18771389 Update proftpd to 1.3.5 s11u2-sru
authorTomas Klacko <tomas.klacko@oracle.com>
Mon, 28 Jul 2014 03:27:16 -0700
branchs11u2-sru
changeset 3234 1de12229da80
parent 3233 5f64fead3ff7
child 3235 eb0b103625bc
18771389 Update proftpd to 1.3.5 18845170 fix for 17599705 breaks "NLST-a" ("ls -a") of current directory
components/proftpd/Makefile
components/proftpd/patches/15825705.patch
components/proftpd/patches/17599705.patch
components/proftpd/patches/18845170.patch
components/proftpd/patches/disable_mod_ctrls_for_inetd_3819.patch
components/proftpd/patches/proftpd-configuration-html.patch
components/proftpd/patches/proftpd-error_code.patch
components/proftpd/patches/proftpd-manpage-see-also.patch
components/proftpd/patches/proftpd-pam.patch
components/proftpd/patches/proftpd-retry.patch
components/proftpd/proftpd.conf.4
components/proftpd/proftpd.p5m
--- a/components/proftpd/Makefile	Fri Jul 25 13:25:28 2014 -0700
+++ b/components/proftpd/Makefile	Mon Jul 28 03:27:16 2014 -0700
@@ -20,20 +20,20 @@
 #
 
 #
-# Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
 #
 
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		proftpd
-COMPONENT_VERSION=	1.3.4
-COMPONENT_SUBVERSION=	c
+COMPONENT_VERSION=	1.3.5
+COMPONENT_SUBVERSION=	 
 HUMAN_VERSION=		$(COMPONENT_VERSION)$(COMPONENT_SUBVERSION)
 COMPONENT_PROJECT_URL=	http://www.proftpd.org/
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(HUMAN_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:fb80dd422969b8c900920a30a56f5e272862275d244d3857a980f5f2386ea912
+    sha256:c10316fb003bd25eccbc08c77dd9057e053693e6527ffa2ea2cc4e08ccb87715
 COMPONENT_ARCHIVE_URL=	ftp://ftp.proftpd.org/distrib/source/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	service/ftp-server
 
@@ -54,7 +54,7 @@
 # enough for us. We need to include the $(COMPONENT_SUBVERSION) somehow.
 # Because the IPS_COMPONENT_VERSION cannot contain letters we used '.0.5'
 # instead of 'e'.
-IPS_COMPONENT_VERSION=  $(COMPONENT_VERSION).0.3
+IPS_COMPONENT_VERSION=  $(COMPONENT_VERSION)
 
 CONFIGURE_OPTIONS +=	CFLAGS="$(CFLAGS) -I/usr/include/kerberosv5 -DHAVE_KRB5_H=1 -DKRB5_DLLIMP= -DHAVE__GETGRPSBYMEMBER"
 # Force immediate binding because of chroot().
--- a/components/proftpd/patches/15825705.patch	Fri Jul 25 13:25:28 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,414 +0,0 @@
-http://bugs.proftpd.org/show_bug.cgi?id=4014
-
-I addition, this patch backports the pr_str_get_nbytes() function.
-
-diff --git a/include/options.h b/include/options.h
-index 96fa35d..0b29bf7 100644
---- a/include/options.h
-+++ b/include/options.h
[email protected]@ -110,6 +110,13 @@
- # define PR_TUNABLE_XFER_BUFFER_SIZE	PR_TUNABLE_BUFFER_SIZE
- #endif
- 
-+/* Maximum FTP command size.  For details on this size of 512KB, see
-+ * the Bug#4014 discussion.
-+ */
-+#ifndef PR_TUNABLE_CMD_BUFFER_SIZE
-+# define PR_TUNABLE_CMD_BUFFER_SIZE    (512 * 1024)
-+#endif
-+
- /* Maximum path length.  GNU HURD (and some others) do not define
-  * MAXPATHLEN.  POSIX' PATH_MAX is mandated to be at least 256 
-  * (according to some), so 1K, in the absense of MAXPATHLEN, should be
-diff --git a/include/str.h b/include/str.h
-index b4fed7c..1cf8724 100644
---- a/include/str.h
-+++ b/include/str.h
[email protected]@ -39,6 +39,7 @@ char *pstrndup(pool *, const char *, size_t);
- 
- char *pr_str_strip(pool *, char *);
- char *pr_str_strip_end(char *, char *);
-+int pr_str_get_nbytes(const char *, const char *, off_t *);
- char *pr_str_get_word(char **, int);
- 
- #define PR_STR_FL_PRESERVE_COMMENTS		0x0001
-diff --git a/modules/mod_core.c b/modules/mod_core.c
-index 18a47c2..922f4d1 100644
---- a/modules/mod_core.c
-+++ b/modules/mod_core.c
[email protected]@ -2240,18 +2240,44 @@ MODRET set_allowforeignaddress(cmd_rec *cmd) {
- }
- 
- MODRET set_commandbuffersize(cmd_rec *cmd) {
--  int size = 0;
-+  int res;
-+  size_t size = 0;
-+  off_t nbytes = 0;
-   config_rec *c = NULL;
-+  const char *units = NULL;
-+
-+  if (cmd->argc < 2 || cmd->argc > 3) {
-+    CONF_ERROR(cmd, "wrong number of parameters")
-+  }
- 
--  CHECK_ARGS(cmd, 1);
-   CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
- 
--  /* NOTE: need to add checks for maximum possible sizes, negative sizes. */
--  size = atoi(cmd->argv[1]);
-+  if (cmd->argc == 3) {
-+    units = cmd->argv[2];
-+  }
-+
-+  if (pr_str_get_nbytes(cmd->argv[1], units, &nbytes) < 0) {
-+    CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "unable to parse: ",
-+      cmd->argv[1], " ", units, ": ", strerror(errno), NULL));
-+  }
-+
-+  if (nbytes > PR_TUNABLE_CMD_BUFFER_SIZE) {
-+    char max[1024];
-+
-+    snprintf(max, sizeof(max)-1, "%lu", (unsigned long)
-+      PR_TUNABLE_CMD_BUFFER_SIZE);
-+    max[sizeof(max)-1] = '\0';
-+
-+    CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "size ", cmd->argv[1], units,
-+      "exceeds max size ", max, NULL));
-+  }
-+
-+  /* Possible truncation here, but only for an absurdly large size. */
-+  size = (size_t) nbytes;
- 
-   c = add_config_param(cmd->argv[0], 1, NULL);
--  c->argv[0] = pcalloc(c->pool, sizeof(int));
--  *((int *) c->argv[0]) = size;
-+  c->argv[0] = pcalloc(c->pool, sizeof(size_t));
-+  *((size_t *) c->argv[0]) = size;
- 
-   return PR_HANDLED(cmd);
- }
-diff --git a/src/main.c b/src/main.c
-index 3e6d637..660e14b 100644
---- a/src/main.c
-+++ b/src/main.c
[email protected]@ -466,42 +466,21 @@ static int _dispatch(cmd_rec *cmd, int cmd_type, int validate, char *match) {
-   return success;
- }
- 
--/* Returns the appropriate maximum buffer length to use for FTP commands
-- * from the client, taking the CommandBufferSize directive into account.
-+/* Returns the appropriate maximum buffer size to use for FTP commands
-+ * from the client.
-  */
--static long get_max_cmd_len(size_t buflen) {
--  long res;
--  int *bufsz = NULL;
--  size_t default_cmd_bufsz;
--
--  /* It's possible for the admin to select a PR_TUNABLE_BUFFER_SIZE which
--   * is smaller than PR_DEFAULT_CMD_BUFSZ.  We need to handle such cases
--   * properly.
--   */
--  default_cmd_bufsz = PR_DEFAULT_CMD_BUFSZ;
--  if (default_cmd_bufsz > buflen) {
--    default_cmd_bufsz = buflen;
--  }
-- 
-+static size_t get_max_cmd_sz(void) {
-+  size_t res;
-+  size_t *bufsz = NULL;
-+
-   bufsz = get_param_ptr(main_server->conf, "CommandBufferSize", FALSE);
-   if (bufsz == NULL) {
--    res = default_cmd_bufsz;
--
--  } else if (*bufsz <= 0) {
--    pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
--      "using default buffer size (%lu) instead", *bufsz,
--      (unsigned long) default_cmd_bufsz);
--    res = default_cmd_bufsz;
--
--  } else if (*bufsz + 1 > buflen) {
--    pr_log_pri(PR_LOG_WARNING, "invalid CommandBufferSize size (%d) given, "
--      "using default buffer size (%lu) instead", *bufsz,
--      (unsigned long) default_cmd_bufsz);
--    res = default_cmd_bufsz;
-+    res = PR_DEFAULT_CMD_BUFSZ;
- 
-   } else {
--    pr_log_debug(DEBUG1, "setting CommandBufferSize to %d", *bufsz);
--    res = (long) *bufsz;
-+    pr_log_debug(DEBUG1, "setting CommandBufferSize to %lu",
-+      (unsigned long) *bufsz);
-+    res = *bufsz;
-   }
- 
-   return res;
[email protected]@ -509,21 +488,29 @@ static long get_max_cmd_len(size_t buflen) {
- 
- int pr_cmd_read(cmd_rec **res) {
-   static long cmd_bufsz = -1;
--  char buf[PR_DEFAULT_CMD_BUFSZ+1] = {'\0'};
-+  static char *cmd_buf = NULL;
-   char *cp;
--  size_t buflen;
-+  size_t cmd_buflen;
- 
-   if (res == NULL) {
-     errno = EINVAL;
-     return -1;
-   }
- 
-+  if (cmd_bufsz == -1) {
-+    cmd_bufsz = get_max_cmd_sz();
-+  }
-+
-+  if (cmd_buf == NULL) {
-+    cmd_buf = pcalloc(session.pool, cmd_bufsz + 1);
-+  }
-+
-   while (TRUE) {
-     pr_signals_handle();
- 
--    memset(buf, '\0', sizeof(buf));
-+    memset(cmd_buf, '\0', cmd_bufsz);
- 
--    if (pr_netio_telnet_gets(buf, sizeof(buf)-1, session.c->instrm,
-+    if (pr_netio_telnet_gets(cmd_buf, cmd_bufsz, session.c->instrm,
-         session.c->outstrm) == NULL) {
- 
-       if (errno == E2BIG) {
[email protected]@ -544,9 +531,6 @@ int pr_cmd_read(cmd_rec **res) {
-     break;
-   }
- 
--  if (cmd_bufsz == -1)
--    cmd_bufsz = get_max_cmd_len(sizeof(buf));
--
-   /* This strlen(3) is guaranteed to terminate; the last byte of buf is
-    * always NUL, since pr_netio_telnet_gets() is told that the buf size is
-    * one byte less than it really is.
[email protected]@ -554,26 +538,28 @@ int pr_cmd_read(cmd_rec **res) {
-    * If the strlen(3) says that the length is less than the cmd_bufsz, then
-    * there is no need to truncate the buffer by inserting a NUL.
-    */
--  buflen = strlen(buf);
--  if (buflen > (cmd_bufsz - 1)) {
-+  cmd_buflen = strlen(cmd_buf);
-+  if (cmd_buflen > cmd_bufsz) {
-     pr_log_debug(DEBUG0, "truncating incoming command length (%lu bytes) to "
-       "CommandBufferSize %lu; use the CommandBufferSize directive to increase "
--      "the allowed command length", (unsigned long) buflen,
-+      "the allowed command length", (unsigned long) cmd_buflen,
-       (unsigned long) cmd_bufsz);
--    buf[cmd_bufsz - 1] = '\0';
-+    cmd_buf[cmd_bufsz-1] = '\0';
-   }
- 
--  if (buflen &&
--      (buf[buflen-1] == '\n' || buf[buflen-1] == '\r')) {
--    buf[buflen-1] = '\0';
--    buflen--;
-+  if (cmd_buflen &&
-+      (cmd_buf[cmd_buflen-1] == '\n' || cmd_buf[cmd_buflen-1] == '\r')) {
-+    cmd_buf[cmd_buflen-1] = '\0';
-+    cmd_buflen--;
- 
--    if (buflen &&
--        (buf[buflen-1] == '\n' || buf[buflen-1] =='\r'))
--      buf[buflen-1] = '\0';
-+    if (cmd_buflen &&
-+        (cmd_buf[cmd_buflen-1] == '\n' || cmd_buf[cmd_buflen-1] =='\r')) {
-+      cmd_buf[cmd_buflen-1] = '\0';
-+      cmd_buflen--;
-+    }
-   }
- 
--  cp = buf;
-+  cp = cmd_buf;
-   if (*cp == '\r')
-     cp++;
- 
[email protected]@ -587,11 +573,11 @@ int pr_cmd_read(cmd_rec **res) {
-      * command handlers themselves, via cmd->arg.  This small hack
-      * reduces the burden on SITE module developers, however.
-      */
--    if (strncasecmp(cp, C_SITE, 4) == 0)
-+    if (strncasecmp(cp, C_SITE, 4) == 0) {
-       flags |= PR_STR_FL_PRESERVE_WHITESPACE;
-+    }
- 
-     cmd = make_ftp_cmd(session.pool, cp, flags);
--
-     if (cmd) {
-       *res = cmd;
-     } 
-diff --git a/src/str.c b/src/str.c
-index d243a17..4f327bf 100644
---- a/src/str.c
-+++ b/src/str.c
[email protected]@ -367,6 +367,81 @@ char *pr_str_strip_end(char *s, char *ch) {
-   return s;
- }
- 
-+int pr_str_get_nbytes(const char *str, const char *units, off_t *nbytes) {
-+  off_t sz;
-+  char *ptr = NULL;
-+  float factor = 0.0;
-+
-+  if (str == NULL) {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  /* No negative numbers. */
-+  if (*str == '-') {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  if (units == NULL ||
-+      *units == '\0') {
-+    factor = 1.0;
-+
-+  } else if (strncasecmp(units, "KB", 3) == 0) {
-+    factor = 1024.0;
-+
-+  } else if (strncasecmp(units, "MB", 3) == 0) {
-+    factor = 1024.0 * 1024.0;
-+
-+  } else if (strncasecmp(units, "GB", 3) == 0) {
-+    factor = 1024.0 * 1024.0 * 1024.0;
-+
-+  } else if (strncasecmp(units, "TB", 3) == 0) {
-+    factor = 1024.0 * 1024.0 * 1024.0 * 1024.0;
-+
-+  } else if (strncasecmp(units, "B", 2) == 0) {
-+    factor = 1.0;
-+
-+  } else {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  errno = 0;
-+
-+#ifdef HAVE_STRTOULL
-+  sz = strtoull(str, &ptr, 10);
-+#else
-+  sz = strtoul(str, &ptr, 10);
-+#endif /* !HAVE_STRTOULL */
-+
-+  if (errno == ERANGE) {
-+    return -1;
-+  }
-+
-+  if (ptr != NULL && *ptr) {
-+    /* Error parsing the given string */
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  /* Don't bother applying the factor if the result will overflow the result. */
-+#ifdef ULLONG_MAX
-+  if (sz > (ULLONG_MAX / factor)) {
-+#else
-+  if (sz > (ULONG_MAX / factor)) {
-+#endif /* !ULLONG_MAX */
-+    errno = ERANGE;
-+    return -1;
-+  }
-+
-+  if (nbytes != NULL) {
-+    *nbytes = (off_t) (sz * factor);
-+  }
-+
-+  return 0;
-+}
-+
- char *pr_str_get_word(char **cp, int flags) {
-   char *res, *dst;
-   char quote_mode = 0;
-diff --git a/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm b/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-index ed4672a..a57c898 100644
---- a/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
-+++ b/tests/t/lib/ProFTPD/Tests/Config/CommandBufferSize.pm
[email protected]@ -94,6 +94,8 @@ sub cmdbuffersz_small {
-     die("Can't open $test_path: $!");
-   }
- 
-+  my $idle_timeout = 3;
-+
-   my $config = {
-     PidFile => $pid_file,
-     ScoreboardFile => $scoreboard_file,
[email protected]@ -103,6 +105,7 @@ sub cmdbuffersz_small {
-     AuthGroupFile => $auth_group_file,
- 
-     CommandBufferSize => $cmdbufsz,
-+    TimeoutIdle => $idle_timeout,
- 
-     IfModules => {
-       'mod_delay.c' => {
[email protected]@ -128,44 +131,16 @@ sub cmdbuffersz_small {
-   defined(my $pid = fork()) or die("Can't fork: $!");
-   if ($pid) {
-     eval {
--      my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port);
-+      my $client = ProFTPD::TestSuite::FTP->new('127.0.0.1', $port, 0, 1);
-       $client->login($user, $passwd);
- 
--      my $conn = $client->list_raw($test_file);
--      unless ($conn) {
--        die("Failed to LIST $test_file: " . $client->response_code() . " " .
--          $client->response_msg());
-+      # Since our filename is longer than the CommandBufferSize, proftpd
-+      # should simply ignore this.  It will fail because of the idle timeout
-+      # first.
-+      eval { $client->stat($test_file) };
-+      unless ([email protected]) {
-+        die("STAT command succeeded unexpectedly");
-       }
--
--      my $buf;
--      $conn->read($buf, 8192, 30);
--      eval { $conn->close() };
--
--      my $resp_code = $client->response_code();
--      my $resp_msg = $client->response_msg();
--
--      # CommandBufferSize works by truncating any input longer than the
--      # configured length.  (It should arguably reject such longer input,
--      # but that is a different consideration.)
--      #
--      # Since our file name is longer than the CommandBufferSize, it means
--      # the path will be truncated, and the LIST should return 450.
--
--      my $expected;
--
--      $expected = 450;
--      $self->assert($expected == $resp_code,
--        test_msg("Expected $expected, got $resp_code"));
--
--      # This length is CommandBufferSize - "LIST"(4) - " "(1) - 1 for
--      # the NUL reserved in the code.  Thus CommandBufferSize - 6.
--      my $truncated_name = ("A" x ($cmdbufsz - 6));
--
--      $expected = "$truncated_name: No such file or directory";
--      $self->assert($expected eq $resp_msg,
--        test_msg("Expected '$expected', got '$resp_msg'"));
--
--      $client->quit();
-     };
- 
-     if ([email protected]) {
[email protected]@ -176,7 +151,7 @@ sub cmdbuffersz_small {
-     $wfh->flush();
- 
-   } else {
--    eval { server_wait($config_file, $rfh) };
-+    eval { server_wait($config_file, $rfh, 15) };
-     if ([email protected]) {
-       warn([email protected]);
-       exit 1;
-
--- a/components/proftpd/patches/17599705.patch	Fri Jul 25 13:25:28 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,315 +0,0 @@
-http://bugs.proftpd.org/show_bug.cgi?id=4011
-
-diff --git a/include/fsio.h b/include/fsio.h
-index 07c18c1..a4c395e 100644
---- a/include/fsio.h
-+++ b/include/fsio.h
[email protected]@ -189,6 +189,9 @@ struct fh_rec {
-   size_t fh_iosz;
- };
- 
-+/* Maximum symlink count, for loop detection. */
-+#define PR_FSIO_MAX_LINK_COUNT         32
-+
- /* Macros for that code that needs to get into the internals of pr_fs_t.
-  * (These will help keep the internals as opaque as possible).
-  */
[email protected]@ -319,7 +322,11 @@ char *pr_fs_encode_path(pool *, const char *);
- int pr_fs_use_encoding(int bool);
- int pr_fs_valid_path(const char *);
- void pr_fs_virtual_path(const char *, char *, size_t);
-+
- void pr_fs_clean_path(const char *, char *, size_t);
-+int pr_fs_clean_path2(const char *, char *, size_t, int);
-+#define PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH    0x001
-+
- int pr_fs_glob(const char *, int, int (*errfunc)(const char *, int), glob_t *);
- void pr_fs_globfree(glob_t *);
- void pr_resolve_fs_map(void);
-diff --git a/modules/mod_ls.c b/modules/mod_ls.c
-index 50e8035..58e81d7 100644
---- a/modules/mod_ls.c
-+++ b/modules/mod_ls.c
[email protected]@ -2571,46 +2571,6 @@ MODRET ls_nlst(cmd_rec *cmd) {
-     }
-   }
- 
--  /* Clean the path. */
--  if (*target != '/') {
--    size_t cwdlen = strlen(pr_fs_getcwd());
--
--    pr_fs_clean_path(pdircat(cmd->tmp_pool, pr_fs_getcwd(), target, NULL),
--      buf, sizeof(buf));
--
--    target = buf;
--
--    /* If the given target was not an absolute path, advance past the
--     * current working directory prefix in the cleaned up target path.
--     */
--    target += cwdlen;
--
--    /* If the length of the current working directory (cwdlen) is one,
--     * it means that the current working directory is the root ('/'),
--     * and so we don't want to advance past that into the file name
--     * portion of the path.
--     */
--    if (cwdlen > 1)
--      target += 1;
--
--  } else {
--    pr_fs_clean_path(target, buf, sizeof(buf));
--    target = buf;
--  }
--
--  /* Remove any trailing separators. */
--  targetlen = strlen(target);
--  while (targetlen >= 1 &&
--         target[targetlen-1] == '/') {
--
--    if (strcmp(target, "/") == 0) {
--      break;
--    }
--
--    target[targetlen-1] = '\0';
--    targetlen = strlen(target);
--  }
--
-   /* If the target is a glob, get the listing of files/dirs to send. */
-   if (use_globbing &&
-       pr_str_is_fnmatch(target)) {
[email protected]@ -2715,12 +2675,36 @@ MODRET ls_nlst(cmd_rec *cmd) {
-     }
- 
-   } else {
--
-     /* A single target. If it's a directory, list the contents; if it's a
-      * file, just list the file.
-      */
-     struct stat st;
- 
-+    if (!is_dotdir(target)) {
-+      /* Clean the path. */
-+      if (*target != '/') {
-+        pr_fs_clean_path2(target, buf, sizeof(buf), 0);
-+
-+      } else {
-+        pr_fs_clean_path(target, buf, sizeof(buf));
-+      }
-+
-+      target = buf;
-+
-+    } else {
-+      /* Remove any trailing separators. */
-+      targetlen = strlen(target);
-+      while (targetlen >= 1 &&
-+             target[targetlen-1] == '/') {
-+        if (strncmp(target, "/", 2) == 0) {
-+          break;
-+        }
-+
-+        target[targetlen-1] = '\0';
-+        targetlen = strlen(target);
-+      }
-+    }
-+
-     if (!ls_perms_full(cmd->tmp_pool, cmd, target, &hidden)) {
-       int xerrno = errno;
- 
-diff --git a/src/fsio.c b/src/fsio.c
-index 782168d..4d191fe 100644
---- a/src/fsio.c
-+++ b/src/fsio.c
[email protected]@ -1627,8 +1627,8 @@ int pr_fs_resolve_partial(const char *path, char *buf, size_t buflen, int op) {
- 
-   pr_fs_t *fs = NULL;
-   int len = 0, fini = 1, link_cnt = 0;
--  ino_t last_inode = 0;
--  dev_t last_device = 0;
-+  ino_t prev_inode = 0;
-+  dev_t prev_device = 0;
-   struct stat sbuf;
- 
-   if (!path) {
[email protected]@ -1740,16 +1740,16 @@ int pr_fs_resolve_partial(const char *path, char *buf, size_t buflen, int op) {
-         char linkpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
- 
-         /* Detect an obvious recursive symlink */
--        if (sbuf.st_ino && (ino_t) sbuf.st_ino == last_inode &&
--            sbuf.st_dev && (dev_t) sbuf.st_dev == last_device) {
-+        if (sbuf.st_ino && (ino_t) sbuf.st_ino == prev_inode &&
-+            sbuf.st_dev && (dev_t) sbuf.st_dev == prev_device) {
-           errno = ELOOP;
-           return -1;
-         }
- 
--        last_inode = (ino_t) sbuf.st_ino;
--        last_device = (dev_t) sbuf.st_dev;
-+        prev_inode = (ino_t) sbuf.st_ino;
-+        prev_device = (dev_t) sbuf.st_dev;
- 
--        if (++link_cnt > 32) {
-+        if (++link_cnt > PR_FSIO_MAX_LINK_COUNT) {
-           errno = ELOOP;
-           return -1;
-         }
[email protected]@ -1820,8 +1820,8 @@ int pr_fs_resolve_path(const char *path, char *buf, size_t buflen, int op) {
-   pr_fs_t *fs = NULL;
- 
-   int len = 0, fini = 1, link_cnt = 0;
--  ino_t last_inode = 0;
--  dev_t last_device = 0;
-+  ino_t prev_inode = 0;
-+  dev_t prev_device = 0;
-   struct stat sbuf;
- 
-   if (!path) {
[email protected]@ -1906,16 +1906,16 @@ int pr_fs_resolve_path(const char *path, char *buf, size_t buflen, int op) {
-         char linkpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
- 
-         /* Detect an obvious recursive symlink */
--        if (sbuf.st_ino && (ino_t) sbuf.st_ino == last_inode &&
--            sbuf.st_dev && (dev_t) sbuf.st_dev == last_device) {
-+        if (sbuf.st_ino && (ino_t) sbuf.st_ino == prev_inode &&
-+            sbuf.st_dev && (dev_t) sbuf.st_dev == prev_device) {
-           errno = ELOOP;
-           return -1;
-         }
- 
--        last_inode = (ino_t) sbuf.st_ino;
--        last_device = (dev_t) sbuf.st_dev;
-+        prev_inode = (ino_t) sbuf.st_ino;
-+        prev_device = (dev_t) sbuf.st_dev;
- 
--        if (++link_cnt > 32) {
-+        if (++link_cnt > PR_FSIO_MAX_LINK_COUNT) {
-           errno = ELOOP;
-           return -1;
-         }
[email protected]@ -1977,22 +1977,33 @@ int pr_fs_resolve_path(const char *path, char *buf, size_t buflen, int op) {
-   return 0;
- }
- 
--void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-+int pr_fs_clean_path2(const char *path, char *buf, size_t buflen, int flags) {
-   char workpath[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
-   char curpath[PR_TUNABLE_PATH_MAX + 1]  = {'\0'};
-   char namebuf[PR_TUNABLE_PATH_MAX + 1]  = {'\0'};
--  char *where = NULL, *ptr = NULL, *last = NULL;
--  int fini = 1;
-+  int fini = 1, have_abs_path = FALSE; 
- 
--  if (!path)
--    return;
-+  if (path == NULL ||
-+      buf == NULL) {
-+    errno = EINVAL;
-+    return -1;
-+  }
-+
-+  if (buflen == 0) {
-+    return 0;
-+  }
- 
-   sstrncpy(curpath, path, sizeof(curpath));
- 
-+  if (*curpath == '/') {
-+    have_abs_path = TRUE;
-+  }
-+
-   /* main loop */
-   while (fini--) {
--    where = curpath;
-+    char *where = NULL, *ptr = NULL, *last = NULL;
- 
-+    where = curpath;
-     while (*where != '\0') {
-       pr_signals_handle();
- 
[email protected]@ -2013,8 +2024,12 @@ void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-         ptr = last = workpath;
- 
-         while (*ptr) {
--          if (*ptr == '/')
-+          pr_signals_handle();
-+
-+          if (*ptr == '/') {
-             last = ptr;
-+          }
-+
-           ptr++;
-         }
- 
[email protected]@ -2028,34 +2043,46 @@ void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-         ptr = last = workpath;
- 
-         while (*ptr) {
--          if (*ptr == '/')
-+          pr_signals_handle();
-+
-+          if (*ptr == '/') {
-             last = ptr;
-+          }
-           ptr++;
-         }
-+
-         *last = '\0';
-         continue;
-       }
--      ptr = strchr(where, '/');
- 
--      if (!ptr) {
-+      ptr = strchr(where, '/');
-+      if (ptr == NULL) {
-         size_t wherelen = strlen(where);
- 
-         ptr = where;
--        if (wherelen >= 1)
-+        if (wherelen >= 1) {
-           ptr += (wherelen - 1);
-+        }
- 
--      } else
-+      } else {
-         *ptr = '\0';
-+      }
- 
-       sstrncpy(namebuf, workpath, sizeof(namebuf));
- 
-       if (*namebuf) {
-         for (last = namebuf; *last; last++);
--        if (*--last != '/')
-+        if (*--last != '/') {
-           sstrcat(namebuf, "/", sizeof(namebuf)-1);
-+        }
- 
--      } else
--        sstrcat(namebuf, "/", sizeof(namebuf)-1);
-+      } else {
-+        if (have_abs_path ||
-+            (flags & PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH)) {
-+          sstrcat(namebuf, "/", sizeof(namebuf)-1);
-+          have_abs_path = FALSE;
-+        }
-+      }
- 
-       sstrcat(namebuf, where, sizeof(namebuf)-1);
-       namebuf[sizeof(namebuf)-1] = '\0';
[email protected]@ -2066,10 +2093,16 @@ void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-     }
-   }
- 
--  if (!workpath[0])
-+  if (!workpath[0]) {
-     sstrncpy(workpath, "/", sizeof(workpath));
-+  }
- 
-   sstrncpy(buf, workpath, buflen);
-+  return 0;
-+}
-+
-+void pr_fs_clean_path(const char *path, char *buf, size_t buflen) {
-+  pr_fs_clean_path2(path, buf, buflen, PR_FSIO_CLEAN_PATH_FL_MAKE_ABS_PATH);
- }
- 
- int pr_fs_use_encoding(int bool) {
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/patches/18845170.patch	Mon Jul 28 03:27:16 2014 -0700
@@ -0,0 +1,20 @@
+http://bugs.proftpd.org/show_bug.cgi?id=4069
+https://github.com/proftpd/proftpd/commit/38cf9e5028cbddee2b0dcba436d60199da1edf80
+
+--- a/modules/mod_ls.c
++++ b/modules/mod_ls.c
[email protected]@ -2755,6 +2755,13 @@ MODRET ls_nlst(cmd_rec *cmd) {
+     parse_list_opts(&list_options, &glob_flags, TRUE);
+   }
+ 
++  /* If, after parsing out any options, the target string is empty, assume
++   * the current directory (Bug#4069).
++   */
++  if (*target == '\0') {
++    target = pstrdup(cmd->tmp_pool, ".");
++  }
++
+   /* If the target starts with '~' ... */
+   if (*target == '~') {
+     char pb[PR_TUNABLE_PATH_MAX + 1] = {'\0'};
+
--- a/components/proftpd/patches/disable_mod_ctrls_for_inetd_3819.patch	Fri Jul 25 13:25:28 2014 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
---- a/modules/mod_ctrls.c
-+++ b/modules/mod_ctrls.c
[email protected]@ -1157,7 +1157,8 @@ static void ctrls_shutdown_ev(const void *event_data, void *user_data) {
- }
- 
- static void ctrls_postparse_ev(const void *event_data, void *user_data) {
--  if (!ctrls_engine) {
-+  if (ctrls_engine == FALSE ||
-+      ServerType == SERVER_INETD) {
-     return;
-   }
- 
-diff --git a/src/ctrls.c b/src/ctrls.c
-index 232bb7d..1f47c73 100644
---- a/src/ctrls.c
-+++ b/src/ctrls.c
[email protected]@ -1975,7 +1975,7 @@ void init_ctrls(void) {
- 
-   sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
-   if (sockfd < 0) {
--    pr_log_pri(PR_LOG_DEBUG, "unable to create Unix domain socket: %s",
-+    pr_log_debug(DEBUG10, "unable to create Unix domain socket: %s",
-       strerror(errno));
-     return;
-   }
[email protected]@ -1986,7 +1986,7 @@ void init_ctrls(void) {
-   socklen = sizeof(struct sockaddr_un);
- 
-   if (bind(sockfd, (struct sockaddr *) &sockun, socklen) < 0) {
--    pr_log_pri(PR_LOG_DEBUG,
-+    pr_log_debug(DEBUG10,
-       "unable to bind to Unix domain socket at '%s': %s",
-       sockpath, strerror(errno));
-     (void) close(sockfd);
[email protected]@ -1995,7 +1995,7 @@ void init_ctrls(void) {
-   }
- 
-   if (fstat(sockfd, &st) < 0) {
--    pr_log_pri(PR_LOG_DEBUG,
-+    pr_log_debug(DEBUG10,
-       "unable to stat Unix domain socket at '%s': %s",
-       sockpath, strerror(errno));
-     (void) close(sockfd);
-
--- a/components/proftpd/patches/proftpd-configuration-html.patch	Fri Jul 25 13:25:28 2014 -0700
+++ b/components/proftpd/patches/proftpd-configuration-html.patch	Mon Jul 28 03:27:16 2014 -0700
@@ -1,1658 +1,6 @@
---- proftpd-1.3.3e/doc/Configuration.html	Fri Oct  5 08:38:32 2007
-+++ proftpd-1.3.3g/doc/Configuration.html	Fri Feb  1 22:32:57 2013
[email protected]@ -3,9 +3,7 @@
- ><HEAD
- ><TITLE
- >Configuration Directive List</TITLE
--><META
--NAME="GENERATOR"
--CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD
-+><meta name="generator" content="Bluefish 2.0.2" ></HEAD
- ><BODY
- CLASS="BOOK"
- BGCOLOR="#FFFFFF"
[email protected]@ -113,11 +111,6 @@
- >&nbsp;--&nbsp;User based allow rules</DT
- ><DT
- ><A
--HREF="#ANONRATIO"
-->&#13;AnonRatio</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
- HREF="#ANONREJECTPASSWORDS"
- >&#13;AnonRejectPasswords</A
- >&nbsp;--&nbsp;Block certain anonymous user passwords</DT
[email protected]@ -178,21 +171,6 @@
- >&nbsp;--&nbsp;Bind the server or Virtualhost to a specific IP address [deprecated]</DT
- ><DT
- ><A
--HREF="#BYTERATIOERRMSG"
-->&#13;ByteRatioErrMsg</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
--HREF="#CAPABILITIESENGINE"
-->&#13;CapabilitiesEngine</A
-->&nbsp;--&nbsp;Enable/disable mod_cap</DT
--><DT
--><A
--HREF="#CAPABILITIESSET"
-->&#13;CapabilitiesSet</A
-->&nbsp;--&nbsp;Configure the set of Linux capabilities processed</DT
--><DT
--><A
- HREF="#CDPATH"
- >&#13;CDPath</A
- >&nbsp;--&nbsp;Sets "search paths" for the cd command</DT
[email protected]@ -218,11 +196,6 @@
- >&nbsp;--&nbsp;Create and populate users' home directories as needed</DT
- ><DT
- ><A
--HREF="#CWDRATIOMSG"
-->&#13;CwdRatioMsg</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
- HREF="#DEBUGLEVEL"
- >&#13;DebugLevel</A
- >&nbsp;--&nbsp;Set the debugging output level</DT
[email protected]@ -364,21 +337,11 @@
- >&nbsp;--&nbsp;Set the file to display on quit</DT
- ><DT
- ><A
--HREF="#DISPLAYREADME"
-->&#13;DisplayReadme</A
-->&nbsp;--&nbsp;Enable display of file modification times on a file pattern</DT
--><DT
--><A
- HREF="#EXTENDEDLOG"
- >&#13;ExtendedLog</A
- >&nbsp;--&nbsp;Specify custom logfiles</DT
- ><DT
- ><A
--HREF="#FILERATIOERRMSG"
-->&#13;FileRatioErrMsg</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
- HREF="#GLOBAL"
- >&#13;Global</A
- >&nbsp;--&nbsp;Set some directives to apply across the entire daemon</DT
[email protected]@ -399,11 +362,6 @@
- >&nbsp;--&nbsp;Set a group-wide password</DT
- ><DT
- ><A
--HREF="#GROUPRATIO"
-->&#13;GroupRatio</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
- HREF="#HIDDENSTOR"
- >&#13;HiddenStor</A
- >&nbsp;--&nbsp;Enables more safe file uploads [deprecated]</DT
[email protected]@ -435,11 +393,6 @@
- >&nbsp;--&nbsp;Enable hiding of files based on user owner</DT
- ><DT
- ><A
--HREF="#HOSTRATIO"
-->&#13;HostRatio</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
- HREF="#IDENTLOOKUPS"
- >&#13;IdentLookups</A
- >&nbsp;--&nbsp;Toggle ident lookups</DT
[email protected]@ -465,170 +418,6 @@
- >&nbsp;--&nbsp;Load additional configuration directives from a file</DT
- ><DT
- ><A
--HREF="#LDAPALIASDEREFERENCE"
-->&#13;    LDAPAliasDereference</A
-->&nbsp;--&nbsp;Specify how LDAP alias dereferencing is done</DT
--><DT
--><A
--HREF="#LDAPATTR"
-->&#13;LDAPAttr</A
-->&nbsp;--&nbsp;Map LDAP Attributes to something non standard</DT
--><DT
--><A
--HREF="#LDAPAUTHBINDS"
-->&#13;			LDAPAuthBinds</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
--HREF="#LDAPDEFAULTAUTHSCHEME"
-->&#13;			LDAPDefaultAuthScheme</A
-->&nbsp;--&nbsp;			Set the authentication scheme/hash that is used when no leading
--			{hashname} is present.
--		</DT
--><DT
--><A
--HREF="#LDAPDEFAULTGID"
-->&#13;			LDAPDefaultGID</A
-->&nbsp;--&nbsp;			Set the default GID to be assigned to users when no uidNumber
--			attribute is found.
--		</DT
--><DT
--><A
--HREF="#LDAPDEFAULTUID"
-->&#13;			LDAPDefaultUID</A
-->&nbsp;--&nbsp;			Set the default UID to be assigned to users when no uidNumber
--			attribute is found.
--		</DT
--><DT
--><A
--HREF="#LDAPDNINFO"
-->&#13;			LDAPDNInfo</A
-->&nbsp;--&nbsp;Set DN information to be used for initial bind</DT
--><DT
--><A
--HREF="#LDAPDOAUTH"
-->&#13;			LDAPDoAuth</A
-->&nbsp;--&nbsp;Enable LDAP authentication</DT
--><DT
--><A
--HREF="#LDAPDOGIDLOOKUPS"
-->&#13;			LDAPDoGIDLookups</A
-->&nbsp;--&nbsp;			Enable LDAP lookups for user group membership and GIDs in
--			directory listings
--		</DT
--><DT
--><A
--HREF="#LDAPDOQUOTALOOKUPS"
-->&#13;			LDAPDoQuotaLookups</A
-->&nbsp;--&nbsp;Enable LDAP quota limit support</DT
--><DT
--><A
--HREF="#LDAPDOUIDLOOKUPS"
-->&#13;      LDAPDoUIDLookups</A
-->&nbsp;--&nbsp;      Enable LDAP lookups for UIDs in directory listings
--    </DT
--><DT
--><A
--HREF="#LDAPFORCEDEFAULTGID"
-->&#13;			LDAPForceDefaultGID</A
-->&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same GID.</DT
--><DT
--><A
--HREF="#LDAPFORCEDEFAULTUID"
-->&#13;			LDAPForceDefaultUID</A
-->&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same UID.</DT
--><DT
--><A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->&#13;      LDAPForceGeneratedHomedir</A
-->&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
--      prefix/suffix.
--    </DT
--><DT
--><A
--HREF="#LDAPFORCEHOMEDIRONDEMAND"
-->&#13;      LDAPForceHomedirOnDemand</A
-->&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
--      prefix/suffix. [deprecated]
--    </DT
--><DT
--><A
--HREF="#LDAPGENERATEHOMEDIR"
-->&#13;			LDAPGenerateHomedir</A
-->&nbsp;--&nbsp;			Enable the creation of user home directories on demand
--		</DT
--><DT
--><A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->&#13;			LDAPGenerateHomedirPrefix</A
-->&nbsp;--&nbsp;			Enable the creation of user home directories on demand
--		</DT
--><DT
--><A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->&#13;LDAPGenerateHomedirPrefixNoUsername</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMAND"
-->&#13;			LDAPHomedirOnDemand</A
-->&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
--		</DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMANDPREFIX"
-->&#13;			LDAPHomedirOnDemandPrefix</A
-->&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
--		</DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
-->&#13;LDAPHomedirOnDemandPrefixNoUsername</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
--HREF="#LDAPHOMEDIRONDEMANDSUFFIX"
-->&#13;			LDAPHomedirOnDemandSuffix</A
-->&nbsp;--&nbsp;			Specify an additional directory to be created inside a user's
--			home directory on demand. [deprecated]
--		</DT
--><DT
--><A
--HREF="#LDAPNEGATIVECACHE"
-->&#13;			LDAPNegativeCache</A
-->&nbsp;--&nbsp;Enable negative caching for LDAP lookups</DT
--><DT
--><A
--HREF="#LDAPPROTOCOLVERSION"
-->&#13;LDAPProtocolVersion</A
-->&nbsp;--&nbsp;Set the LDAP protocol version</DT
--><DT
--><A
--HREF="#LDAPQUERYTIMEOUT"
-->&#13;			LDAPQueryTimeout</A
-->&nbsp;--&nbsp;Set a timeout for LDAP queries</DT
--><DT
--><A
--HREF="#LDAPSEARCHSCOPE"
-->&#13;			LDAPSearchScope</A
-->&nbsp;--&nbsp;Specify the search scope used in LDAP queries</DT
--><DT
--><A
--HREF="#LDAPSERVER"
-->&#13;			LDAPServer</A
-->&nbsp;--&nbsp;Specify the LDAP server to use for lookups</DT
--><DT
--><A
--HREF="#LDAPUSETLS"
-->&#13;			LDAPUseTLS</A
-->&nbsp;--&nbsp;Enable TLS/SSL connections to the LDAP server.</DT
--><DT
--><A
--HREF="#LEECHRATIOMSG"
-->&#13;LeechRatioMsg</A
-->&nbsp;--&nbsp;Sets the 'over ratio' error message</DT
--><DT
--><A
- HREF="#LIMIT"
- >&#13;Limit</A
- >&nbsp;--&nbsp;Set the commands/actions to be controlled</DT
[email protected]@ -749,86 +538,11 @@
- >&nbsp;--&nbsp;Set the port for the control socket</DT
- ><DT
- ><A
--HREF="#RADIUSACCTSERVER"
-->&#13;RadiusAcctServer</A
-->&nbsp;--&nbsp;Setup RADIUS accounting details</DT
--><DT
--><A
--HREF="#RADIUSAUTHSERVER"
-->&#13;RadiusAuthServer</A
-->&nbsp;--&nbsp;Setup RADIUS authenticator details</DT
--><DT
--><A
--HREF="#RADIUSENGINE"
-->&#13;RadiusEngine</A
-->&nbsp;--&nbsp;Enable RADIUS support</DT
--><DT
--><A
--HREF="#RADIUSLOG"
-->&#13;RadiusLog</A
-->&nbsp;--&nbsp;Specify the logfile for reporting / debugging</DT
--><DT
--><A
--HREF="#RADIUSREALM"
-->&#13;RadiusRealm</A
-->&nbsp;--&nbsp;Setup the authentication realm</DT
--><DT
--><A
--HREF="#RADIUSUSERINFO"
-->&#13;RadiusUserInfo</A
-->&nbsp;--&nbsp;Configure login information via RADIUS</DT
--><DT
--><A
--HREF="#RATIOFILE"
-->&#13;RatioFile</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
--HREF="#RATIOS"
-->&#13;Ratios</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
--HREF="#RATIOTEMPFILE"
-->&#13;RatioTempFile</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
- HREF="#REQUIREVALIDSHELL"
- >&#13;RequireValidShell</A
- >&nbsp;--&nbsp;Allow connections based on /etc/shells</DT
- ><DT
- ><A
--HREF="#REWRITECONDITION"
-->&#13;RewriteCondition</A
-->&nbsp;--&nbsp;Define a rule condition</DT
--><DT
--><A
--HREF="#REWRITEENGINE"
-->&#13;RewriteEngine</A
-->&nbsp;--&nbsp;Enable/disable mod_rewrite</DT
--><DT
--><A
--HREF="#REWRITELOCK"
-->&#13;RewriteLock</A
-->&nbsp;--&nbsp;Set the filename for synchronization lockfile</DT
--><DT
--><A
--HREF="#REWRITELOG"
-->&#13;RewriteLog</A
-->&nbsp;--&nbsp;Specify a log file for mod_rewrite reporting</DT
--><DT
--><A
--HREF="#REWRITEMAP"
-->&#13;RewriteMap</A
-->&nbsp;--&nbsp;Define a rewrite map</DT
--><DT
--><A
--HREF="#REWRITERULE"
-->&#13;RewriteRule</A
-->&nbsp;--&nbsp;Define a rewrite rule</DT
--><DT
--><A
- HREF="#RLIMITCPU"
- >&#13;RLimitCPU</A
- >&nbsp;--&nbsp;Configure the maximum CPU time in seconds used by a process</DT
[email protected]@ -854,11 +568,6 @@
- >&nbsp;--&nbsp;Drop root privileges completely</DT
- ><DT
- ><A
--HREF="#SAVERATIOS"
-->&#13;SaveRatios</A
-->&nbsp;--&nbsp;FIXME FIXME</DT
--><DT
--><A
- HREF="#SCOREBOARDFILE"
- >&#13;ScoreboardFile</A
- >&nbsp;--&nbsp;Sets the name and path of the scoreboard file</DT
[email protected]@ -891,7 +600,7 @@
- ><A
- HREF="#SETENV"
- >&#13;SetEnv</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
-+>&nbsp;--&nbsp;Set environment variable</DT
- ><DT
- ><A
- HREF="#SHOWSYMLINKS"
[email protected]@ -909,131 +618,6 @@
- >&nbsp;--&nbsp;Tune socket-level options</DT
- ><DT
- ><A
--HREF="#SQLAUTHENTICATE"
-->&#13;    SQLAuthenticate</A
-->&nbsp;--&nbsp;    Specify authentication methods and what to authenticate 
--  </DT
--><DD
--><DL
--><DT
--><A
--HREF="#AEN8505"
-->Group Table Structure</A
--></DT
--></DL
--></DD
--><DT
--><A
--HREF="#SQLAUTHTYPES"
-->&#13;SQLAuthTypes</A
-->&nbsp;--&nbsp;Specify the allowed authentication types and their check order</DT
--><DT
--><A
--HREF="#SQLBACKEND"
-->&#13;SQLBackend</A
-->&nbsp;--&nbsp;Set the SQL backend module</DT
--><DT
--><A
--HREF="#SQLCONNECTINFO"
-->&#13;SQLConnectInfo</A
-->&nbsp;--&nbsp;Specify connection information for the backend</DT
--><DT
--><A
--HREF="#SQLDEFAULTGID"
-->&#13;SQLDefaultGID</A
-->&nbsp;--&nbsp;Configure the default GID for users</DT
--><DT
--><A
--HREF="#SQLDEFAULTHOMEDIR"
-->&#13;SQLDefaultHomedir</A
-->&nbsp;--&nbsp;Configure the default homedir</DT
--><DT
--><A
--HREF="#SQLDEFAULTUID"
-->&#13;SQLDefaultUID</A
-->&nbsp;--&nbsp;Configure the default UID for users</DT
--><DT
--><A
--HREF="#SQLENGINE"
-->&#13;SQLEngine</A
-->&nbsp;--&nbsp;Configure how mod_sql will operate</DT
--><DT
--><A
--HREF="#SQLGROUPINFO"
-->&#13;SQLGroupInfo</A
-->&nbsp;--&nbsp;Configure the group table and fields that hold group information</DT
--><DT
--><A
--HREF="#SQLGROUPWHERECLAUSE"
-->&#13;SQLGroupWhereClause</A
-->&nbsp;--&nbsp;Configure a WHERE clause for every group query</DT
--><DT
--><A
--HREF="#SQLHOMEDIRONDEMAND"
-->&#13;SQLHomedirOnDemand</A
-->&nbsp;--&nbsp;Have mod_sql create home directories as needed [deprecated]</DT
--><DT
--><A
--HREF="#SQLLOG"
-->&#13;SQLLog</A
-->&nbsp;--&nbsp;Log information to a database table</DT
--><DT
--><A
--HREF="#SQLLOGFILE"
-->&#13;SQLLogFile</A
-->&nbsp;--&nbsp;Specify a log file for mod_sql reporting and debugging</DT
--><DT
--><A
--HREF="#SQLMINID"
-->&#13;SQLMinID</A
-->&nbsp;--&nbsp;Set SQLMinUserGID and SQLMinUserID in one place</DT
--><DT
--><A
--HREF="#SQLMINUSERGID"
-->&#13;SQLMinUserGID</A
-->&nbsp;--&nbsp;Set a minimum GID</DT
--><DT
--><A
--HREF="#SQLMINUSERUID"
-->&#13;SQLMinUserUID</A
-->&nbsp;--&nbsp;Set a minimum UID</DT
--><DT
--><A
--HREF="#SQLNAMEDQUERY"
-->&#13;SQLNamedQuery</A
-->&nbsp;--&nbsp;Specify a query and an identifier for SQLShowInfo and SQLLog</DT
--><DT
--><A
--HREF="#SQLNEGATIVECACHE"
-->&#13;			SQLNegativeCache</A
-->&nbsp;--&nbsp;Enable negative caching for SQL lookups</DT
--><DT
--><A
--HREF="#SQLRATIOS"
-->&#13;SQLRatios</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
--HREF="#SQLRATIOSTATS"
-->&#13;SQLRatioStats</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
--><DT
--><A
--HREF="#SQLSHOWINFO"
-->&#13;SQLShowInfo</A
-->&nbsp;--&nbsp;Create a message to be sent to the user after any successful command</DT
--><DT
--><A
--HREF="#SQLUSERINFO"
-->&#13;SQLUserInfo</A
-->&nbsp;--&nbsp;Configure the user table and fields that hold user information</DT
--><DT
--><A
--HREF="#SQLUSERWHERECLAUSE"
-->&#13;SQLUserWhereClause</A
-->&nbsp;--&nbsp;Configure a WHERE clause for every user query&#60;</DT
--><DT
--><A
- HREF="#STOREUNIQUEPREFIX"
- >&#13;StoreUniquePrefix</A
- >&nbsp;--&nbsp;Set the prefix to be added to uniquely generated filenames</DT
[email protected]@ -1186,7 +770,7 @@
- ><A
- HREF="#TLSPASSPHRASEPROVIDER"
- >&#13;TLSPassPhraseProvider</A
-->&nbsp;--&nbsp;FIXFIXFIX</DT
-+>&nbsp;--&nbsp;Configure external provider for key</DT
- ><DT
- ><A
- HREF="#TLSPROTOCOL"
[email protected]@ -1246,7 +830,7 @@
- ><A
- HREF="#UNSETENV"
- >&#13;UnsetEnv</A
-->&nbsp;--&nbsp;(docs incomplete)</DT
-+>&nbsp;--&nbsp;Unset environment variable</DT
- ><DT
- ><A
- HREF="#USEFTPUSERS"
[email protected]@ -1294,11 +878,6 @@
- >&nbsp;--&nbsp;Creates a hardcoded username/password pair</DT
- ><DT
- ><A
--HREF="#USERRATIO"
-->&#13;UserRatio</A
-->&nbsp;--&nbsp;Ratio directive</DT
--><DT
--><A
- HREF="#USESENDFILE"
- >&#13;UseSendfile</A
- >&nbsp;--&nbsp;Toggles use of sendfile() functionality</DT
[email protected]@ -1348,11 +927,6 @@
- >&nbsp;--&nbsp;Prevent information leak through timing attacks</DT
- ><DT
- ><A
--HREF="#MOD-LDAP"
-->&#13;			mod_ldap</A
-->&nbsp;--&nbsp;LDAP authentication support</DT
--><DT
--><A
- HREF="#MOD-LOG"
- >&#13;mod_log</A
- >&nbsp;--&nbsp;Logging support</DT
[email protected]@ -1363,31 +937,6 @@
- >&nbsp;--&nbsp;file listing functionality</DT
- ><DT
- ><A
--HREF="#MOD-RADIUS"
-->&#13;mod_radius</A
-->&nbsp;--&nbsp;RADIUS based authentication support</DT
--><DT
--><A
--HREF="#MOD-RATIO"
-->&#13;mod_ratio</A
-->&nbsp;--&nbsp;FIX ME FIX ME</DT
--><DT
--><A
--HREF="#MOD-README"
-->&#13;mod_readme</A
-->&nbsp;--&nbsp;"README" file support</DT
--><DT
--><A
--HREF="#AEN12975"
--></A
-->&nbsp;--&nbsp;</DT
--><DT
--><A
--HREF="#MOD-SQL"
-->&#13;mod_sql</A
-->&nbsp;--&nbsp;SQL support module</DT
--><DT
--><A
- HREF="#MOD-TLS"
- >&#13;mod_tls</A
- >&nbsp;--&nbsp;TLS/SSL support module</DT
[email protected]@ -1400,7 +949,7 @@
- ><A
- HREF="#MOD-XFER"
- >&#13;mod_xfer</A
-->&nbsp;--&nbsp;FIX ME FIX ME</DT
-+>&nbsp;--&nbsp;control transfer</DT
- ></DL
- ></DD
- ><DT
[email protected]@ -1465,26 +1014,6 @@
- ></DL
- ></DIV
- ><DIV
--CLASS="LOT"
--><DL
--CLASS="LOT"
--><DT
--><B
-->List of Examples</B
--></DT
--><DT
-->1-1. <A
--HREF="#EXAMPLE-USERMAP"
-->Example Usermap</A
--></DT
--><DT
-->1-2. <A
--HREF="#EXAMPLE-FIFONAMEDPIPE"
-->Example FIFO/Named Pipe 1:1 mapping</A
--></DT
--></DL
--></DIV
--><DIV
- CLASS="CHAPTER"
- ><HR><H1
- ><A
[email protected]@ -3216,113 +2745,6 @@
- ></DIV
- ><H1
- ><A
--NAME="ANONRATIO"
--></A
-->
--AnonRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN701"
--></A
--><H2
-->Name</H2
-->AnonRatio&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN704"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->AnonRatio</B
-->  [  <CODE
--CLASS="OPTION"
-->foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN731"
--></A
--><H2
-->Description</H2
--><P
-->The AnonRatio directive ....</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN734"
--></A
--><H2
-->See also</H2
--><P
-->AnonRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN737"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="ANONREJECTPASSWORDS"
- ></A
- >
[email protected]@ -4845,320 +4267,6 @@
- ></DIV
- ><H1
- ><A
--NAME="BYTERATIOERRMSG"
--></A
-->
--ByteRatioErrMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1336"
--></A
--><H2
-->Name</H2
-->ByteRatioErrMsg&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1339"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->ByteRatioErrMsg</B
-->  [  <CODE
--CLASS="OPTION"
-->foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1366"
--></A
--><H2
-->Description</H2
--><P
-->The ByteRatioErrMsg directive ....
--Example:
--ByteRatioErrMsg</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1369"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1372"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="CAPABILITIESENGINE"
--></A
-->
--CapabilitiesEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1383"
--></A
--><H2
-->Name</H2
-->CapabilitiesEngine&nbsp;--&nbsp;Enable/disable mod_cap</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1386"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->CapabilitiesEngine</B
-->  [  <CODE
--CLASS="OPTION"
-->on</CODE
-->
--  <CODE
--CLASS="OPTION"
-->off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->CapabilitiesEngine On, if running on a Linux hosts that supports capabilities</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;VirtualHost&gt;, &lt;Global&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_cap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.8rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1414"
--></A
--><H2
-->Description</H2
--><P
-->The CapabilitiesEngine directive enables or disables the module's
--  runtime capabilities engine. If set to off, this module does no runtime
--  capabilities processing at all. Use this directive to disable the
--  module.</P
--></DIV
--><H1
--><A
--NAME="CAPABILITIESSET"
--></A
-->
--CapabilitiesSet</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1425"
--></A
--><H2
-->Name</H2
-->CapabilitiesSet&nbsp;--&nbsp;Configure the set of Linux capabilities processed</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1428"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->CapabilitiesSet</B
-->  [  <CODE
--CLASS="OPTION"
-->[+/-]capability</CODE
-->...]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->CapabilitiesSet +CAP_CHOWN</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;VirtualHost&gt;, &lt;Global&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_cap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.8rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1455"
--></A
--><H2
-->Description</H2
--><P
-->By default, mod_cap removes all but two capabilities from the
--  session-handling process: CAP_NET_BIND_SERVICE, for binding to ports lower
--  than 1024 (required for active data transfers), and CAP_CHOWN, for
--  allowing a process to change a file's ownership to a different user. The
--  latter capability is only strictly necessary if the UserOwner
--  configuration directive is in use; if not being used, the CAP_CHOWN
--  capability is best removed. The CapabilitiesSet directive is used to
--  manipulate the set of capabilities that mod_cap grants.</P
--><P
-->To remove a capability, prefix the name with a '-'; to enable a
--  capability, use '+'. At present, this directive only supports one
--  capability: CAP_CHOWN.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1459"
--></A
--><H2
-->Example</H2
--><P
-->  &lt;IfModule mod_cap.c&gt;
--    CapabilitiesEngine on
--    CapabilitiesSet -CAP_CHOWN
--  &lt;/IfModule&gt;</P
--></DIV
--><H1
--><A
- NAME="CDPATH"
- ></A
- >
[email protected]@ -5781,115 +4889,6 @@
- ></DIV
- ><H1
- ><A
--NAME="CWDRATIOMSG"
--></A
-->
--CwdRatioMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN1720"
--></A
--><H2
-->Name</H2
-->CwdRatioMsg&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN1723"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->CwdRatioMsg</B
-->  [  <CODE
--CLASS="OPTION"
-->foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1750"
--></A
--><H2
-->Description</H2
--><P
-->The CwdRatioMsg directive ....
--Example:
--CwdRatioMsg</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1753"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN1756"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="DEBUGLEVEL"
- ></A
- >
[email protected]@ -9452,128 +8451,6 @@
- ></DIV
- ><H1
- ><A
--NAME="DISPLAYREADME"
--></A
-->
--DisplayReadme</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3148"
--></A
--><H2
-->Name</H2
-->DisplayReadme&nbsp;--&nbsp;Enable display of file modification times on a file pattern</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3151"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->DisplayReadme</B
-->  [  <CODE
--CLASS="OPTION"
-->DisplayReadme filename or pattern</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Global&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_readme</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0pre8 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3178"
--></A
--><H2
-->Description</H2
--><P
-->Module: mod_readme
--The DisplayReadme directive notifies the user of the last change date of the 
--specified file or pattern. Only a single DisplayReadme directive is allowed per configuration 
--scope. 
--DisplayReadme README
--Will result in:
--Please read the file README it was last modified on Sun Oct 17 10:36:14 
--1999 - 0 days ago 
--Being displayed to the user on a cwd. 
--DisplayReadmePattern README*
--Will result in:
--Please read the file README
--it was last modified on Tue Jan 25 04:47:48 2000 - 0 days ago
--Please read the file README.first
--it was last modified on Tue Jan 25 04:48:04 2000 - 0 days ago
--Being displayed to the user on a cwd. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3181"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3184"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="EXTENDEDLOG"
- ></A
- >
[email protected]@ -9733,115 +8610,6 @@
- ></DIV
- ><H1
- ><A
--NAME="FILERATIOERRMSG"
--></A
-->
--FileRatioErrMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3249"
--></A
--><H2
-->Name</H2
-->FileRatioErrMsg&nbsp;--&nbsp;(docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3252"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->FileRatioErrMsg</B
-->  [  <CODE
--CLASS="OPTION"
-->FileRatioErrMsg foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3279"
--></A
--><H2
-->Description</H2
--><P
-->The FileRatioErrMsg directive ....
--Example:
--FileRatioErrMsg</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3282"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3285"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="GLOBAL"
- ></A
- >
[email protected]@ -10297,115 +9065,6 @@
- ></DIV
- ><H1
- ><A
--NAME="GROUPRATIO"
--></A
-->
--GroupRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3486"
--></A
--><H2
-->Name</H2
-->GroupRatio&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3489"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->GroupRatio</B
-->  [  <CODE
--CLASS="OPTION"
-->GroupRatio foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3516"
--></A
--><H2
-->Description</H2
--><P
-->The GroupRatio directive ....
--Example:
--GroupRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3519"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3522"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="HIDDENSTOR"
- ></A
- >
[email protected]@ -11103,115 +9762,6 @@
- ></DIV
- ><H1
- ><A
--NAME="HOSTRATIO"
--></A
-->
--HostRatio</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN3817"
--></A
--><H2
-->Name</H2
-->HostRatio&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN3820"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->HostRatio</B
-->  [  <CODE
--CLASS="OPTION"
-->HostRatio foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3847"
--></A
--><H2
-->Description</H2
--><P
-->The HostRatio directive ....
--Example:
--HostRatio</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3850"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN3853"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="IDENTLOOKUPS"
- ></A
- >
[email protected]@ -11255,7 +9805,7 @@
+--- a/doc/Configuration.html
++++ b/doc/Configuration.html
[email protected]@ -10805,7 +10805,7 @@ CLASS="SYNOPSIS"
  ></DT
  ><DD
  ><P
@@ -1661,10629 +9,4 @@
  ></DD
  ><DT
  ><PRE
[email protected]@ -11818,3747 +10368,6 @@
- ></DIV
- ><H1
- ><A
--NAME="LDAPALIASDEREFERENCE"
--></A
-->
--    LDAPAliasDereference</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4111"
--></A
--><H2
-->Name</H2
-->LDAPAliasDereference&nbsp;--&nbsp;Specify how LDAP alias dereferencing is done</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4114"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPAliasDereference</B
-->  [      <CODE
--CLASS="OPTION"
-->never</CODE
-->
--      <CODE
--CLASS="OPTION"
-->find</CODE
-->
--      <CODE
--CLASS="OPTION"
-->search</CODE
-->
--      <CODE
--CLASS="OPTION"
-->always</CODE
-->
--    ]</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4122"
--></A
--><H2
--></H2
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->LDAPAliasDereference never</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->2.8.16 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4145"
--></A
--><H2
-->Description</H2
--><P
-->Should be one of never, always, search, or find to specify that
--  aliases are never dereferenced, always dereferenced, dereferenced when
--  searching, or dereferenced only when locating the base object for the
--  search.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4148"
--></A
--><H2
-->Examples</H2
--><P
-->LDAPAliasDereference always</P
--></DIV
--><H1
--><A
--NAME="LDAPATTR"
--></A
-->
--LDAPAttr</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4159"
--></A
--><H2
-->Name</H2
-->LDAPAttr&nbsp;--&nbsp;Map LDAP Attributes to something non standard</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4162"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPAttr</B
-->  [  <CODE
--CLASS="OPTION"
-->uid</CODE
-->
--  <CODE
--CLASS="OPTION"
-->uidNumber</CODE
-->
--  <CODE
--CLASS="OPTION"
-->gidNumber</CODE
-->
--  <CODE
--CLASS="OPTION"
-->homeDirectory</CODE
-->
--  <CODE
--CLASS="OPTION"
-->userPassword</CODE
-->
--  <CODE
--CLASS="OPTION"
-->loginShell</CODE
-->
--  <CODE
--CLASS="OPTION"
-->cn</CODE
-->
--  <CODE
--CLASS="OPTION"
-->memberUid</CODE
-->
--  <CODE
--CLASS="OPTION"
-->ftpQuota</CODE
-->] [  <CODE
--CLASS="OPTION"
-->"NewAttribute"</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
--></P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->2.8.13 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4199"
--></A
--><H2
-->Description</H2
--><P
-->FIXMEFIXMEFIXME</P
--><P
-->This dicrective has to be set before any of the LDAPDo* directives.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4203"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4206"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->FIXFIXFIX</P
--><P
-->FIXFIX</P
--></DIV
--><H1
--><A
--NAME="LDAPAUTHBINDS"
--></A
-->
--			LDAPAuthBinds</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4218"
--></A
--><H2
-->Name</H2
-->LDAPAuthBinds&nbsp;--&nbsp;(docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4221"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPAuthBinds</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
-->(docs incomplete)</B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPAuthBinds off in mod_ldap &#60;= 2.7.6,
--				LDAPAuthBinds on in mod_ldap &#62;= 2.8
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.5 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4249"
--></A
--><H2
-->Description</H2
--><P
-->By default, the DN specified by LDAPDNInfo will be used to
--		bind to the LDAP server to obtain user information, including the
--		userPassword attribute. If LDAPAuthBinds is set to on, the DN
--		specified by LDAPDNInfo will be used to fetch all user information
--		except the userPassword attribute. Then, mod_ldap will bind to the
--		LDAP server as the user who is logging in via FTP with the
--		user-supplied password. If this bind succeeds, the user is
--		considered authenticated and is allowed to log in. This method of
--		LDAP authentication has the added benefit of supporting any password
--		encryption scheme that your LDAP server supports.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4252"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4255"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDEFAULTAUTHSCHEME"
--></A
-->
--			LDAPDefaultAuthScheme</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4266"
--></A
--><H2
-->Name</H2
-->LDAPDefaultAuthScheme&nbsp;--&nbsp;			Set the authentication scheme/hash that is used when no leading
--			{hashname} is present.
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4269"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDefaultAuthScheme</B
-->  [				<CODE
--CLASS="OPTION"
-->crypt</CODE
-->
--				<CODE
--CLASS="OPTION"
-->clear</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPDefaultAuthScheme "crypt"
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4297"
--></A
--><H2
-->Description</H2
--><P
-->Specifies the authentication scheme used for passwords with no
--		{prefix} in the LDAP database. For example, if you are using
--		something like userPassword: mypass in your LDAP database, you would
--		want to set LDAPDefaultAuthScheme to clear.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4300"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4303"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDEFAULTGID"
--></A
-->
--			LDAPDefaultGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4314"
--></A
--><H2
-->Name</H2
-->LDAPDefaultGID&nbsp;--&nbsp;			Set the default GID to be assigned to users when no uidNumber
--			attribute is found.
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4317"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDefaultGID</B
-->  [				<CODE
--CLASS="OPTION"
-->default-gid</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				None
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4344"
--></A
--><H2
-->Description</H2
--><P
-->This directive is useful primarily in virtual-user
--		environments common in large-scale ISPs and hosting organizations.
--		If a user does not have a LDAP gidNumber attribute, the
--		LDAPDefaultGID is used. This allows one to have a large number of
--		users in an LDAP database without gidNumber attributes; setting this
--		configuration directive will automatically assign those users a
--		single GID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4347"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4350"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDEFAULTUID"
--></A
-->
--			LDAPDefaultUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4361"
--></A
--><H2
-->Name</H2
-->LDAPDefaultUID&nbsp;--&nbsp;			Set the default UID to be assigned to users when no uidNumber
--			attribute is found.
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4364"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDefaultUID</B
-->  [				<CODE
--CLASS="OPTION"
-->default-uid</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				None
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4391"
--></A
--><H2
-->Description</H2
--><P
-->This directive is useful primarily in virtual-user
--		environments common in large-scale ISPs and hosting organizations.
--		If a user does not have a LDAP uidNumber attribute, the
--		LDAPDefaultUID is used. This allows one to have a large number of
--		users in an LDAP database without uidNumber attributes; setting this
--		configuration directive will automatically assign those users a
--		single UID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4394"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4397"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDNINFO"
--></A
-->
--			LDAPDNInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4408"
--></A
--><H2
-->Name</H2
-->LDAPDNInfo&nbsp;--&nbsp;Set DN information to be used for initial bind</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4411"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDNInfo</B
-->  [				<CODE
--CLASS="OPTION"
-->LDAPDNInfo "ldap-dn" "dn-password"</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPDNInfo "" "" (anonymous bind)
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->			mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4438"
--></A
--><H2
-->Description</H2
--><P
-->This directive specifies the LDAP DN and password to use when
--		binding to the LDAP server. If this configuration directive is not
--		specified, anonymous binds are used.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4441"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4444"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOAUTH"
--></A
-->
--			LDAPDoAuth</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4455"
--></A
--><H2
-->Name</H2
-->LDAPDoAuth&nbsp;--&nbsp;Enable LDAP authentication</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4458"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoAuth</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"auth-base-dn"</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"search-filter-template"</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPDoAuth off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4490"
--></A
--><H2
-->Description</H2
--><P
-->This configuration directive activates LDAP authentication.
--		The second argument to this directive is the LDAP base DN to use for
--		authentication.  The third argument is a template to be used for the
--		search filter; %v will be replaced with the username that is being
--		authenticated.
--		 By default, the search filter template
--		"(&amp;(uid=%v)(objectclass=posixAccount))" is used.
--		The uid for the the search filter is taken from the
--		<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
--> directive.
--		Search filter
--		templates are only supported in mod_ldap v2.7 and later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4494"
--></A
--><H2
-->See also</H2
--><P
-->			<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
--		</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4498"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOGIDLOOKUPS"
--></A
-->
--			LDAPDoGIDLookups</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4509"
--></A
--><H2
-->Name</H2
-->LDAPDoGIDLookups&nbsp;--&nbsp;			Enable LDAP lookups for user group membership and GIDs in
--			directory listings
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4512"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoGIDLookups</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"gid-base-dn"</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"cn-filter-template"</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"gid-number-filter-template"</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"member-uid-filter-template"</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPDoGIDLookups off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4548"
--></A
--><H2
-->Description</H2
--><P
-->This configuration directive activates LDAP GID-to-name
--		lookups in directory listings. The second argument to this directive
--		is the LDAP base DN to use for GID-to-name lookups. The third
--		through fifth arguments are templates to be used for the search
--		filter; %v will be replaced with the GID that is being looked
--		up.</P
--><P
-->By default, the search filter templates look like this:</P
--><P
-->		cn_filter:        "(cn=%v)(objectclass=posixGroup))",
--		gidnumber_filter: "(gidNumber=%v)(objectclass=posixGroup))",
--		memberuid_filter: "(memberUid=%v)(objectclass=posixGroup))".
--		</P
--><P
-->The attribute names used in the default search filters are
--		taken from the <A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
--		directive.</P
--><P
-->Filter templates are only supported in mod_ldap v2.8.3 and
--		later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4556"
--></A
--><H2
-->See also</H2
--><P
-->			<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
--		</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4560"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOQUOTALOOKUPS"
--></A
-->
--			LDAPDoQuotaLookups</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4571"
--></A
--><H2
-->Name</H2
-->LDAPDoQuotaLookups&nbsp;--&nbsp;Enable LDAP quota limit support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4574"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoQuotaLookups</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"base-dn"</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"quota-filter-template"</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->"default-quota"</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPDoQuotaLookups off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8.12 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4608"
--></A
--><H2
-->Description</H2
--><P
-->This configuration directive activates LDAP quota lookups. 
--		The second argument to this directive is the LDAP base DN to use for
--		quota limit search.  The third argument is a template to be used for
--		the search filter; %v will be replaced with the username that is
--		being authenticated. By default, the search filter template
--		"(&amp;(LDAPAttr_uid=%v)(objectclass=posixAccount))" is used.
--		
--		The uid for the the search filter is taken from the
--		<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
--> directive	
--		Search filter
--		templates are only supported in mod_ldap v2.7 and later.</P
--><P
-->If specified, the <CODE
--CLASS="OPTION"
-->default-quota<CODE
--CLASS="OPTION"
--> argument
--		specifies the quota limits to use if a user does not have a ftpQuota
--		attribute. This argument is formatted the same way as the ftpQuota
--		LDAP attribute.</CODE
--></CODE
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4615"
--></A
--><H2
-->See also</H2
--><P
-->			<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
--		</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4619"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPDOUIDLOOKUPS"
--></A
-->
--      LDAPDoUIDLookups</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4630"
--></A
--><H2
-->Name</H2
-->LDAPDoUIDLookups&nbsp;--&nbsp;      Enable LDAP lookups for UIDs in directory listings
--    </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4633"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPDoUIDLookups</B
-->  [        <CODE
--CLASS="OPTION"
-->on</CODE
-->
--        <CODE
--CLASS="OPTION"
-->off</CODE
-->
--      ] [        <CODE
--CLASS="OPTION"
-->"uid-base-dn"</CODE
-->
--      ] [        <CODE
--CLASS="OPTION"
-->"uid-filter-template"</CODE
-->
--      ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->        LDAPDoUIDLookups off
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->        server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->        mod_ldap v2.0 and later
--      </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4665"
--></A
--><H2
-->Description</H2
--><P
-->	This configuration directive activates LDAP UID-to-name
--	lookups in directory listings. The second argument to this directive
--	is the LDAP base DN to use for UID-to-name lookups. The third
--	argument is a template to be used for the search filter; %v will be
--	replaced with the UID that is being looked up. By default, the
--	search filter template
--	"(&amp;(LDAPAttr_uidNumber=%v)(objectclass=posixAccount))" is used.
--	The uid for the the search filter is taken from the
--	<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
--> directive
--	Search
--	filter templates are only supported in mod_ldap v2.7 and
--	later.
--	</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4669"
--></A
--><H2
-->See also</H2
--><P
-->		<A
--HREF="#LDAPATTR"
-->LDAPAttr</A
-->
--	</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4673"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEDEFAULTGID"
--></A
-->
--			LDAPForceDefaultGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4684"
--></A
--><H2
-->Name</H2
-->LDAPForceDefaultGID&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same GID.</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4687"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPForceDefaultGID</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPForceDefaultGID off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4715"
--></A
--><H2
-->Description</H2
--><P
-->Even when a <A
--HREF="#LDAPDEFAULTGID"
-->LDAPDefaultGID</A
-->
--		is configured, mod_ldap will allow individual users to have
--		gidNumber attributes that will override this default GID. With
--		LDAPForceDefaultGID enabled, all LDAP-authenticated users are given
--		the default GID; GIDs may not be overridden by gidNumber
--		attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4719"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4722"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEDEFAULTUID"
--></A
-->
--			LDAPForceDefaultUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4733"
--></A
--><H2
-->Name</H2
-->LDAPForceDefaultUID&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same UID.</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4736"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPForceDefaultUID</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPForceDefaultUID off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4764"
--></A
--><H2
-->Description</H2
--><P
-->Even when a <A
--HREF="#LDAPDEFAULTUID"
-->LDAPDefaultUID</A
-->
--		is configured, mod_ldap will allow individual users to have
--		uidNumber attributes that will override this default UID. With
--		LDAPForceDefaultUID enabled, all LDAP-authenticated users are given
--		the default UID; UIDs may not be overridden by uidNumber
--		attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4768"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4771"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEGENERATEDHOMEDIR"
--></A
-->
--      LDAPForceGeneratedHomedir</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4782"
--></A
--><H2
-->Name</H2
-->LDAPForceGeneratedHomedir&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
--      prefix/suffix.
--    </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4785"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPForceGeneratedHomedir</B
-->  [        <CODE
--CLASS="OPTION"
-->on</CODE
-->
--        <CODE
--CLASS="OPTION"
-->off</CODE
-->
--      ] [        <CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
--      ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->        LDAPForceGeneratedHomedir off
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->        server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->        mod_ldap v2.8.13 and later
--      </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4815"
--></A
--><H2
-->Description</H2
--><P
-->Even when a
--    <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
--    is configured, mod_ldap will allow individual users to have
--    homeDirectory attributes that will override the default. With
--    LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given
--    the default prefix and/or suffix; homedirs may not be overridden by LDAP
--    homeDirectory attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4819"
--></A
--><H2
-->See also</H2
--><P
-->	<A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
--	<A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
--	<A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
--   </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4825"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPFORCEHOMEDIRONDEMAND"
--></A
-->
--      LDAPForceHomedirOnDemand</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4836"
--></A
--><H2
-->Name</H2
-->LDAPForceHomedirOnDemand&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
--      prefix/suffix. [deprecated]
--    </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4839"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPForceHomedirOnDemand</B
-->  [        <CODE
--CLASS="OPTION"
-->on</CODE
-->
--        <CODE
--CLASS="OPTION"
-->off</CODE
-->
--      ] [        <CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
--      ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->        LDAPForceHomedirOnDemand off
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->        server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--      </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->        mod_ldap v2.8.11 and later
--      </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4869"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
--	  Please take a look at LDAPForceGenerateHomedir
--    </P
--><P
-->Even when a
--    <A
--HREF="#LDAPHOMEDIRONDEMANDPREFIX"
-->LDAPHomeDironDemandPrefix</A
-->
--    is configured, mod_ldap will allow individual users to have
--    homeDirectory attributes that will override the default. With
--    LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given
--    the default prefix and/or suffix; homedirs may not be overridden by LDAP
--    homeDirectory attributes.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4875"
--></A
--><H2
-->See also</H2
--><P
-->LDAPForceGenerateHomedir</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4879"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPGENERATEHOMEDIR"
--></A
-->
--			LDAPGenerateHomedir</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4890"
--></A
--><H2
-->Name</H2
-->LDAPGenerateHomedir&nbsp;--&nbsp;			Enable the creation of user home directories on demand
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4893"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPGenerateHomedir</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPGenerateHomedir off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8.13 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4923"
--></A
--><H2
-->Description</H2
--><P
-->LDAPGenerateHomedir activates on-demand home directory creation.
--		If a user logs in and does not yet have a home directory, a home
--		directory is created automatically.</P
--><P
-->In mod_ldap &#60;= 2.7.6, the home directory will be owned by the
--		same user and group that ProFTPD runs as (see the User and Group
--		configuration directives). mod_ldap &#62;= 2.8 can create home
--		directories for users with any UID/GID, not just those with the same
--		UID/GID as the main ProFTPD server.</P
--><P
-->The second argument allows you to specify the mode (default
--		permissions) to use when creating home directories on demand,
--		subject to ProFTPD's umask (see the Umask directive). If no
--		directory mode is specified, the default of 0755 is used. Directory
--		mode setting is only supported in mod_ldap v2.7 or later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4928"
--></A
--><H2
-->See also</H2
--><P
-->		<A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
--		<A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
--		<A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
--		</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4934"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
-->%<H1
--><A
--NAME="LDAPGENERATEHOMEDIRPREFIX"
--></A
-->
--			LDAPGenerateHomedirPrefix</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4945"
--></A
--><H2
-->Name</H2
-->LDAPGenerateHomedirPrefix&nbsp;--&nbsp;			Enable the creation of user home directories on demand
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN4948"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPGenerateHomedirPrefix</B
-->  [				<CODE
--CLASS="OPTION"
-->leading-path</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPGenerateHomedirPrefix off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8.13 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4975"
--></A
--><H2
-->Description</H2
--><P
-->LDAPGenerateHomedirPrefix enables a prefix to be specified for
--		on-demand home directory creation. This is most useful if mod_ldap
--		is being used to authenticate against an LDAP directory that does
--		not return a homeDirectory attribute, either because it cannot
--		(Microsoft Active Directory, for example) or because you do not wish
--		to extend your existing directory schema.</P
--><P
-->For example, setting this directive to "/home" and logging in
--		as the user "joe" would result in his home directory being created
--		as "/home/joe". The directory will be created with the mode
--		specified in <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->.  To use
--		this directive, <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
--> must be
--		enabled.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4981"
--></A
--><H2
-->See also</H2
--><P
-->		<A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
--		<A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
--		<A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
--		</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN4987"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
--></A
-->
--LDAPGenerateHomedirPrefixNoUsername</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN4998"
--></A
--><H2
-->Name</H2
-->LDAPGenerateHomedirPrefixNoUsername&nbsp;--&nbsp;(docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5001"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPGenerateHomedirPrefixNoUsername</B
-->  [  <CODE
--CLASS="OPTION"
-->on</CODE
-->
--  <CODE
--CLASS="OPTION"
-->off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->(docs incomplete)</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;, .ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->mod_ldap 2.8.13 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5029"
--></A
--><H2
-->Description</H2
--><P
-->(docs incomplete)</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5032"
--></A
--><H2
-->See also</H2
--><P
-->		<A
--HREF="#LDAPFORCEGENERATEDHOMEDIR"
-->LDAPForceGeneratedHomedir</A
-->
--		<A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
--		<A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMAND"
--></A
-->
--			LDAPHomedirOnDemand</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5046"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemand&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5049"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemand</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			] [				<CODE
--CLASS="OPTION"
-->directory-mode</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPHomedirOnDemand off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5079"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
--	  	Please take a look at <A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
-->
--		</P
--><P
-->LDAPHomedirOnDemand activates on-demand home directory creation.
--		If a user logs in and does not yet have a home directory, a home
--		directory is created automatically.</P
--><P
-->In mod_ldap &#60;= 2.7.6, the home directory will be owned by the
--		same user and group that ProFTPD runs as (see the User and Group
--		configuration directives). mod_ldap &#62;= 2.8 can create home
--		directories for users with any UID/GID, not just those with the same
--		UID/GID as the main ProFTPD server.</P
--><P
-->The second argument allows you to specify the mode (default
--		permissions) to use when creating home directories on demand,
--		subject to ProFTPD's umask (see the Umask directive). If no
--		directory mode is specified, the default of 0755 is used. Directory
--		mode setting is only supported in mod_ldap v2.7 or later.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5086"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#LDAPGENERATEHOMEDIR"
-->LDAPGenerateHomedir</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5090"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMANDPREFIX"
--></A
-->
--			LDAPHomedirOnDemandPrefix</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5101"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemandPrefix&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5104"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemandPrefix</B
-->  [				<CODE
--CLASS="OPTION"
-->leading-path</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPHomedirOnDemandPrefix off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5131"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
--	  	Please take a look at <A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
--		</P
--><P
-->LDAPHomedirOnDemandPrefix enables a prefix to be specified for
--		on-demand home directory creation. This is most useful if mod_ldap
--		is being used to authenticate against an LDAP directory that does
--		not return a homeDirectory attribute, either because it cannot
--		(Microsoft Active Directory, for example) or because you do not wish
--		to extend your existing directory schema.</P
--><P
-->For example, setting this directive to "/home" and logging in
--		as the user "joe" would result in his home directory being created
--		as "/home/joe". The directory will be created with the mode
--		specified in <A
--HREF="#LDAPHOMEDIRONDEMAND"
-->LDAPHomedirOnDemand</A
-->.  To use
--		this directive, <A
--HREF="#LDAPHOMEDIRONDEMAND"
-->LDAPHomedirOnDemand</A
--> must be
--		enabled.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5139"
--></A
--><H2
-->See also</H2
--><P
-->		<A
--HREF="#LDAPGENERATEHOMEDIRPREFIX"
-->LDAPGenerateHomedirPrefix</A
-->
--		</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5143"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
--></A
-->
--LDAPHomedirOnDemandPrefixNoUsername</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5154"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemandPrefixNoUsername&nbsp;--&nbsp;(docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5157"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemandPrefixNoUsername</B
-->  [  <CODE
--CLASS="OPTION"
-->"name" limit|regex|ip value</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->(docs incomplete)</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;, .ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5184"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with mod_ldap v2.8.13.
--	Please take a look at <A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
-->
--	</P
--><P
-->(docs incomplete)</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5189"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
-->LDAPGenerateHomedirPrefixNoUsername</A
--></P
--></DIV
--><H1
--><A
--NAME="LDAPHOMEDIRONDEMANDSUFFIX"
--></A
-->
--			LDAPHomedirOnDemandSuffix</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5201"
--></A
--><H2
-->Name</H2
-->LDAPHomedirOnDemandSuffix&nbsp;--&nbsp;			Specify an additional directory to be created inside a user's
--			home directory on demand. [deprecated]
--		</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5204"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPHomedirOnDemandSuffix</B
-->  [				<CODE
--CLASS="OPTION"
-->additional-directory1</CODE
-->
--				<CODE
--CLASS="OPTION"
-->additional-directory2</CODE
-->
--				<CODE
--CLASS="OPTION"
-->additional-directory3</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPHomedirOnDemandSuffix ""
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.6 and later.
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5233"
--></A
--><H2
-->Description</H2
--><P
-->		This directive is deprecated and was removed from mod_ldap v2.8.13.
--		It has no replacement option.
--		</P
--><P
-->to be created within a user's home directory when it is
--		created on demand. For example, if a user's home directory is
--		"/home/user", setting this configuration directive to "public_html"
--		will also create "/home/user/public_html" on demand. In mod_ldap
--		v2.7.6 and earlier, you must also activate LDAPHomedirOnDemand in
--		your configuration.</P
--><P
-->mod_ldap &#62;= 2.8 supports multiple suffix arguments and does
--		not require LDAPHomedirOnDemand to be enabled.</P
--><P
-->mod_ldap &#62;= 2.8.11 supports additional mode information;
--		you can add ":octal-mode" to a directory argument to have it created
--		with that mode. For example,
--		LDAPHomedirOnDemandSuffix foo:700 will create the
--		suffix directory foo with the mode 700.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5239"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5242"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPNEGATIVECACHE"
--></A
-->
--			LDAPNegativeCache</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5253"
--></A
--><H2
-->Name</H2
-->LDAPNegativeCache&nbsp;--&nbsp;Enable negative caching for LDAP lookups</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5256"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPNegativeCache</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPNegativeCache off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v1.1 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5284"
--></A
--><H2
-->Description</H2
--><P
-->LDAPNegativeCache specifies whether or not to cache negative
--		responses from the LDAP server when using LDAP for UID/GID lookups.
--		This option is useful if you also use/are in transition from another
--		authentication system; if there are many users in your old
--		authentication system that aren't in the LDAP database, there can be
--		a significant delay when a directory listing is performed as the
--		UIDs not in the LDAP database are repeatedly looked up in an attempt
--		to present usernames instead of UIDs in directory listings. With
--		LDAPNegativeCache set to on, negative ("not found") responses from
--		the LDAP server will be cached and speed will improve on directory
--		listings that contain many users not present in the LDAP
--		database.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5287"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5290"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPPROTOCOLVERSION"
--></A
-->
--LDAPProtocolVersion</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5301"
--></A
--><H2
-->Name</H2
-->LDAPProtocolVersion&nbsp;--&nbsp;Set the LDAP protocol version</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5304"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPProtocolVersion</B
-->  [  <CODE
--CLASS="OPTION"
-->2 | 3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->3</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->2.8.13 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5331"
--></A
--><H2
-->Description</H2
--><P
-->FIX FIX FIX</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5334"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5337"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->FIXFIXFIX</P
--><P
-->FIXFIX</P
--></DIV
--><H1
--><A
--NAME="LDAPQUERYTIMEOUT"
--></A
-->
--			LDAPQueryTimeout</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5349"
--></A
--><H2
-->Name</H2
-->LDAPQueryTimeout&nbsp;--&nbsp;Set a timeout for LDAP queries</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5352"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPQueryTimeout</B
-->  [				<CODE
--CLASS="OPTION"
-->timeout-seconds</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPQueryTimeout default-api-timeout
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5379"
--></A
--><H2
-->Description</H2
--><P
-->Sets the timeout used for LDAP directory queries. The default
--		is the default timeout used by your LDAP API.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5382"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5385"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPSEARCHSCOPE"
--></A
-->
--			LDAPSearchScope</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5396"
--></A
--><H2
-->Name</H2
-->LDAPSearchScope&nbsp;--&nbsp;Specify the search scope used in LDAP queries</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5399"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPSearchScope</B
-->  [				<CODE
--CLASS="OPTION"
-->onelevel</CODE
-->
--				<CODE
--CLASS="OPTION"
-->subtree</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPSearchScope subtree
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.6 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5427"
--></A
--><H2
-->Description</H2
--><P
-->Set the scope used for LDAP searches. The default setting,
--		subtree, searches for all entries in the tree from the current level
--		down. Setting this directive to onelevel searches only one level
--		deep in the LDAP tree.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5430"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5433"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPSERVER"
--></A
-->
--			LDAPServer</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5444"
--></A
--><H2
-->Name</H2
-->LDAPServer&nbsp;--&nbsp;Specify the LDAP server to use for lookups</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5447"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LDAPServer</B
-->  [				<CODE
--CLASS="OPTION"
-->"hostname1:port1 hostname2:port2"</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPServer "localhost"
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v1.0 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5474"
--></A
--><H2
-->Description</H2
--><P
-->LDAPServer allows you to to specify the hostname(s) and
--		port(s) of the LDAP server(s) to use for LDAP authentication. If no
--		LDAPServer configuration directive is present, the default LDAP
--		servers specified by your LDAP API will be used.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5477"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5480"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LDAPUSETLS"
--></A
-->
--			LDAPUseTLS</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5491"
--></A
--><H2
-->Name</H2
-->LDAPUseTLS&nbsp;--&nbsp;Enable TLS/SSL connections to the LDAP server.</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5494"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Syntax: LDAPUseTLS</B
-->  [				<CODE
--CLASS="OPTION"
-->on</CODE
-->
--				<CODE
--CLASS="OPTION"
-->off</CODE
-->
--			]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->				LDAPUseTLS off
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ldap
--			</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->				mod_ldap v2.8 and later
--			</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5522"
--></A
--><H2
-->Description</H2
--><P
-->By default, mod_ldap connects to the LDAP server via a
--		non-encrypted connection. Enabling this option causes mod_ldap to
--		use an encrypted (TLS/SSL) connection to the LDAP server. If a
--		secure connection to the LDAP server fails, mod_ldap will not
--		authenticate users (mod_ldap will *not* fall back to an unsecure
--		connection).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5525"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5528"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="LEECHRATIOMSG"
--></A
-->
--LeechRatioMsg</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN5539"
--></A
--><H2
-->Name</H2
-->LeechRatioMsg&nbsp;--&nbsp;Sets the 'over ratio' error message</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN5542"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->LeechRatioMsg</B
-->  [  <CODE
--CLASS="OPTION"
-->LeechRatioMsg foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5569"
--></A
--><H2
-->Description</H2
--><P
-->The LeechRatioMsg directive defines the response message sent
--back to the client upon breaking their quota limits.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5572"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN5575"
--></A
--><H2
-->Examples</H2
--><PRE
--CLASS="PROGRAMLISTING"
-->LeechRatioMsg "please upload as well as download"</PRE
--><P
--></P
--></DIV
--><H1
--><A
- NAME="LIMIT"
- ></A
- >
[email protected]@ -18584,967 +13393,6 @@
- ></DIV
- ><H1
- ><A
--NAME="RADIUSACCTSERVER"
--></A
-->
--RadiusAcctServer</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6758"
--></A
--><H2
-->Name</H2
-->RadiusAcctServer&nbsp;--&nbsp;Setup RADIUS accounting details</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6761"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusAcctServer</B
-->  [  <CODE
--CLASS="OPTION"
-->server[:port] shared-secret [timeout]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6788"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P
--><P
-->Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P
--><P
-->If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6793"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#RADIUSAUTHSERVER"
-->RadiusAuthServer</A
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSAUTHSERVER"
--></A
-->
--RadiusAuthServer</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6805"
--></A
--><H2
-->Name</H2
-->RadiusAuthServer&nbsp;--&nbsp;Setup RADIUS authenticator details</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6808"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusAuthServer</B
-->  [  <CODE
--CLASS="OPTION"
-->server[:port] shared-secret [timeout]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6835"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P
--><P
-->Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P
--><P
-->If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6840"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#RADIUSAUTHSERVER"
-->RadiusAuthServer</A
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSENGINE"
--></A
-->
--RadiusEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6852"
--></A
--><H2
-->Name</H2
-->RadiusEngine&nbsp;--&nbsp;Enable RADIUS support</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6855"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusEngine</B
-->  [  <CODE
--CLASS="OPTION"
-->on|off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6882"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusEngine directive enables or disables the module's runtime RADIUS engine. If it is set to off this module does no RADIUS authentication or accounting at all. Use this directive to disable the module instead of commenting out all mod_radius directives. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6885"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSLOG"
--></A
-->
--RadiusLog</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6896"
--></A
--><H2
-->Name</H2
-->RadiusLog&nbsp;--&nbsp;Specify the logfile for reporting / debugging</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6899"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusLog</B
-->  [  <CODE
--CLASS="OPTION"
-->"file"|none</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6926"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusLog directive is used to a specify a log file for mod_radius
--reporting and debugging, and can be done a per-server basis. The file
--parameter must be the full path to the file to use for logging. Note
--that this path must not be to a world-writeable directory and, unless
--AllowLogSymlinks is explicitly set to on (generally a bad idea), the
--path must not be a symbolic link.</P
--><P
-->If file is "none", no logging will be done at all; this setting can be
--used to override a RadiusLog setting inherited from a &lt;Global&gt; context.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6930"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RADIUSREALM"
--></A
-->
--RadiusRealm</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6941"
--></A
--><H2
-->Name</H2
-->RadiusRealm&nbsp;--&nbsp;Setup the authentication realm</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6944"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusRealm</B
-->  [  <CODE
--CLASS="OPTION"
-->realm</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6971"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusRealm directive configures a realm string that will be added to the username in the constructed RADIUS packets.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6974"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN6977"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;RadiusRealm&nbsp;.castaglia.org</P
--></DIV
--><H1
--><A
--NAME="RADIUSUSERINFO"
--></A
-->
--RadiusUserInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN6988"
--></A
--><H2
-->Name</H2
-->RadiusUserInfo&nbsp;--&nbsp;Configure login information via RADIUS</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN6991"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RadiusUserInfo</B
-->  [  <CODE
--CLASS="OPTION"
-->uid gid home shell [suppl-group-names suppl-group-ids]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_radius</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.7rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7018"
--></A
--><H2
-->Description</H2
--><P
-->The RadiusUserInfo directive is used to configure login information used for every user authenticated via RADIUS. The optional suppl-group-names and suppl-group-ids parameters are used to specify supplemental group membership for each user; the number of names and IDs must match if these parameters are used.</P
--><P
-->In order to support RADIUS servers that may use custom attributes in their Access-Accept response packets to supply user information back to the RADIUS client (mod_radius in this case), this directive allows the following syntax for some of its parameters:</P
--><P
-->&#13;<P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;$(attribute-id:default-value)</P
-->&#13;</P
--><P
-->where the enclosing $() signals that the parameter is to be supplied by
--the RADIUS server, attribute-id is the custom attribute ID for which to
--search in the response packet, and default-value is the value to use in
--case the requested attribute is not present in the response packet. This
--syntax is not supported for the suppl-group-names or suppl-group-ids
--parameters.</P
--><P
-->If RadiusUserInfo is not used, mod_radius will perform pure "yes/no"
--authentication only, in the style of PAM. The information that would
--have been configured via this directive will be pulled from other sources
--(e.g. /etc/passwd, AuthUserFiles, MySQL tables, etc).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7026"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RATIOFILE"
--></A
-->
--RatioFile</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7037"
--></A
--><H2
-->Name</H2
-->RatioFile&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7040"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RatioFile</B
-->  [  <CODE
--CLASS="OPTION"
-->RatioFile foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7067"
--></A
--><H2
-->Description</H2
--><P
-->The RatioFile directive ....
--Example:
--RatioFile</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7070"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7073"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RATIOS"
--></A
-->
--Ratios</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7084"
--></A
--><H2
-->Name</H2
-->Ratios&nbsp;--&nbsp;(docs incomplete)</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7087"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->Ratios</B
-->  [  <CODE
--CLASS="OPTION"
-->Ratios foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7114"
--></A
--><H2
-->Description</H2
--><P
-->The Ratios directive ....
--Example:
--Ratios</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7117"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7120"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="RATIOTEMPFILE"
--></A
-->
--RatioTempFile</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7131"
--></A
--><H2
-->Name</H2
-->RatioTempFile&nbsp;--&nbsp;Ratio directive</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7134"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RatioTempFile</B
-->  [  <CODE
--CLASS="OPTION"
-->RatioTempFile foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7161"
--></A
--><H2
-->Description</H2
--><P
-->The RatioTempFile directive ....
--Example:
--RatioTempFile</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7164"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7167"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="REQUIREVALIDSHELL"
- ></A
- >
[email protected]@ -19656,1592 +13504,6 @@
- ></DIV
- ><H1
- ><A
--NAME="REWRITECONDITION"
--></A
-->
--RewriteCondition</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7225"
--></A
--><H2
-->Name</H2
-->RewriteCondition&nbsp;--&nbsp;Define a rule condition</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7228"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteCondition</B
-->  [  <CODE
--CLASS="OPTION"
-->condition pattern</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Directory&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7255"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteCondition directive defines a rule condition. Precede a
--<A
--HREF="#REWRITERULE"
-->RewriteRule</A
--> directive with one or more
--RewriteCondition directives. The following rewriting rule is only used if
--its pattern matches the current state of the FTP command and if these
--additional conditions apply too.</P
--><P
-->Condition is a string which can contain the following expanded constructs
--in addition to plain text:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->		<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->RewriteRule backreferences</B
--></SPAN
-->
--	      </P
--><P
-->		These are backreferences of the form:
--	      </P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->$N</B
--></SPAN
--></P
--><P
-->		(0 &#60;= N &#60;= 9) which provide access to the grouped
--	       	parts (parentheses!) of the pattern from the corresponding
--		RewriteRule directive (the one following the current bunch
--		of RewriteCondition directives). Note that $0 will refer
--		back to the entire original string being matched.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->		<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->RewriteCondition backreferences</B
--></SPAN
-->
--	      </P
--><P
-->		These are backreferences of the form:
--	      </P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%N</B
--></SPAN
--></P
--><P
-->		(0 &#60;= N &#60;= 9) which provide access to the grouped parts
--		(parentheses!) of the pattern from the previous
--		RewriteCondition attached to this RewriteRule.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->		<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->RewriteMap expansions:</B
--></SPAN
-->
--	      </P
--><P
-->		These are expansions of the form:
--	      </P
--><P
-->	      <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->${map-name:lookup-key|default-value}</B
--></SPAN
-->
--	      </P
--><P
-->		See the documentation for <A
--HREF="#REWRITEMAP"
-->RewriteMap
--		</A
--> for more details.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->		<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Variable substitutions:</B
--></SPAN
-->
--	      </P
--><P
-->		These are substitutions of the form:
--              </P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%a</B
--></SPAN
-->
--			client IP address
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%c</B
--></SPAN
-->
--			name of Class for current session
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%f</B
--></SPAN
-->
--			filename
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%F</B
--></SPAN
-->
--			transfer path, as seen by the client (only useful
--			for upload/download commands)
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%g</B
--></SPAN
-->
--			primary group of authenticated user
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%G</B
--></SPAN
-->
--			supplemental groups of authenticated user
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%h</B
--></SPAN
-->
--			client DNS name
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%m</B
--></SPAN
-->
--			FTP command
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%p</B
--></SPAN
-->
--			port of server handling the session
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%u</B
--></SPAN
-->
--			name of authenticated user
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%U</B
--></SPAN
-->
--			name of user sent by client via USER
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->%v</B
--></SPAN
-->
--			ServerName of server handling the session
--			</P
--></LI
--></UL
--></LI
--></UL
--><P
-->Pattern is the condition pattern, i.e., a regular expression which is
--applied to the current instance of the condition, i.e., condition is
--evaluated and then matched against pattern. You can prefix the pattern
--string with a '!' character (exclamation mark) to specify a non-matching
--pattern.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7325"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#REWRITERULE"
-->RewriteRule</A
-->
--<A
--HREF="#REWRITEMAP"
-->RewriteMap</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7330"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="REWRITEENGINE"
--></A
-->
--RewriteEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7341"
--></A
--><H2
-->Name</H2
-->RewriteEngine&nbsp;--&nbsp;Enable/disable mod_rewrite</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7344"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteEngine</B
-->  [  <CODE
--CLASS="OPTION"
-->on|off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7371"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteEngine directive enables or disables the module's runtime
--rewriting engine. If it is set to off this module does no parsing or
--rewriting at all. Use this directive to disable the module instead of
--commenting out all mod_rewrite directives.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7374"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="REWRITELOCK"
--></A
-->
--RewriteLock</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7385"
--></A
--><H2
-->Name</H2
-->RewriteLock&nbsp;--&nbsp;Set the filename for synchronization lockfile</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7388"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteLock</B
-->  [  <CODE
--CLASS="OPTION"
-->filename</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7415"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteLock directive sets the filename for a synchronization lockfile
--which mod_rewrite needs to communicate with RewriteMaps of type fifo. Set
--file to a local absolute path (not on a NFS-mounted device) when you want
--to use a rewriting FIFO. It is not required for other types of rewriting maps.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7418"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="REWRITELOG"
--></A
-->
--RewriteLog</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7429"
--></A
--><H2
-->Name</H2
-->RewriteLog&nbsp;--&nbsp;Specify a log file for mod_rewrite reporting</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7432"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteLog</B
-->  [  <CODE
--CLASS="OPTION"
-->file|"none"</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7459"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteLog directive is used to a specify a log file for mod_rewrite
--reporting and debugging, and can be done a per-server basis. The file
--parameter must be the full path to the file to use for logging. Note
--that this path must <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->not</B
--></SPAN
--> be to a
--world-writeable directory and, unless AllowLogSymlinks is explicitly
--set to on (generally a bad idea), the path must
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->not</B
--></SPAN
--> be a symbolic link. In general,
--this directive should only be used for debugging your mod_rewrite
--configuration, and should be removed once debugging is completed;
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->do not use this directive in a production
--configuration.</B
--></SPAN
--></P
--><P
-->If file is "none", no logging will be done at all; this setting can be
--used to override a RewriteLog setting inherited from a &lt;Global&gt; context. </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7466"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><H1
--><A
--NAME="REWRITEMAP"
--></A
-->
--RewriteMap</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7477"
--></A
--><H2
-->Name</H2
-->RewriteMap&nbsp;--&nbsp;Define a rewrite map</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7480"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteMap</B
-->  [  <CODE
--CLASS="OPTION"
-->map-name map-type:map-soure</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7507"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteMap directive defines a rewriting map which can be used inside
--rule substitution strings by the mapping-functions to insert/substitute
--fields through a key lookup. The source of this lookup can be of various types.</P
--><P
-->The map-name is the name of the map and will be used to specify a
--mapping-function for the substitution strings of a rewriting rule via
--one of the following constructs:</P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->${ map-name :  lookup-key }</B
--></SPAN
--></P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->${ map-name :  lookup-key</B
--></SPAN
-->
-- | 
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->default-value</B
--></SPAN
--></P
--><P
-->When such a construct occurs the map map-name is consulted and the key
--lookup-key is resolved. If the key is found, the map-function construct
--is substituted by subst-value. If the key is not found then it is
--substituted by default-value or by the empty string if no default-value
--was specified.</P
--><P
-->The following combinations for map-type and map-src can be used:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Standard Plain Text</B
--></SPAN
-->
--		</P
--><P
-->			map-type: txt, map-src: Unix filesystem path to
--			valid regular file.
--		</P
--><P
-->		This is the standard rewriting map feature where
--		the map-src is a plain ASCII file containing either blank
--		lines, comment lines (starting with a '#' character) or
--		pairs like the following - one per line.
--		</P
--><P
-->			<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->matching-key subst-value</B
--></SPAN
-->
--		</P
--><DIV
--CLASS="EXAMPLE"
--><A
--NAME="EXAMPLE-USERMAP"
--></A
--><P
--><B
-->Example 1-1. Example Usermap</B
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->		    # --------------------------------------------
--    		    # usermap.txt -- map for rewriting user names
--    		    # --------------------------------------------
--
--    		    Dave.Admin      dave       # The Uber-admin
--    		    root            anonymous  # no one should be logging in as root anyway
--		</PRE
--></DIV
--><P
-->			And, to configure this map to be used:
--		</P
--><PRE
--CLASS="PROGRAMLISTING"
-->			RewriteMap real-to-user txt:/path/to/file/usermap.txt
--		</PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->FIFO/Named Pipe</B
--></SPAN
--></P
--><P
-->			map-type: fifo, map-src: Unix filesystem path
--			to valid FIFO.
--		</P
--><P
-->		For this rewriting map, map-src is a FIFO (a.k.a. named pipe).
--		To create it, you can use the mkfifo(1) command. An
--		external program that opens the FIFO for reading and
--		writing <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->must</B
--></SPAN
-->  be started
--		before proftpd is started. This program can communicate
--		with the rewriting engine via the FIFO. For each mapping
--		lookup, it can read the key to lookup as a newline-terminated
--		string from the FIFO. It then has to write back to the FIFO
--		the looked-up value as a newline-terminated string, or just
--		simply newline character (denoting an empty string) if there
--		is no corresponding value for the given key).
--		</P
--><P
-->		An example program which will implement a 1:1 mapping
--		(i.e., key == value) could be:
--		</P
--><DIV
--CLASS="EXAMPLE"
--><A
--NAME="EXAMPLE-FIFONAMEDPIPE"
--></A
--><P
--><B
-->Example 1-2. Example FIFO/Named Pipe 1:1 mapping</B
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->#!/usr/bin/perl
--    use strict;
--
--    use File::Basename qw(basename);
--    use Getopt::Long;
--    use IO::Handle;
--    use IO::Select;
--
--    my $default_delay = 0.5;
--    my $program = basename($0);
--    my %opts = ();
--
--    GetOptions(\%opts, 'delay=f', 'fifo=s', 'help', 'verbose');
--
--    usage() if $opts{'help'};
--
--    my $delay = $opts{'delay'} ? $opts{'delay'} : $default_delay;
--
--    die "$program: missing required --fifo parameter\n" unless $opts{'fifo'};
--    my $fifo = $opts{'fifo'};
--
--    my $verbose = $opts{'verbose'} ? 1 : 0;
--
--    open(my $fifo_fh, "+&#62; $fifo") or die "$program: unable to open $fifo: $!\n";
--
--    # Instantiate a Select object for knowing when to read from and write to
--    # the FIFO.
--    my $sel = IO::Select-&#62;new();
--
--    while (1) {
--
--      # Blocking select() for reading.
--      $sel-&#62;add($fifo_fh);
--
--      print STDERR "$program: selecting for reading\n" if $verbose;
--      my ($rfh) = $sel-&#62;can_read();
--
--      my $key = &lt;$rfh&gt;;
--      print STDERR "$program: read '$key'\n" if $verbose;
--
--      # Lookup a value for the given key.
--      my $value = lookup_value($key);
--
--      # Clear the Select object's filehandles.
--      $sel-&#62;remove();
--
--      print $fifo_fh "$value\n" if $verbose;
--      $fifo_fh-&#62;flush();
--
--      print STDERR "$program: wrote '$value'\n" if $verbose;
--
--      # Wait for the buffer's byte to be cleared before reading again.
--      wait_fifo($fifo_fh);
--    }
--
--    close($fifo_fh);
--    print STDOUT "$program: done\n" if $verbose;
--
--    exit 0;
--
--    # --------------------------------------------------------------------------
--    sub lookup_value {
--      my ($key) = @_;
--
--      # NOTE: do something to obtain a value for the given key here.
--      chomp(my $value = $key);
--
--      return $value;
--    }
--
--    # --------------------------------------------------------------------------
--    sub usage {
--      print STDOUT &lt;&lt;END_OF_USAGE;
--
--    usage: $program [options]
--
--      --delay         Configure the buffer check delay.
--                      The default is $default_delay seconds.
--
--      --fifo          Configure the path to the FIFO.  Required.
--
--      --help          Displays this message.
--
--      --verbose       Enables verbose output while $program runs.
--
--    END_OF_USAGE
--
--      exit 0;
--    }
--
--    # --------------------------------------------------------------------------
--    sub wait_fifo {
--      my ($fh) = @_;
--
--      # Now we get tricky.  Use ioctl(2) to poll the number of bytes to
--      # be read from the FIFO filehandle.  When the number drops to zero,
--      # it means that the data we just wrote has been read from the buffer
--      # by some other process, so we can go back to the top of this loop.
--      # Otherwise, if this program loops faster than the reader/writer on
--      # the other end of the FIFO, we'd end up reading the data we just
--      # wrote.  Quite annoying, actually.
--      #
--      # Note: this value must be manually extracted from the system header files
--      # using the following program:
--      #
--      # -------- fionread.c -------------------
--      #  #include &lt;sys/ioctl.h&gt;
--      #
--      #  int main(int argc, char *argv[]) {
--      #   printf("%#08x\n", FIONREAD);
--      #   return 0;
--      # }
--      # ---------------------------------------
--      #
--      # &#62; cc -o fionread fionread.c
--      # &#62; ./fionread
--
--      my $FIONREAD = 0x00541b;
--
--      my $size = pack('L', 0);
--      ioctl($fh, $FIONREAD, $size) or die "$program: unable to use ioctl: $!\n";
--      $size = unpack('L', $size);
--
--      while ($size != 0) {
--        print STDERR "$program: waiting for buffer to be read\n" if $verbose;
--        select(undef, undef, undef, $delay);
--
--        $size = pack('L', 0);
--        ioctl($fh, $FIONREAD, $size) or die "$program: unable to use ioctl: $!\n";
--        $size = unpack('L', $size);
--      }
--    }
--
--		</PRE
--></DIV
--><P
-->		To make use of this example script, simply implement your
--		lookup code in the lookup_value() subroutine. Be very
--		careful with such scripts, though:
--		</P
--><P
--></P
--><OL
--TYPE="1"
--><LI
--STYLE="list-style-type: disc"
--><P
-->			     "Keep it simple, stupid" (KISS), because if
--			      this program hangs it will hang proftpd when
--			      the rule occurs. Well, keep it as simple as
--			      possible...
--			     </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			     Avoid one common mistake: avoid buffered I/O
--			     if possible. This can cause a deadloop. If
--			     necessary, be sure to flush the filehandle
--			     before reading, and after writing.
--			     </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->			     Use the RewriteLock directive to define a
--			     lockfile mod_rewrite can use to synchronize
--			     the communication to the FIFO program. By
--			     default no such synchronization takes place.
--			     </P
--></LI
--></OL
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Internal Function</B
--></SPAN
--></P
--><P
-->			map-type: int, map-src: Internal mod_rewrite function.
--		</P
--><P
-->		Here the map-src is a mod_rewrite built-in function.
--		Currently you cannot create your own, but the following
--		functions already exist:
--		</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->toupper</B
--></SPAN
--></P
--><P
-->			Converts the looked up key to all upper case.
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->tolower</B
--></SPAN
--></P
--><P
-->			Converts the looked up key to all lower case.
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->unescape</B
--></SPAN
--></P
--><P
-->			Translates hex-encodings in the looked up key back
--			to special characters.
--			</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->utf8trans</B
--></SPAN
--></P
--><P
-->			Translates UTF-8 encodings in the lookup up key into
--			Latin-1 characters.
--			</P
--></LI
--></UL
--></LI
--></UL
--><P
-->The RewriteMap directive can occur more than once. For each mapping-function
--use one RewriteMap directive to declare its rewriting map name.</P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Note:</B
--></SPAN
--> For plain text files the looked-up
--keys are cached in-core until the mtime of the text map file changes or
--the server does a restart. This way you can have map-functions in rules
--which are used for <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->every</B
--></SPAN
--> request. This
--is no problem, because the parsing of the text files only happens once!</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7575"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
--></P
--></DIV
--><H1
--><A
--NAME="REWRITERULE"
--></A
-->
--RewriteRule</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7587"
--></A
--><H2
-->Name</H2
-->RewriteRule&nbsp;--&nbsp;Define a rewrite rule</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7590"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->RewriteRule</B
-->  [  <CODE
--CLASS="OPTION"
-->pattern substitution</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Directory&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_rewrite</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.6rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7617"
--></A
--><H2
-->Description</H2
--><P
-->The RewriteRule directive is the real rewriting workhorse. The configuration
--directive can occur more than once. Each directive defines a single
--rewriting rule. The order of definition of these rules is important,
--because this order is used when applying the rules at run-time.</P
--><P
-->Pattern can be POSIX regular expression which gets applied to the current
--FTP command argument(s).</P
--><P
-->Some hints about the syntax of regular expressions:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Text:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->	        .           Any single character
--  		[chars]     Character class: one of chars
--		[^chars]    Character class: none of chars
--  		text1|text2 Alternative: text1 or text2
--	      </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Quantifiers:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->	        ?           0 or 1 of the preceding text
--  		*           0 or N of the preceding text (N &#62; 0)
--  		+           1 or N of the preceding text (N &#62; 1)
--	      </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Grouping:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
--> 	      (text)       Grouping of text
--              		   (either to set the borders of an alternative or
--              		   for making backreferences where the Nth group can 
--              		   be used on the RHS of a RewriteRule with $N)
--	      </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Anchors:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->	        ^           Start of line anchor
--  		$           End of line anchor
--	      </PRE
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Escaping:</B
--></SPAN
--></P
--><PRE
--CLASS="PROGRAMLISTING"
-->		\char       Escape that particular char
--              		    (for instance to specify the chars ".[]()" etc.)
--	      </PRE
--></LI
--></UL
--><P
-->For more information about regular expressions have a look at your local
--regex(3) manpage. If you are interested in more detailed information about
--regular expressions and their variants (POSIX regex, Perl regex, etc.) have
--a look at the following dedicated book on this topic:</P
--><P
-->Mastering Regular Expressions
--Jeffrey E.F. Friedl
--Nutshell Handbook Series
--O'Reilly &#38; Associates, Inc. 1997
--ISBN 1-56592-257-3</P
--><P
-->Additionally in mod_rewrite the NOT character ('!') is a possible pattern
--prefix. This gives you the ability to negate a pattern; to say, for instance:
--"if the current argument(s) does NOT match this pattern". This can be used
--for exceptional cases, where it is easier to match the negative pattern,
--or as a last default rule.</P
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Notice:</B
--></SPAN
--> When using the NOT character to
--negate a pattern you cannot have grouped wildcard parts in the pattern.
--This is impossible because when the pattern does NOT match, there are no
--contents for the groups. In consequence, if negated patterns are used,
--you cannot use $N in the substitution string.</P
--><P
-->Substitution of a rewriting rule is the string which is substituted for
--(or replaces) the original argument(s) for which pattern matched. Beside
--plain text you can use:</P
--><P
--></P
--><OL
--TYPE="1"
--><LI
--><P
-->     $N backreferences to the RewriteRule pattern
--     </P
--></LI
--><LI
--><P
-->     %N backreferences to the last matched RewriteCondition pattern
--     </P
--></LI
--><LI
--><P
-->     variables as in RewriteCondition test strings
--     </P
--></LI
--><LI
--><P
-->     map function calls (${map-name:lookup-key|default-value}) 
--     </P
--></LI
--></OL
--><P
-->Backreferences are $<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->N</B
--></SPAN
-->
--(<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->N</B
--></SPAN
-->=0..9) identifiers which will be replaced
--by the contents of the <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->N</B
--></SPAN
-->th group of the
--matched pattern. The variables are the same as for the condition of a
--<A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
--> directive, with two
--additions:</P
--><P
--></P
--><UL
--><LI
--><P
-->	%<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->P</B
--></SPAN
-->
--	process ID
--	</P
--></LI
--><LI
--><P
-->	%<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->t</B
--></SPAN
-->
--	Unix time since the epoch, in seconds
--	</P
--></LI
--></UL
--><P
-->The map functions come from the <A
--HREF="#REWRITEMAP"
-->RewriteMap</A
-->
--directive and are explained there. These four types of variables are
--expanded in the order of the above list.</P
--><P
-->All of the rewriting rules are applied to substitution. The command
--argument(s) is completely replaced by the substitution.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7673"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#REWRITECONDITION"
-->RewriteCondition</A
-->
--<A
--HREF="#REWRITEMAP"
-->RewriteMap</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7678"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
- NAME="RLIMITCPU"
- ></A
- >
[email protected]@ -21815,115 +14077,6 @@
- ></DIV
- ><H1
- ><A
--NAME="SAVERATIOS"
--></A
-->
--SaveRatios</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN7924"
--></A
--><H2
-->Name</H2
-->SaveRatios&nbsp;--&nbsp;FIXME FIXME</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN7927"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SaveRatios</B
-->  [  <CODE
--CLASS="OPTION"
-->SaveRatios foo1 foo2 foo3</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None known</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_ratio</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->at least 1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7954"
--></A
--><H2
-->Description</H2
--><P
-->The SaveRatios directive ....
--Example:
--SaveRatios</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7957"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN7960"
--></A
--><H2
-->Examples</H2
--><P
--></P
--></DIV
--><H1
--><A
- NAME="SCOREBOARDFILE"
- ></A
- >
[email protected]@ -22585,7 +14738,7 @@
- ></A
- ><H2
- >Name</H2
-->SetEnv&nbsp;--&nbsp;(docs incomplete)</DIV
-+>SetEnv&nbsp;--&nbsp;Set environment variable</DIV
- ><DIV
- CLASS="REFSYNOPSISDIV"
- ><A
[email protected]@ -23038,3443 +15191,6 @@
- ></DIV
- ><H1
- ><A
--NAME="SQLAUTHENTICATE"
--></A
-->
--    SQLAuthenticate</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8431"
--></A
--><H2
-->Name</H2
-->SQLAuthenticate&nbsp;--&nbsp;    Specify authentication methods and what to authenticate 
--  </DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8434"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLAuthenticate</B
-->  {on | off}</P
--><P
-->&nbsp;&nbsp;or</P
--><P
--><B
--CLASS="COMMAND"
-->SQLAuthenticate</B
-->  [      users
--    ] [      groups
--    ] [      userset [fast]
--    ] [      groupset [fast]
--    ]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->          SQLAuthenticate <SAMP
--CLASS="COMPUTEROUTPUT"
-->on</SAMP
--> 
--        </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->          server config, &lt;Global&gt;, &lt;VirtualHost&gt;
--        </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->          mod_sql
--        </P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->          1.2.5rc1 and later
--        </P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8472"
--></A
--><H2
-->Description</H2
--><P
-->The SQLAuthenticate directive configures mod_sql's authentication behavior,
--controlling whether to provide user and/or group information during
--authentication, and how that provisioning is performed. The parameters may
--appear in any order.</P
--><P
-->The available parameter values are:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->on</B
--></SPAN
--></P
--><P
-->		Shorthand for SQLAuthenticate users groups userset groupset.
--	      </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->off</B
--></SPAN
--></P
--><P
-->		Disables all mod_sql authentication functions.
--	      </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->users</B
--></SPAN
--></P
--><P
-->		If present, mod_sql will do user lookups. If not present,
--		mod_sql will do no user lookups at all, including the
--		{set|get|end}pwent() calls (see below).
--	      </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->groups</B
--></SPAN
--></P
--><P
-->		If present, mod_sql will do group lookups. If not present,
--		mod_sql will do no group lookups at all, including the
--		{set|get|end}grent() calls (see below).
--	      </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->userset[fast]</B
--></SPAN
--></P
--><P
-->		If present, mod_sql will process the potentially expensive
--		{set|get|end}pwent() calls. If not present, mod_sql will
--		not process these calls. Adding the suffix "fast" tells
--		mod_sql to process the users as a single large query, rather
--		than making a query per user. This may significantly reduce
--		the number of queries against the database at the expense
--		of increased memory use. This parameter will have no effect
--		if "users" is not specified.
--	      </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->groupset[fast]</B
--></SPAN
--></P
--><P
-->		If present, mod_sql will process the potentially expensive
--		{set|get|end}grent() calls. If not present, mod_sql will
--		not process these calls. Adding the suffix "fast" tells
--		mod_sql to process the groups as a single large query, 
--		rather than making a query per group. This may significantly
--		reduce the number of queries against the database at the
--		expense of increased memory use. This parameter will have no
--		effect if "groups" is not specified.
--	      </P
--></LI
--></UL
--><P
-->The SQLLog and SQLShowInfo directives will always be processed by mod_sql.
--The SQLAuthenticate directive only affects the user and group
--lookup/authentication portions of the module.</P
--><P
-->Turning off (i.e. by not including) the userset or groupset parameters
--affects the functionality of mod_sql. Not allowing these lookups may remove
--the ability to control access or control functionality by group membership,
--depending on your other authentication handlers and the data available to
--them. At the same time, choosing not to do these lookups may dramatically
--speed login for many large sites.</P
--><P
-->The "fast" suffix is not appropriate for every site. Normally, mod_sql will
--retrieve a list of users and groups, and get information from the database
--on a per-user or per-group basis. This is query intensive: it requires
--(nn + 1) queries, where n is the number of users or groups to lookup. By 
--choosing "fast" lookups, mod_sql will make a single SELECT query to get
--information from the database.</P
--><P
-->In exchange for the radical reduction in the number of queries, the single
--query will increase the memory consumption of the process; all group or user
--information will be read at once rather than in discrete chunks.</P
--></DIV
--><DIV
--CLASS="REFSECT2"
--><A
--NAME="AEN8505"
--></A
--><H3
-->Group Table Structure</H3
--><P
-->Normally <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->mod_sql</B
--></SPAN
--> allows multiple group
--members per row, and multiple rows per group. If you use the "fast"
--option for groupset, you <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->must</B
--></SPAN
--> use only one
--row per group. For example, normally mod_sql treats the following three
--tables in exactly the same way:</P
--><P
--CLASS="LITERALLAYOUT"
-->|--------------------------------------------------|<br>
--|&nbsp;&nbsp;GROUPNAME&nbsp;&nbsp;|&nbsp;&nbsp;GID&nbsp;&nbsp;|&nbsp;&nbsp;MEMBERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|--------------------------------------------------|<br>
--|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;naomi&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;priscilla&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;gertrude&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|--------------------------------------------------|<br>
--<br>
--|--------------------------------------------------|<br>
--|&nbsp;&nbsp;GROUPNAME&nbsp;&nbsp;|&nbsp;&nbsp;GID&nbsp;&nbsp;|&nbsp;&nbsp;MEMBERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|--------------------------------------------------|<br>
--|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;naomi,&nbsp;priscilla&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;gertrude&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|--------------------------------------------------|<br>
--<br>
--|--------------------------------------------------|<br>
--|&nbsp;&nbsp;GROUPNAME&nbsp;&nbsp;|&nbsp;&nbsp;GID&nbsp;&nbsp;|&nbsp;&nbsp;MEMBERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
--|--------------------------------------------------|<br>
--|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;naomi,&nbsp;priscilla,&nbsp;gertrude&nbsp;|<br>
--|--------------------------------------------------|</P
--><P
-->If you use the "fast" option, mod_sql assumes that all entries are 
--structured like the last example.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8512"
--></A
--><H2
-->See also</H2
--><P
-->      <A
--HREF="#SQLUSERINFO"
-->SQLUserInfo</A
--> 
--      <A
--HREF="#SQLGROUPINFO"
-->SQLGroupInfo</A
-->
--    </P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8517"
--></A
--><H2
-->Examples</H2
--></DIV
--><H1
--><A
--NAME="SQLAUTHTYPES"
--></A
-->
--SQLAuthTypes</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8527"
--></A
--><H2
-->Name</H2
-->SQLAuthTypes&nbsp;--&nbsp;Specify the allowed authentication types and their check order</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8530"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLAuthTypes</B
-->  [  <CODE
--CLASS="OPTION"
-->[OpenSSL]</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[Crypt]</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[Backend]</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[Plaintext]</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[Empty]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->none</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8565"
--></A
--><H2
-->Description</H2
--><P
-->This directive deprecates 'SQLEmptyPasswords',
--'SQLScrambledPasswords', 'SQLSSLHashedPasswords',
--'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'.</P
--><P
-->The SQLAuthTypes directive specifies which authentication method
--are to be allowed, and their order of use.
--<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->You must specify at least one authentication
--method.</B
--></SPAN
--></P
--><P
-->The current supported authentication methods are:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Backend</B
--></SPAN
--></P
--><P
-->		Allows database-specific backend passwords. Not all
--		backend databases support this option. For example,
--		MySQL datatabases use this option to authenticate MySQL
--		'PASSWORD()' encrypted passwords. The Postgres backend,
--		however, does nothing.<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Caveat
--		</B
--></SPAN
-->: if your MySQL activity log is world-readable,
--		the user password <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->will be visible
--		</B
--></SPAN
-->. You have been warned.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Crypt</B
--></SPAN
--></P
--><P
-->		Allows passwords in the database to be of Unix crypt(3) form.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Empty</B
--></SPAN
--></P
--><P
-->		Allows empty passwords in the database, which match
--		against <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->any</B
--></SPAN
--> password
--		the user may give. The database field must be a truly
--		empty string; NULL values are not acceptable as empty
--		passwords. <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Be very careful if using
--		this authentication method.</B
--></SPAN
-->
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->OpenSSL</B
--></SPAN
--></P
--><P
-->		Allows passwords in the database to be of the form
--		'{digest-name}hashed-value', where hashed-value
--		is the base64-encoded digest of the passsword.
--		Only available if you define HAVE_OPENSSL when you
--		compile proftpd  and you link with OpenSSL's libcrypto
--		library.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->Plaintext</B
--></SPAN
--></P
--><P
-->		Allows passwords in the database to be in plaintext.
--              </P
--></LI
--></UL
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8596"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8599"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->	SQLAuthTypes&nbsp;Crypt&nbsp;Empty</P
--><P
-->configures mod_sql to first attempt to verify the password using the
--Unix crypt(3) function, then, if that fails, determine if the password
--in the database is empty (thus matching any given password). If all of
--the configured authentication methods fail, mod_sql will fail to
--authenticate the user.</P
--></DIV
--><H1
--><A
--NAME="SQLBACKEND"
--></A
-->
--SQLBackend</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8611"
--></A
--><H2
-->Name</H2
-->SQLBackend&nbsp;--&nbsp;Set the SQL backend module</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8614"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLBackend</B
-->  [  <CODE
--CLASS="OPTION"
-->backend</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->Depends</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.3.0rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8641"
--></A
--><H2
-->Description</H2
--><P
-->In 1.3.0rc1, the mod_sql module gained the ability to be compiled with multiple
--backend modules supported, e.g. to have both mod_sql_mysql and mod_sql_postgres
--usable in the same proftpd daemon. The SQLBackend directive configures which of
--these different database backends should be used.</P
--><P
-->If there is only one backend module compiled in, the SQLBackend directive is not
--needed. If there are multiple backend modules compiled and no SQLBackend directive
--is specified, then mod_sql will default to using the first backend module listed.
--For instance, if you configured proftpd using a configure command such as:
--
--  ./configure --with-modules=mod_sql:mod_sql_postgres:mod_sql_mysql ...
--
--then mod_sql would default to using mod_sql_postgres as the backend module to use.</P
--><P
-->You might have multiple &lt;VirtualHost&gt; sections which use different SQL backends.
--Use "mysql" for the mod_sql_mysql module, and "postgres" for the mod_sql_postgres
--module.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8646"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8649"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;&lt;VirtualHost&nbsp;1.2.3.4&gt;<br>
--&nbsp;&nbsp;&nbsp;&nbsp;SQLBackend&nbsp;mysql<br>
--&nbsp;&nbsp;&nbsp;&nbsp;...<br>
--&nbsp;&nbsp;&lt;/VirtualHost&gt;<br>
--<br>
--&nbsp;&nbsp;&lt;VirtualHost&nbsp;5.6.7.8&gt;<br>
--&nbsp;&nbsp;&nbsp;&nbsp;SQLBackend&nbsp;postgres<br>
--&nbsp;&nbsp;&nbsp;&nbsp;...<br>
--&nbsp;&nbsp;&lt;/VirtualHost&gt;</P
--></DIV
--><H1
--><A
--NAME="SQLCONNECTINFO"
--></A
-->
--SQLConnectInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8660"
--></A
--><H2
-->Name</H2
-->SQLConnectInfo&nbsp;--&nbsp;Specify connection information for the backend</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8663"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLConnectInfo</B
-->  [  <CODE
--CLASS="OPTION"
-->connection-info</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[username]</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[password]</CODE
-->] [  <CODE
--CLASS="OPTION"
-->[policy]</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8696"
--></A
--><H2
-->Description</H2
--><P
-->This directive deprecates 'MySQLInfo', 'PostgresInfo', and
--'PostgresPort'.</P
--><P
-->The SQLConnectInfo directive configures the information necessary to
--connect to the backend database. The connection-info parameter specifies
--the database, host, port, and other backend-specific information. The
--optional username and password parameters specify a username and password
--to use when connecting to the database. Both default to NULL, which the
--backend will treat in some backend-specific manner. If you specify a
--password, you <SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->must</B
--></SPAN
--> specify a username.
--If no SQLConnectInfo directive is specified, mod_sql will disable itself.</P
--><P
-->Any given database backend has the opportunity, though not necessarily
--the responsibility, to check for syntax errors in the connection-info
--field at server startup, but you should not expect semantic errors
--(i.e., cannot connect to the database) to be caught until mod_sql 
--attempts to connect for a given host.</P
--><P
-->A given database connection is governed by a connection policy that
--specifies when a connection should be opened and when it should be
--closed. There are three options:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
--><SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->PERSESSION</B
--></SPAN
--></P
--><P
-->		Open a database connection at the start of the session
--		and close the database connection at the end of the session.
--              </P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->number (<SPAN
--CLASS="bold"
--><B
--CLASS="EMPHASIS"
-->TIMED</B
--></SPAN
-->)</P
--><P
-->		Timed database connections that close themselves
--		after number seconds of inactivity.
--              </P
--></LI
--></UL
--><P
-->If a connection policy is not specified, if the policy is not a number or
--is a number less than 1, or if the policy is the string "PERSESSION",
--the PERSESSION policy will be used.</P
--><P
-->If the connection policy is any number greater than 0, it specifies the
--number of seconds that a connection will be held open without activity.
--After that many seconds of database inactivity, the connection to the
--database will be closed. As soon as database activity starts again,
--the connection will be opened and the timer will restart.</P
--><P
-->The MySQL and Postgres backends' connection-info is expected to be of the form:</P
--><P
-->database[@hostname][:port]</P
--><P
-->hostname will default to a backend-specific hostname (which happens to be
--'localhost' for both the MySQL and Postgres backends), and port will default
--to a backend-specific default port (3306 for the MySQL backend, 5432 for
--the Postgres backend).</P
--><P
-->From the MySQL documentation:</P
--><P
-->the value of host may be either a hostname or an IP address. If host is
--NULL or the string "localhost", a connection to the local host is assumed.
--If the OS supports sockets (Unix) or named pipes (Windows), they are used
--instead of TCP/IP to connect to the server.</P
--><P
-->From the PostgreSQL documentation:</P
--><P
-->If [the hostname] begins with a slash, it specifies Unix-domain
--communication rather than TCP/IP communication; the value is the
--name of the directory in which the socket file is stored. The default
--is to connect to a Unix-domain socket in /tmp.</P
--><P
-->If you plan to use the TIMED connection policy, consider the effect of
--directives such as DefaultRoot on local socket communication: once a user
--has been chroot()ed, the local socket file will probably not be available
--within the chroot directory tree, and attempts to reopen communication will
--fail. One way around this may be to use hardlinks within the user's
--directory tree. PERSESSION connections are not affected by this because
--the database will be opened prior to the chroot() call, and held open
--for the life of the session. Network communications are not affected by
--this problem. For example, while localhost would not work for MySQL since
--the MySQL client library will try to use socket communications for that
--host, 127.0.0.1 will work (as long as your database is setup to accept
--these connections).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8722"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8725"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;#&nbsp;Connect&nbsp;to&nbsp;the&nbsp;database&nbsp;'ftpusers'&nbsp;via&nbsp;the&nbsp;default&nbsp;port&nbsp;at&nbsp;host<br>
--&nbsp;&nbsp;#&nbsp;'foo.com'.&nbsp;&nbsp;Use&nbsp;a&nbsp;NULL&nbsp;username&nbsp;and&nbsp;NULL&nbsp;password&nbsp;when&nbsp;connecting.<br>
--&nbsp;&nbsp;#&nbsp;A&nbsp;connection&nbsp;policy&nbsp;of&nbsp;PERSESSION&nbsp;is&nbsp;used.<br>
--&nbsp;&nbsp;SQLConnectInfo&nbsp;[email protected]<br>
--<br>
--&nbsp;&nbsp;#&nbsp;Connect&nbsp;to&nbsp;the&nbsp;database&nbsp;'ftpusers'&nbsp;via&nbsp;port&nbsp;3000&nbsp;at&nbsp;host&nbsp;'localhost'.<br>
--&nbsp;&nbsp;#&nbsp;Use&nbsp;the&nbsp;username&nbsp;'admin'&nbsp;and&nbsp;a&nbsp;NULL&nbsp;password&nbsp;when&nbsp;connecting.<br>
--&nbsp;&nbsp;#&nbsp;A&nbsp;connection&nbsp;policy&nbsp;of&nbsp;PERSESSION&nbsp;is&nbsp;used.<br>
--&nbsp;&nbsp;SQLConnectInfo&nbsp;ftpusers:3000&nbsp;admin<br>
--<br>
--&nbsp;&nbsp;#&nbsp;Connect&nbsp;to&nbsp;the&nbsp;database&nbsp;'ftpusers'&nbsp;via&nbsp;port&nbsp;3000&nbsp;at&nbsp;host&nbsp;'foo.com'.<br>
--&nbsp;&nbsp;#&nbsp;Use&nbsp;the&nbsp;username&nbsp;'admin'&nbsp;and&nbsp;password&nbsp;'mypassword'&nbsp;when&nbsp;connecting.<br>
--&nbsp;&nbsp;#&nbsp;A&nbsp;connection&nbsp;policy&nbsp;of&nbsp;PERSESSION&nbsp;is&nbsp;used.<br>
--&nbsp;&nbsp;SQLConnectInfo&nbsp;[email protected]:3000&nbsp;admin&nbsp;mypassword<br>
--<br>
--&nbsp;&nbsp;#&nbsp;Connect&nbsp;to&nbsp;the&nbsp;database&nbsp;'ftpusers'&nbsp;via&nbsp;port&nbsp;3000&nbsp;at&nbsp;host&nbsp;'foo.com'.<br>
--&nbsp;&nbsp;#&nbsp;Use&nbsp;a&nbsp;username&nbsp;of&nbsp;'admin'&nbsp;and&nbsp;a&nbsp;password&nbsp;of&nbsp;'mypassword'&nbsp;when<br>
--&nbsp;&nbsp;#&nbsp;connecting.&nbsp;&nbsp;A&nbsp;30&nbsp;second&nbsp;timer&nbsp;of&nbsp;connection&nbsp;inactivity&nbsp;is&nbsp;activated.<br>
--&nbsp;&nbsp;SQLConnectInfo&nbsp;[email protected]:3000&nbsp;admin&nbsp;mypassword&nbsp;30</P
--><P
-->Backends may require different information in the connection-info field;
--check your backend module for more detailed information.</P
--></DIV
--><H1
--><A
--NAME="SQLDEFAULTGID"
--></A
-->
--SQLDefaultGID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8737"
--></A
--><H2
-->Name</H2
-->SQLDefaultGID&nbsp;--&nbsp;Configure the default GID for users</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8740"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLDefaultGID</B
-->  [  <CODE
--CLASS="OPTION"
-->defaultgid</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->65533</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8767"
--></A
--><H2
-->Description</H2
--><P
-->Sets the default GID for users.  Must be greater than SQLMinID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8770"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLMINID"
-->SQLMinID</A
-->
--<A
--HREF="#SQLMINUSERGID"
-->SQLMinUserGID</A
--></P
--></DIV
--><H1
--><A
--NAME="SQLDEFAULTHOMEDIR"
--></A
-->
--SQLDefaultHomedir</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8783"
--></A
--><H2
-->Name</H2
-->SQLDefaultHomedir&nbsp;--&nbsp;Configure the default homedir</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8786"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLDefaultHomedir</B
-->  [  <CODE
--CLASS="OPTION"
-->path</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8813"
--></A
--><H2
-->Description</H2
--><P
-->The SQLDefaultHomedir directive configures a default home directory for all
--users authenticated with this module, overriding any (deprecated)
--SQLHomedirField directive. If no home directory is set with either directive,
--authentication fails. This directive does not change the data retrieved from
--the database: if you specify a home directory field to SQLUserInfo, that
--field's data will be returned as the user's home directory, whether that
--data is a legal directory, or an empty string, or NULL.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8816"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLUSERINFO"
-->SQLUserInfo</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8820"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLDEFAULTUID"
--></A
-->
--SQLDefaultUID</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8831"
--></A
--><H2
-->Name</H2
-->SQLDefaultUID&nbsp;--&nbsp;Configure the default UID for users</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8834"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLDefaultUID</B
-->  [  <CODE
--CLASS="OPTION"
-->defaultuid</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->65533</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8861"
--></A
--><H2
-->Description</H2
--><P
-->Sets the default UID for users.  Must be greater than SQLMinID.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8864"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLMINID"
-->SQLMinID</A
-->
--<A
--HREF="#SQLMINUSERUID"
-->SQLMinUserUID</A
--></P
--></DIV
--><H1
--><A
--NAME="SQLENGINE"
--></A
-->
--SQLEngine</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8877"
--></A
--><H2
-->Name</H2
-->SQLEngine&nbsp;--&nbsp;Configure how mod_sql will operate</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8880"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLEngine</B
-->  [  <CODE
--CLASS="OPTION"
-->on|off|auth|log</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->SQLEngine on</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.3.0rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8907"
--></A
--><H2
-->Description</H2
--><P
-->The SQLEngine directive is used to specify how mod_sql will operate. By
--default, SQLEngine is on, and mod_sql will operate as normal. Setting
--SQLEngine to off will effectively disable the module.</P
--><P
-->In addition to on and off, SQLEngine accepts two other values: auth and
--log. If you wish to use mod_sql for authentication and not for logging
--(via SQLLog), use auth. Conversely, to do only SQLLog-type logging, and
--no authentication, use log.</P
--><P
-->This directive can be used to have &lt;Anonymous&gt; sections that do not use
--mod_sql (see the example below).</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8912"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8915"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;&lt;Anonymous&nbsp;~ftp&gt;<br>
--&nbsp;&nbsp;&nbsp;&nbsp;...<br>
--&nbsp;&nbsp;&nbsp;&nbsp;SQLEngine&nbsp;off<br>
--&nbsp;&nbsp;&nbsp;&nbsp;...<br>
--&nbsp;&nbsp;&lt;/Anonymous&gt;</P
--></DIV
--><H1
--><A
--NAME="SQLGROUPINFO"
--></A
-->
--SQLGroupInfo</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8926"
--></A
--><H2
-->Name</H2
-->SQLGroupInfo&nbsp;--&nbsp;Configure the group table and fields that hold group information</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8929"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLGroupInfo</B
-->  [  <CODE
--CLASS="OPTION"
-->group-table group-name gid members</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->&quot;groups groupname gid members&quot;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8956"
--></A
--><H2
-->Description</H2
--><P
-->The SQLGroupInfo directive configures the group table and fields that hold group information. The parameters for this directive are described below:</P
--><P
--></P
--><UL
--><LI
--STYLE="list-style-type: disc"
--><P
-->grouptable</P
--><P
-->      Specifies the name of the table that holds group information.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->groupname</P
--><P
-->      Specifies the field in the group table that holds the group name.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->gid</P
--><P
-->      Specifies the field in the group table that holds the group's GID.</P
--></LI
--><LI
--STYLE="list-style-type: disc"
--><P
-->members</P
--><P
-->      Specifies the field in the group table that holds the group members.</P
--></LI
--></UL
--><P
-->If you need to change any of these field names from the default, you need
--to specify all of them.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8973"
--></A
--><H2
-->See also</H2
--><P
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN8976"
--></A
--><H2
-->Examples</H2
--><P
--CLASS="LITERALLAYOUT"
--></P
--></DIV
--><H1
--><A
--NAME="SQLGROUPWHERECLAUSE"
--></A
-->
--SQLGroupWhereClause</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN8987"
--></A
--><H2
-->Name</H2
-->SQLGroupWhereClause&nbsp;--&nbsp;Configure a WHERE clause for every group query</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN8990"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLGroupWhereClause</B
-->  [  <CODE
--CLASS="OPTION"
-->where-clause</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9017"
--></A
--><H2
-->Description</H2
--><P
-->The directive is used to configure a WHERE clause that is added to every
--group query. The WHERE clause must contain all relevant punctuation, and
--must not contain a leading "and".</P
--><P
-->Starting with ProFTPD 1.3.1rc1 the SQLGroupWhereClause also supports the
--variables supported by <A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
-->
--except for the &quot;%{n}&quot; variable</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9022"
--></A
--><H2
-->See also</H2
--><P
--><A
--HREF="#SQLNAMEDQUERY"
-->SQLNamedQuery</A
--></P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9026"
--></A
--><H2
-->Examples</H2
--><P
-->As an example of a possible use for this directive, imagine if your group
--table included a "LoginAllowed" field:</P
--><P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;SQLGroupWhereClause&nbsp;"LoginAllowed&nbsp;=&nbsp;'true'"</P
--><P
-->would be appended to every group-related query as the string:</P
--><P
--CLASS="LITERALLAYOUT"
-->&nbsp;&nbsp;"&nbsp;WHERE&nbsp;(LoginAllowed&nbsp;=&nbsp;'true')"</P
--></DIV
--><H1
--><A
--NAME="SQLHOMEDIRONDEMAND"
--></A
-->
--SQLHomedirOnDemand</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9040"
--></A
--><H2
-->Name</H2
-->SQLHomedirOnDemand&nbsp;--&nbsp;Have mod_sql create home directories as needed [deprecated]</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9043"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLHomedirOnDemand</B
-->  [  <CODE
--CLASS="OPTION"
-->on|off</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->off</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.0 up to 1.3.1rc1</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9070"
--></A
--><H2
-->Description</H2
--><P
-->This directive has been deprecated with ProFTPD 1.3.1rc1.
--Please use <A
--HREF="#CREATEHOME"
-->CreateHome</A
--> instead.</P
--><P
-->The SQLHomedirOnDemand directive configures mod_sql to automatically
--create a user's home directory if that directory does not exist during
--the login process.</P
--></DIV
--><H1
--><A
--NAME="SQLLOG"
--></A
-->
--SQLLog</H1
--><DIV
--CLASS="REFNAMEDIV"
--><A
--NAME="AEN9083"
--></A
--><H2
-->Name</H2
-->SQLLog&nbsp;--&nbsp;Log information to a database table</DIV
--><DIV
--CLASS="REFSYNOPSISDIV"
--><A
--NAME="AEN9086"
--></A
--><H2
-->Synopsis</H2
--><P
--><B
--CLASS="COMMAND"
-->SQLLog</B
-->  [  <CODE
--CLASS="OPTION"
-->cmd-set query-name [&quot;IGNORE_ERRORS&quot;</CODE
-->]</P
--><P
--></P
--><DIV
--CLASS="VARIABLELIST"
--><P
--><B
--></B
--></P
--><DL
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Default</PRE
--></DT
--><DD
--><P
-->None</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Context</PRE
--></DT
--><DD
--><P
-->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Module</PRE
--></DT
--><DD
--><P
-->mod_sql</P
--></DD
--><DT
--><PRE
--CLASS="SYNOPSIS"
-->Compatibility</PRE
--></DT
--><DD
--><P
-->1.2.5rc1 and later</P
--></DD
--></DL
--></DIV
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9113"
--></A
--><H2
-->Description</H2
--><P
-->This directive is used to log information to a database table. Multiple
--SQLLog directives can be in effect for any command; for example, a user
--changing directories can trigger multiple logging statements.</P
--><P
-->The first parameter to SQLLog, the cmd-set, is a comma-separated (no spaces)
--list of FTP commands for which this log command will trigger. The list of
--commands is too long to list in entirety; commands include CWD, DELE, HELP,
--LIST, MKD, MODE, NLST, PASS, PASV, PORT and many more. For the complete list
--check the FTP RFCs. Normally mod_sql will log events after they have
--completed successfully; in the case of the QUIT command, mod_sql logs prior
--to the server's processing of the command. (Note, however, that the client
--may not issue a QUIT before logging out; in this case, use a command of EXIT
--rather than QUIT. EXIT is not a real FTP command, but it is used here to
--provide a means for having SQLLog work whenever a session ends.)</P
--><P
-->FTP commands in the command set will only be logged if they complete
--successfully. Prefixing any command with "ERR_" will cause logging to occur
--only if there was an error in the command's processing. To log both errors
--and successful completion of a given command X, therefore, you'll need both
--"X" and "ERR_X" in your cmd-set.</P
--><P
-->The special command "*" matches all FTP commands, while "ERR_*" matches all
--errors.</P
--><P
-->The second parameter is the name of a query defined by a SQLNamedQuery
--directive. The query must be an UPDATE, INSERT, or FREEFORM type query;
--explicit SELECT queries will not be processed.</P
--><P
-->The third parameter is optional. If you add "IGNORE_ERRORS" as the third
--parameter, SQLLog will not check for errors in the processing of the named
--query. Any value for this parameter other than the string "IGNORE_ERRORS"
--(case-insensitive) will not cause errors to be ignored.</P
--><P
-->Normally, SQLLog directives are considered important enough that errors in
--their processing will cause mod_sql to abort the client session. References
--to non-existent named queries will not abort the client session, but may
--result in database corruption (in the sense that the expected database
--UPDATE or INSERT will not occur). Check your directives carefully.</P
--></DIV
--><DIV
--CLASS="REFSECT1"
--><A
--NAME="AEN9122"
--></A
--><H2
-->See also</H2
--><P
--></P
<