0, shared memory
    caching will not be used.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPTrustedCA" id="LDAPTrustedCA">LDAPTrustedCA</a> <a name="ldaptrustedca" id="ldaptrustedca">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Sets the file containing the trusted Certificate Authority certificate or database</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCA <var>directory-path/filename</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>It specifies the directory path and file name of the trusted CA
    <code class="module"><a href="../mod/mod_ldap.html">mod_ldap</a></code> should use when establishing an SSL
    connection to an LDAP server. If using the Netscape/iPlanet Directory
    SDK, the file name should be <code>cert7.db</code>.</p>

</div>
<div class="top"><a href="#page-header"><img alt="top" src="../images/up.gif" /></a></div>
<div class="directive-section"><h2><a name="LDAPTrustedCAType" id="LDAPTrustedCAType">LDAPTrustedCAType</a> <a name="ldaptrustedcatype" id="ldaptrustedcatype">Directive</a></h2>
<table class="directive">
<tr><th><a href="directive-dict.html#Description">Description:</a></th><td>Specifies the type of the Certificate Authority file</td></tr>
<tr><th><a href="directive-dict.html#Syntax">Syntax:</a></th><td><code>LDAPTrustedCAType <var>type</var></code></td></tr>
<tr><th><a href="directive-dict.html#Context">Context:</a></th><td>server config</td></tr>
<tr><th><a href="directive-dict.html#Status">Status:</a></th><td>Experimental</td></tr>
<tr><th><a href="directive-dict.html#Module">Module:</a></th><td>mod_ldap</td></tr>
</table>
    <p>The following types are supported:<br />
          DER_FILE      - file in binary DER format<br />
          BASE64_FILE   - file in Base64 format<br />
          CERT7_DB_PATH - Netscape certificate database file ")</p>

</div>
</div>
<div class="bottomlang">
<p><span>Available Languages: </span><a href="../en/mod/mod_ldap.html" title="English">&nbsp;en&nbsp;</a></p>
</div><div id="footer">
<p class="apache">Copyright 1995-2005 The Apache Software Foundation or its licensors, as applicable.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
<p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
</body></html>