dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<?xml version="1.0"?>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<!DOCTYPE modulesynopsis SYSTEM "/style/modulesynopsis.dtd">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<?xml-stylesheet type="text/xsl" href="/style/manual.en.xsl"?>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<modulesynopsis metafile="mod_ldap.xml.meta">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>mod_ldap</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>LDAP connection pooling and result caching services for use

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaby other LDAP modules</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<status>Experimental</status>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<sourcefile>util_ldap.c</sourcefile>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<identifier>ldap_module</identifier>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<compatibility>Available in version 2.0.41 and later</compatibility>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<summary>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>This module was created to improve the performance of

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina websites relying on backend connections to LDAP servers. In

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina addition to the functions provided by the standard LDAP

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina libraries, this module adds an LDAP connection pool and an LDAP

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina shared memory cache.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>To enable this module, LDAP support must be compiled into

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina apr-util. This is achieved by adding the <code>--with-ldap</code>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina flag to the <code>/configure</code> script when building

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Apache.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>SSL support requires that <module>mod_ldap</module> be linked

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina with one of the following LDAP SDKs: <a href="http://www.openldap.org/">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina OpenLDAP SDK</a> (both 1.x and 2.x), <a href="http://developer.novell.com/ndk/cldap.htm">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Novell LDAP SDK</a> or the <a href="http://www.iplanet.com/downloads/developer/">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina iPlanet(Netscape)</a> SDK.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</summary>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<section id="exampleconfig"><title>Example Configuration</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>The following is an example configuration that uses

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <module>mod_ldap</module> to increase the performance of HTTP Basic

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina authentication provided by <module>mod_auth_ldap</module>.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <example>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # Enable the LDAP connection pool and shared<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # memory cache. Enable the LDAP cache status<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # handler. Requires that mod_ldap and mod_auth_ldap<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # be loaded. Change the "yourdomain.example.com" to<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # match your domain.<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPSharedCacheSize 200000<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPCacheEntries 1024<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPCacheTTL 600<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPOpCacheEntries 1024<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPOpCacheTTL 600<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &lt;Location /ldap-status&gt;<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <indent>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina SetHandler ldap-status<br />

a9aa70887985d37985093f1299fc15b2e060b2a0Pavel Březina Order deny,allow<br />

a9aa70887985d37985093f1299fc15b2e060b2a0Pavel Březina Deny from all<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Allow from yourdomain.example.com<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina AuthLDAPEnabled on<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?uid?one<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina AuthLDAPAuthoritative on<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina require valid-user<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </indent>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &lt;/Location&gt;

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </example>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<section id="pool"><title>LDAP Connection Pool</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>LDAP connections are pooled from request to request. This

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina allows the LDAP server to remain connected and bound ready for

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the next request, without the need to unbind/connect/rebind.

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina The performance advantages are similar to the effect of HTTP

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina keepalives.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>On a busy server it is possible that many requests will try

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina and access the same LDAP server connection simultaneously.

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Where an LDAP connection is in use, Apache will create a new

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina connection alongside the original one. This ensures that the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina connection pool does not become a bottleneck.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>There is no need to manually enable connection pooling in

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the Apache configuration. Any module using this module for

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina access to LDAP services will share the connection pool.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<section id="cache"><title>LDAP Cache</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>For improved performance, <module>mod_ldap</module> uses an aggressive

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina caching strategy to minimize the number of times that the LDAP

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina server must be contacted. Caching can easily double or triple

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the throughput of Apache when it is serving pages protected

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina with mod_auth_ldap. In addition, the load on the LDAP server

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina will be significantly decreased.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p><module>mod_ldap</module> supports two types of LDAP caching during

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the search/bind phase with a <em>search/bind cache</em> and

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina during the compare phase with two <em>operation

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina caches</em>. Each LDAP URL that is used by the server has

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina its own set of these three caches.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <section id="search-bind"><title>The Search/Bind Cache</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>The process of doing a search and then a bind is the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina most time-consuming aspect of LDAP operation, especially if

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the directory is large. The search/bind cache is used to

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina cache all searches that resulted in successful binds.

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Negative results (<em>i.e.</em>, unsuccessful searches, or searches

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina that did not result in a successful bind) are not cached.

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina The rationale behind this decision is that connections with

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina invalid credentials are only a tiny percentage of the total

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina number of connections, so by not caching invalid

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina credentials, the size of the cache is reduced.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p><module>mod_ldap</module> stores the username, the DN

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina retrieved, the password used to bind, and the time of the bind

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina in the cache. Whenever a new connection is initiated with the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina same username, <module>mod_ldap</module> compares the password

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina of the new connection with the password in the cache. If the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina passwords match, and if the cached entry is not too old,

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <module>mod_ldap</module> bypasses the search/bind phase.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>The search and bind cache is controlled with the <directive

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina module="mod_ldap">LDAPCacheEntries</directive> and <directive

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina module="mod_ldap">LDAPCacheTTL</directive> directives.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <section id="opcaches"><title>Operation Caches</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>During attribute and distinguished name comparison

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina functions, <module>mod_ldap</module> uses two operation caches

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina to cache the compare operations. The first compare cache is

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina used to cache the results of compares done to test for LDAP

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina group membership. The second compare cache is used to cache

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the results of comparisons done between distinguished

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina names.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>The behavior of both of these caches is controlled with

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the <directive module="mod_ldap">LDAPOpCacheEntries</directive>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina and <directive module="mod_ldap">LDAPOpCacheTTL</directive>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina directives.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <section id="monitoring"><title>Monitoring the Cache</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p><module>mod_ldap</module> has a content handler that allows

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina administrators to monitor the cache performance. The name of

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the content handler is <code>ldap-status</code>, so the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina following directives could be used to access the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <module>mod_ldap</module> cache information:</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <example>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &lt;Location /server/cache-info&gt;<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <indent>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina SetHandler ldap-status<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </indent>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &lt;/Location&gt;

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </example>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>By fetching the URL <code>http://servername/cache-info</code>,

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the administrator can get a status report of every cache that is used

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina by <module>mod_ldap</module> cache. Note that if Apache does not

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina support shared memory, then each <code>httpd</code> instance has its

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina own cache, so reloading the URL will result in different

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina information each time, depending on which <code>httpd</code>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina instance processes the request.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<section id="usingssltls"><title>Using SSL</title>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>The ability to create an SSL connections to an LDAP server

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina is defined by the directives <directive module="mod_ldap">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPTrustedCA</directive> and <directive module="mod_ldap">

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPTrustedCAType</directive>. These directives specify the certificate

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina file or database and the certificate type. Whenever the LDAP url

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina includes <em>ldaps://</em>, <module>mod_ldap</module> will establish

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina a secure connection to the LDAP server.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <example>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # Establish an SSL LDAP connection. Requires that <br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # mod_ldap and mod_auth_ldap be loaded. Change the <br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina # "yourdomain.example.com" to match your domain.<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPTrustedCA /certs/certfile.der<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina LDAPTrustedCAType DER_FILE<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &lt;Location /ldap-status&gt;<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <indent>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina SetHandler ldap-status<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Order deny,allow<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Deny from all<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Allow from yourdomain.example.com<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina AuthLDAPEnabled on<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina AuthLDAPURL ldaps://127.0.0.1/dc=example,dc=com?uid?one<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina AuthLDAPAuthoritative on<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina require valid-user<br />

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </indent>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &lt;/Location&gt;

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina </example>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>If <module>mod_ldap</module> is linked against the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Netscape/iPlanet LDAP SDK, it will not talk to any SSL server

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina unless that server has a certificate signed by a known Certificate

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Authority. As part of the configuration

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <module>mod_ldap</module> needs to be told where it can find

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina a database containing the known CAs. This database is in the same

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina format as Netscape Communicator's <code>cert7.db</code>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina database. The easiest way to get this file is to start up a fresh

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina copy of Netscape, and grab the resulting

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <code>$HOME/.netscape/cert7.db</code> file.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</section>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>LDAPSharedCacheSize</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>Size in bytes of the shared-memory cache</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<syntax>LDAPSharedCacheSize <var>bytes</var></syntax>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<default>LDAPSharedCacheSize 102400</default>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<contextlist><context>server config</context></contextlist>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>Specifies the number of bytes to allocate for the shared

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina memory cache. The default is 100kb. If set to 0, shared memory

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina caching will not be used.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>LDAPSharedCacheFile</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>Sets the shared memory chache file</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<syntax>LDAPSharedCacheFile <var>directory-path/filename</var></syntax>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<contextlist><context>server config</context></contextlist>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>Specifies the directory path and file name of the shared memory

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina cache file. If not set, shared memory caching will not be used.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>LDAPCacheEntries</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>Maximum number of entries in the primary LDAP cache</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<syntax>LDAPCacheEntries <var>number</var></syntax>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<default>LDAPCacheEntries 1024</default>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<contextlist><context>server config</context></contextlist>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>Specifies the maximum size of the primary LDAP cache. This

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina cache contains successful search/binds. Set it to 0 to turn off

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina search/bind caching. The default size is 1024 cached

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina searches.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>LDAPCacheTTL</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>Time that cached items remain valid</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<syntax>LDAPCacheTTL <var>seconds</var></syntax>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<default>LDAPCacheTTL 600</default>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<contextlist><context>server config</context></contextlist>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>Specifies the time (in seconds) that an item in the

a9aa70887985d37985093f1299fc15b2e060b2a0Pavel Březina search/bind cache remains valid. The default is 600 seconds (10

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina minutes).</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>LDAPOpCacheEntries</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>Number of entries used to cache LDAP compare

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaoperations</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<syntax>LDAPOpCacheEntries <var>number</var></syntax>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<default>LDAPOpCacheEntries 1024</default>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<contextlist><context>server config</context></contextlist>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>This specifies the number of entries <module>mod_ldap</module>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina will use to cache LDAP compare operations. The default is 1024

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina entries. Setting it to 0 disables operation caching.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<name>LDAPOpCacheTTL</name>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<description>Time that entries in the operation cache remain

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinavalid</description>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<syntax>LDAPOpCacheTTL <var>seconds</var></syntax>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<default>LDAPOpCacheTTL 600</default>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<contextlist><context>server config</context></contextlist>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina<usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina <p>Specifies the time (in seconds) that entries in the

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina operation cache remain valid. The default is 600 seconds.</p>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</usage>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina</directivesynopsis>

dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina

<directivesynopsis>

<name>LDAPTrustedCA</name>

<description>Sets the file containing the trusted Certificate Authority certificate or database</description>

<syntax>LDAPTrustedCA <var>directory-path/filename</var></syntax>

<contextlist><context>server config</context></contextlist>

<usage>

<p>It specifies the directory path and file name of the trusted CA

<module>mod_ldap</module> should use when establishing an SSL

connection to an LDAP server. If using the Netscape/iPlanet Directory

SDK, the file name should be <code>cert7.db</code>.</p>

</usage>

</directivesynopsis>

<directivesynopsis>

<name>LDAPTrustedCAType</name>

<description>Specifies the type of the Certificate Authority file</description>

<syntax>LDAPTrustedCAType <var>type</var></syntax>

<contextlist><context>server config</context></contextlist>

<usage>

<p>The following types are supported:<br />

DER_FILE - file in binary DER format<br />

BASE64_FILE - file in Base64 format<br />

CERT7_DB_PATH - Netscape certificate database file ")</p>

</usage>

</directivesynopsis>

</modulesynopsis>