PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd
authorMilan Jurik <Milan.Jurik@oracle.com>
Wed, 15 Jun 2011 01:09:08 -0700
changeset 305 e95b65443448
parent 304 cfebb7b36966
child 306 9da68c8821e3
PSARC 2011/088 Replace WU-ftpd with modern FTP server proftpd 6938409 Solaris needs new ftpd replacing dead WU-ftpd 5084971 FTP needs TLS security 6319934 ftp server should support file transfer auditing 6630488 FTP manifest for SMF is incomplete and not arc compliant
components/proftpd/Makefile
components/proftpd/ManageFTP.html
components/proftpd/auth_service-network-ftpd
components/proftpd/ftp.xml
components/proftpd/ftprestart.sh
components/proftpd/mod_solaris_audit.c
components/proftpd/mod_solaris_priv.c
components/proftpd/patches/proftpd-configuration-html.patch
components/proftpd/patches/proftpd-error_code.patch
components/proftpd/patches/proftpd-pam.patch
components/proftpd/prof_service-network-ftpd
components/proftpd/proftpd.conf
components/proftpd/proftpd.license
components/proftpd/proftpd.p5m
components/proftpd/proftpd_migration.txt
components/proftpd/svc-ftp
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/Makefile	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,96 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+include ../../make-rules/shared-macros.mk
+
+COMPONENT_NAME=		proftpd
+COMPONENT_VERSION=	1.3.3
+COMPONENT_SUBVERSION=	e
+COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)$(COMPONENT_SUBVERSION)
+COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
+COMPONENT_ARCHIVE_HASH=	sha1:823e94c24447936ade6ae3948fe638077e0ba933
+COMPONENT_ARCHIVE_URL=	ftp://ftp.proftpd.org/distrib/source/$(COMPONENT_ARCHIVE)
+
+# mod_gss subcomponent
+COMPONENT_NAME_1=	mod_gss
+COMPONENT_VERSION_1=	$(COMPONENT_VERSION)
+COMPONENT_SRC_1=	$(COMPONENT_NAME_1)-$(COMPONENT_VERSION_1)
+COMPONENT_ARCHIVE_1=	$(COMPONENT_SRC_1).tar.gz
+COMPONENT_ARCHIVE_HASH_1= sha1:b17015a49e41ee643f1891940f9f3f8a7d77e522
+COMPONENT_ARCHIVE_URL_1= http://downloads.sourceforge.net/gssmod/$(COMPONENT_ARCHIVE_1)
+
+include ../../make-rules/prep.mk
+include ../../make-rules/configure.mk
+include ../../make-rules/ips.mk
+
+# IPS_COMPONENT_VERSION is by default set to $(COMPONENT_VERSION) but it is not
+# enough for us. We need to include the $(COMPONENT_SUBVERSION) somehow.
+# Because the IPS_COMPONENT_VERSION cannot contain letters we used '.0.5'
+# instead of 'e'.
+IPS_COMPONENT_VERSION=  $(COMPONENT_VERSION).0.5
+
+CONFIGURE_OPTIONS +=	CFLAGS="$(CFLAGS) -I/usr/include/kerberosv5 -DHAVE_KRB5_H=1 -DKRB5_DLLIMP="
+CONFIGURE_OPTIONS +=	LDFLAGS="-lbsm"
+CONFIGURE_OPTIONS +=	install_user=$(LOGNAME)
+CONFIGURE_OPTIONS +=	install_group=`groups | cut -f 1 -d ' '`
+CONFIGURE_OPTIONS +=	--sysconfdir=$(ETCDIR)
+CONFIGURE_OPTIONS +=	--localstatedir=/var/run
+CONFIGURE_OPTIONS +=	--libexecdir=$(USRLIBDIR)/proftpd
+CONFIGURE_OPTIONS +=	--enable-ipv6
+CONFIGURE_OPTIONS +=	--enable-ctrls
+CONFIGURE_OPTIONS +=	--enable-facl
+CONFIGURE_OPTIONS +=	--enable-nls
+CONFIGURE_OPTIONS +=	--enable-dso
+CONFIGURE_OPTIONS +=	--enable-openssl
+CONFIGURE_OPTIONS +=	--disable-static
+CONFIGURE_OPTIONS +=	--with-modules=mod_solaris_audit:mod_solaris_priv
+CONFIGURE_OPTIONS +=	--with-shared=mod_facl:mod_wrap:mod_tls:mod_auth_gss:mod_gss
+
+# Copy Solaris modules and GSSAPI modules to proftpd source tree
+COMPONENT_PRE_CONFIGURE_ACTION = \
+	($(CP) mod_solaris_audit.c $(SOURCE_DIR)/contrib ; \
+	$(CP) mod_solaris_priv.c $(SOURCE_DIR)/contrib ; \
+	cd $(BUILD_DIR) ; \
+	$(UNPACK) $(UNPACK_ARGS) ../$(COMPONENT_ARCHIVE_1) ; \
+	cd $(COMPONENT_SRC_1) ; \
+	./configure CC="$(CC)" CFLAGS="-I/usr/include/kerberosv5" ; \
+	$(CP) mod_gss.c mod_auth_gss.c $(SOURCE_DIR)/contrib ; \
+	$(CP) mod_gss.h $(SOURCE_DIR)/include ; \
+	$(CP) mod_gss.html $(SOURCE_DIR)/doc/contrib ; \
+	$(CLONEY) $(SOURCE_DIR) $(@D))
+
+# proftpd configure and build is not ready for run out of the source tree
+CONFIGURE_SCRIPT =	$(@D)/configure
+
+build:		$(BUILD_32)
+
+install:	$(INSTALL_32)
+
+test:		$(NO_TESTS)
+# libcheck and specific Perl Test::Unit version is required for full test
+
+BUILD_PKG_DEPENDENCIES =	$(BUILD_TOOLS)
+
+include ../../make-rules/depend.mk
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/ManageFTP.html	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,20 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<!--
+Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+-->
+<meta http-equiv="content-type" content="text/html;charset=iso-8859-1" />
+<title> </title>
+</head>
+<body>
+<p>
+When the Manage FTP Authorization is in the Authorizations Included column, it 
+grants permission to enable, disable or restart the FTP server.
+</p>
+<p>
+If the Manage FTP Authorization is grayed, then you are not entitled to Add or Remove this authorization.
+</p>
+</body>
+</html>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/auth_service-network-ftpd	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,1 @@
+solaris.smf.manage.ftp:::Manage FTP service states::help=ManageFTP.html
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/ftp.xml	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,117 @@
+<?xml version="1.0"?>
+<!--
+ Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+
+ CDDL HEADER START
+
+ The contents of this file are subject to the terms of the
+ Common Development and Distribution License (the "License").
+ You may not use this file except in compliance with the License.
+
+ You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ or http://www.opensolaris.org/os/licensing.
+ See the License for the specific language governing permissions
+ and limitations under the License.
+
+ When distributing Covered Code, include this CDDL HEADER in each
+ file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ If applicable, add the following below this CDDL HEADER, with the
+ fields enclosed by brackets "[]" replaced with your own identifying
+ information: Portions Copyright [yyyy] [name of copyright owner]
+
+ CDDL HEADER END
+
+ NOTE:  This service manifest is not editable; its contents will
+ be overwritten by package or patch operations, including
+ operating system upgrade.  Make customizations in a different
+ file.
+-->
+
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+
+<service_bundle type='manifest' name='network/ftp'>
+<service name='network/ftp' type='service' version='1'>
+	<create_default_instance enabled='false' />
+
+	<single_instance/>
+
+	<dependency name='net-loopback' grouping='require_any'
+			restart_on='none' type='service'>
+		<service_fmri value='svc:/network/loopback' />
+	</dependency>
+
+	<dependency name='net-service' grouping='require_all'
+			restart_on='none' type='service'>
+		<service_fmri value='svc:/network/service'/>
+	</dependency>
+
+	<dependency name='net-physical' grouping='require_all'
+			restart_on='none' type='service'>
+		<service_fmri value='svc:/network/physical' />
+	</dependency>
+
+	<dependency name='filesystem-local' grouping='require_all'
+			restart_on='none' type='service'>
+		<service_fmri value='svc:/system/filesystem/local' />
+	</dependency>
+
+	<exec_method
+		type='method'
+		name='start'
+		exec='/usr/lib/inet/proftpd'
+		timeout_seconds='60'>
+		<method_context>
+			<method_credential user='root' group='root' />
+		</method_context>
+	</exec_method>
+
+	<exec_method type='method'
+		name='stop'
+		exec=':kill'
+		timeout_seconds='60'>
+	</exec_method>
+
+	<property_group name='general' type='framework'>
+		<!-- manage FTP server state -->
+		<propval name='action_authorization' type='astring'
+		    value='solaris.smf.manage.ftp' />
+		<propval name='value_authorization' type='astring'
+		    value='solaris.smf.manage.ftp' />
+	</property_group>
+
+	<property_group name='startd' type='framework'>
+        	<propval name='duration' type='astring' value='contract'/>
+		<!-- sub-process core dumps shouldn't restart session -->
+		<propval name='ignore_error'
+		    type='astring' value='core,signal' />
+	</property_group>
+
+	<property_group name='firewall_context' type='com.sun,fw_definition'>
+		<propval name='ipf_method' type='astring'
+		    value='/lib/svc/method/svc-ftp ipfilter' />
+	</property_group>
+
+	<property_group name='firewall_config' type='com.sun,fw_configuration'>
+		<propval name='policy' type='astring' value='use_global' />
+		<propval name='apply_to' type='astring' value='' />
+		<propval name='exceptions' type='astring' value='' />
+		<propval name='value_authorization' type='astring'
+		    value='solaris.smf.value.firewall.config' />
+	</property_group>
+
+	<template>
+		<common_name>
+			<loctext xml:lang='C'>
+			FTP server
+			</loctext>      
+		</common_name>
+		<documentation>
+			<manpage title='proftpd' section='1M'
+			    manpath='/usr/share/man' />
+			<doc_link name='proftpd'
+			    uri='file://usr/share/doc/proftpd/' />
+		</documentation>
+	</template>
+</service>
+
+</service_bundle>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/ftprestart.sh	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,25 @@
+#!/sbin/sh
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+#
+
+/usr/sbin/ftpshut -R
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/mod_solaris_audit.c	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,1173 @@
+/*
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
+ *
+ * As a special exemption, copyright holders give permission to link
+ * this program with OpenSSL, and distribute the resulting executable,
+ * without including the source code for OpenSSL in the source distribution.
+ *
+ */
+
+#include "conf.h"
+#include <bsm/adt.h>
+#include <bsm/adt_event.h>
+#include <security/pam_appl.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <ucred.h>
+
+#ifndef ADT_ftpd
+#define ADT_ftpd	152
+#endif
+
+#ifndef ADT_ftpd_logout
+#define ADT_ftpd_logout	153
+#endif
+
+module solaris_audit_module;
+
+static adt_session_data_t *asession = NULL;
+
+static int auth_retval = PAM_AUTH_ERR;
+
+static void audit_autherr_ev(const void *event_data, void *user_data) {
+
+  switch (*(int *)event_data) {
+  case PR_AUTH_NOPWD:
+    auth_retval = PAM_USER_UNKNOWN;
+    break;
+  case PR_AUTH_AGEPWD:
+    auth_retval = PAM_CRED_EXPIRED;
+    break;
+  case PR_AUTH_DISABLEDPWD:
+    auth_retval = PAM_ACCT_EXPIRED;
+    break;
+  case PR_AUTH_CRED_INSUFF:
+    auth_retval = PAM_CRED_INSUFFICIENT;
+    break;
+  case PR_AUTH_CRED_UNAVAIL:
+    auth_retval = PAM_CRED_UNAVAIL;
+    break;
+  case PR_AUTH_CRED_ERR:
+    auth_retval = PAM_CRED_ERR;
+    break;
+  case PR_AUTH_UNAVAIL:
+    auth_retval = PAM_AUTHINFO_UNAVAIL;
+    break;
+  case PR_AUTH_MAXTRIES:
+    auth_retval = PAM_MAXTRIES;
+    break;
+  case PR_AUTH_INIT_FAIL:
+    auth_retval = PAM_SESSION_ERR;
+    break;
+  case PR_AUTH_NEWTOK:
+    auth_retval = PAM_NEW_AUTHTOK_REQD;
+    break;
+  case PR_AUTH_OPEN_ERR:
+    auth_retval = PAM_OPEN_ERR;
+    break;
+  case PR_AUTH_SYMBOL_ERR:
+    auth_retval = PAM_SYMBOL_ERR;
+    break;
+  case PR_AUTH_SERVICE_ERR:
+    auth_retval = PAM_SERVICE_ERR;
+    break;
+  case PR_AUTH_SYSTEM_ERR:
+    auth_retval = PAM_SYSTEM_ERR;
+    break;
+  case PR_AUTH_BUF_ERR:
+    auth_retval = PAM_BUF_ERR;
+    break;
+  case PR_AUTH_CONV_ERR:
+    auth_retval = PAM_CONV_ERR;
+    break;
+  case PR_AUTH_PERM_DENIED:
+    auth_retval = PAM_PERM_DENIED;
+    break;
+  default: /* PR_AUTH_BADPWD */
+    auth_retval = PAM_AUTH_ERR;
+    break;
+  }
+
+}
+
+static void audit_failure(pool *p, char *authuser) {
+  adt_event_data_t *event = NULL;
+  const char *how;
+  int saved_errno = 0;
+  struct passwd pwd;
+  char *pwdbuf = NULL;
+  size_t pwdbuf_len;
+  long pwdbuf_len_max;
+  uid_t uid = ADT_NO_ATTRIB;
+  gid_t gid = ADT_NO_ATTRIB;
+
+  if ((pwdbuf_len_max = sysconf(_SC_GETPW_R_SIZE_MAX)) == -1) {
+    saved_errno = errno;
+    how = "couldn't determine maximum size of password buffer";
+    goto fail;
+  }
+
+  pwdbuf_len = (size_t)pwdbuf_len_max;
+  pwdbuf = pcalloc(p, pwdbuf_len);
+
+  if (adt_start_session(&asession, NULL, ADT_USE_PROC_DATA) != 0) {
+    saved_errno = errno;
+    how = "couldn't start adt session";
+    goto fail;
+  }
+
+  if ((authuser != NULL) && (authuser[0] != NULL) &&
+    (getpwnam_r(authuser, &pwd, pwdbuf, pwdbuf_len) != NULL)) {
+    uid = pwd.pw_uid;
+    gid = pwd.pw_gid;
+  } 
+
+  if (adt_set_user(asession, uid, gid, uid, gid, NULL, ADT_NEW) != 0) {
+    saved_errno = errno;
+    how = "couldn't set adt user";
+    goto fail;
+  }
+
+  if ((event = adt_alloc_event(asession, ADT_ftpd)) == NULL) {
+    saved_errno = errno;
+    how = "couldn't allocate adt event";
+    goto fail;
+  }
+
+  if (adt_put_event(event, ADT_FAILURE, ADT_FAIL_PAM + auth_retval) != 0) {
+    saved_errno = errno;
+    how = "couldn't put adt event";
+    goto fail;
+  }
+
+  adt_free_event(event);
+  (void) adt_end_session(asession);
+  asession = NULL;
+  return;
+
+fail:
+  pr_log_pri(PR_LOG_ERR, "Auditing of login failed: %s (%s)", how,
+    strerror(saved_errno));
+
+  adt_free_event(event);
+  (void) adt_end_session(asession);
+  asession = NULL;
+}
+
+static void audit_success(void) {
+  adt_event_data_t *event = NULL;
+  const char *how;
+  int saved_errno = 0;
+
+  if (adt_start_session(&asession, NULL, ADT_USE_PROC_DATA) != 0) {
+    saved_errno = errno;
+    how = "couldn't start adt session";
+    goto fail;
+  }
+
+  if ((event = adt_alloc_event(asession, ADT_ftpd)) == NULL) {
+    saved_errno = errno;
+    how = "couldn't allocate adt event";
+    goto fail;
+  }
+
+  if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
+    saved_errno = errno;
+    how = "couldn't put adt event";
+    goto fail;
+  }
+
+  adt_free_event(event);
+
+  /* Don't end adt session - leave for when logging out. */
+  return;
+
+fail:
+  pr_log_pri(PR_LOG_ERR, "Auditing of login failed: %s (%s)", how,
+    strerror(saved_errno));
+
+  adt_free_event(event);
+
+  /* Don't end adt session - leave for when logging out. */
+
+}
+
+static void audit_logout(void) {
+  adt_event_data_t *event = NULL;
+  const char *how;
+  int saved_errno = 0;
+
+  /* If audit session was not created during login then leave */
+  if (asession == NULL)
+    return;
+
+  if ((event = adt_alloc_event(asession, ADT_ftpd_logout)) == NULL) {
+    saved_errno = errno;
+    how = "couldn't allocate adt event";
+    goto fail;
+  }
+
+  if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) {
+    saved_errno = errno;
+    how = "couldn't put adt event";
+    goto fail;
+  }
+
+  adt_free_event(event);
+  (void) adt_end_session(asession);
+  asession = NULL;
+  return;
+
+fail:
+  pr_log_pri(PR_LOG_ERR, "Auditing of logout failed: %s (%s)", how,
+    strerror(saved_errno));
+
+  adt_free_event(event);
+  (void) adt_end_session(asession);
+  asession = NULL;
+}
+
+/* Logout */
+static void audit_exit_ev(const void *event_data, void *user_data) {
+  audit_logout();
+}
+
+/* Login passed */
+MODRET solaris_audit_post_pass(cmd_rec *cmd) {
+
+  audit_success();
+
+  /* Set handler for logout/timeout */
+  pr_event_register(&solaris_audit_module, "core.exit", audit_exit_ev, NULL);
+
+  return PR_DECLINED(cmd);
+}
+
+/* Login failed */
+MODRET solaris_audit_post_fail(cmd_rec *cmd) {
+  char *login_user;
+
+  login_user = pr_table_get(session.notes, "mod_auth.orig-user", NULL);
+
+  audit_failure(cmd->tmp_pool, login_user);
+  return PR_DECLINED(cmd);
+}
+
+static int audit_sess_init(void) {
+  adt_session_data_t *aht;
+  adt_termid_t *termid;
+  priv_set_t *privset;
+  int rval = -1;					
+
+  /* add privs for audit init */
+  if ((privset = priv_allocset()) == NULL) {
+    pr_log_pri(PR_LOG_ERR, "Auditing privilege initialization failed");
+    return rval;
+  }
+  (void) getppriv(PRIV_EFFECTIVE, privset);
+  priv_addset(privset, PRIV_SYS_AUDIT);
+  (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, privset);
+
+  /* basic terminal id setup */
+  if (adt_start_session(&aht, NULL, 0) != 0) {
+    pr_log_pri(PR_LOG_ERR, "pam adt_start_session: %s", strerror(errno));
+    goto out;
+  }
+  if (adt_load_termid(session.c->rfd, &termid) != 0) {
+    pr_log_pri(PR_LOG_ERR, "adt_load_termid: %s", strerror(errno));
+    (void) adt_end_session(aht);
+    goto out;
+  }
+
+  if (adt_set_user(aht, ADT_NO_AUDIT, ADT_NO_AUDIT, 0, ADT_NO_AUDIT, termid,
+    ADT_SETTID) != 0) {
+    pr_log_pri(PR_LOG_ERR, "adt_set_user: %", strerror(errno));
+    free(termid);
+    (void) adt_end_session(aht);
+    goto out;
+  }
+  free(termid);
+  if (adt_set_proc(aht) != 0) {
+    pr_log_pri(PR_LOG_ERR, "adt_set_proc: %", strerror(errno));
+    (void) adt_end_session(aht);
+    goto out;
+  }
+  (void) adt_end_session(aht);
+
+  /* Set handler for authentication error */
+  pr_event_register(&solaris_audit_module, "mod_auth.authentication-code",
+    audit_autherr_ev, NULL);
+
+  rval = 0;
+
+out:
+
+  /* remove unneeded privileges */
+  priv_delset(privset, PRIV_SYS_AUDIT);
+  (void) setppriv(PRIV_SET, PRIV_EFFECTIVE, privset);
+  (void) setpflags(PRIV_AWARE_RESET, 1);
+  priv_freeset(privset);
+
+  return rval;
+}
+
+#define EVENT_KEY       "event"
+
+/* Helper functions and global variables
+ * for the file transfer command handlers.
+ * {
+ */
+
+static char src_realpath[PATH_MAX];
+static char dst_realpath[PATH_MAX];
+
+
+/*
+ * If an error occurs in any of the file transfer handlers,
+ * and the handler wants to return PR_ERROR(cmd), then it is necessary
+ * to send some FTP error message to user. This is in order to prevent
+ * a hang-up of the user's ftp client.
+ *
+ * This function sends the 451 error message to the user.
+ * It is only called in the "pre-" handlers. When a "pre-" handler
+ * returns PR_ERROR(cmd), then the corresponding "post_err-"
+ * handler is also called. Therefore it can happen that an error condition
+ * (such as no memory) can be logged (with the pr_log_pri() routine) twice.
+ * Once in the "pre-" handler, and once in the "post_err-" handler.
+ */
+static void error_451(void)
+{
+  pr_response_add_err(R_451,
+    "Requested action aborted: local error in processing.\n");
+}
+
+/*
+ * Allocate resources to process a command outcome.
+ *
+ * All file transfer command handlers need to allocate adt_event_data_t
+ * structure and also make a copy of the command argument.
+ * This function does both. If it can't, it logs an error and returns NULL.
+ * On success, it returns the pointer (event) to the allocated adt_event_data_t
+ * structure.
+ *
+ * If arg2 is not NULL, it makes a copy of the first (and only) command
+ * argument (using the memory pool "pool" from "cmd") and stores it to *arg2.
+ * There must be always exactly one command argument, otherwise it is an error.
+ *
+ * On success, the pointer to the created event structure is stored
+ * into cmd under "notes" variable, so that it is accessible
+ * by the subsequent corresponding "post-" or "post_err-" command handler.
+ */
+adt_event_data_t* __solaris_audit_pre_arg2(
+    cmd_rec *cmd, const char* description, int event_type, char **arg2) {
+
+  adt_event_data_t *event = NULL;
+  const char *how = "";
+  char *tmp = NULL;
+
+  /* The ftp server code will save errno into this variable
+   * in case an error happens, and there is a valid errno for it.
+   */
+  cmd->error_code = ADT_FAILURE;
+
+  if (cmd->argc != 2) {
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s failed: %s",
+      description, "bad arguments");
+    goto err;
+  }
+
+  if (arg2 != NULL) {
+    *arg2 = NULL;
+
+    if ((tmp = pstrdup(cmd->pool, cmd->argv[1])) == NULL) {
+      how = "no memory";
+      pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+        description, cmd->argv[1], how);
+      goto err;
+    }
+    *arg2 = tmp;
+  }
+
+  if (cmd->notes == NULL ) {
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+      description, cmd->argv[1], "API error, notes is NULL");
+    goto err;
+  }
+
+  if ((event = adt_alloc_event(asession, event_type)) == NULL) {
+    how = "couldn't allocate adt event";
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s(%s)",
+      description, cmd->argv[1], how, strerror(errno));
+    goto err;
+  }
+
+  if (pr_table_add(cmd->notes, EVENT_KEY, event, sizeof(*event))==-1) {
+    how = "pr_table_add() failed";
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+      description, cmd->argv[1], how);
+    adt_free_event(event);
+    goto err;
+  }
+  
+  return event;
+
+err:
+  return NULL;
+}
+
+/*
+ * This function implements logic that is common to most "post-"
+ * and "post_err-" file transfer command handlers.
+ *
+ * It retrieves the pointer (event) to the adt_event_data_t structure
+ * from "cmd->notes" and logs it. This structure has been created by the
+ * __solaris_audit_pre_arg2() function.
+ * 
+ * Some audit event structures contain an optional *_stat member.
+ * If "fill_attr" is not NULL, it is called to fill in this member,
+ * before the audit event is logged.
+ *
+ * This function always returns PR_DECLINED, even if it failed
+ * to log the audit event. The reason is that it is called in the
+ * "post-" file transfer command handlers, which means that the command
+ * has been already successfully executed by the ftp server.
+ */
+MODRET __solaris_audit_post(cmd_rec *cmd,
+  const char* description, int exit_status, int __unused,
+  const char* (*fill_event)(cmd_rec *cmd, adt_event_data_t *event))
+{
+  adt_event_data_t *event = NULL;
+  const char* how = "";
+  const char* msg = NULL;
+  size_t size = 0;
+  int exit_error = cmd->error_code;
+
+  event = (adt_event_data_t*)pr_table_remove(cmd->notes, EVENT_KEY, &size);
+  if (event == NULL) {
+    how = "event is NULL";
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s failed: %s", description, how);
+    goto out;
+  }
+
+  if (size != sizeof(*event)) {
+    how = "bad event size";
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s failed: %s", description, how);
+    goto out;
+  }
+
+  if (fill_event != NULL) {
+    msg = fill_event(cmd, event);
+    if (msg != NULL) {
+      pr_log_pri(PR_LOG_ERR, "Auditing of %s failed: %s", description, msg);
+      goto out;
+    }
+  }
+
+  /* It can happen, that the ftp command succeeds but only to some degree.
+   * In such case, the exit_error might contain the errno number
+   * of the failure.
+   */
+  if (exit_status == ADT_SUCCESS) {
+    if (exit_error == ADT_FAILURE)
+      exit_error = ADT_SUCCESS;
+  }
+
+  if (adt_put_event(event, exit_status, exit_error) != 0) {
+    how = "couldn't put adt event";
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s failed: %s (%s)",
+      description, how, strerror(errno));
+  }
+
+  adt_free_event(event);
+
+out:
+  return PR_DECLINED(cmd);
+}
+
+/*
+ * This is a generic function to fill in the given "stat" member
+ * of some audit event structure. The path and the member are specified
+ * by the caller. The pointer to cmd is supplied, because the stat64
+ * structure has to be allocated (the "stat" member is a pointer).
+ *
+ * The function returns NULL on success.
+ * In case of an error, it returns a descriptive message.
+ * This message is used by the caller to log an error.
+ *
+ * For some file transfer commands, the "stat" member is filled in
+ * the "pre-" handler (because the file is expected to exist prior
+ * to the execution of the command). For other file transfer commands,
+ * the "stat" member is filled in the "post-" handler (because
+ * the file is expected _not_ to exist prior to the execution of the command,
+ * but to exist after the command execution).
+ */
+static const char* __fill_attr
+(
+  cmd_rec *cmd, const char* path, adt_stat_t **ret)
+{
+  struct stat64 *ptr;
+  int err;
+
+  if (ret == NULL)
+    return "NULL pointer";
+
+  *ret = NULL;
+
+  ptr = palloc(cmd->pool, sizeof(*ptr));
+  if (ptr == NULL)
+    return "no memory";
+
+  err = stat64(path, ptr);
+  if (err == -1)
+    return "stat64() failed";
+
+  *ret = ptr;
+  return NULL;
+}
+/* } */
+
+
+/* Delete file. { */
+static const char* dele_fill_attr(cmd_rec *cmd, adt_event_data_t *event) {
+  return __fill_attr(
+    cmd, event->adt_ft_remove.f_path, &(event->adt_ft_remove.f_attr)
+  );
+}
+
+MODRET solaris_audit_pre_dele(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+  char* rp = NULL;
+
+  event = __solaris_audit_pre_arg2(cmd, "remove", ADT_ft_remove, &ptr);
+  if (event == NULL) {
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  rp = realpath(ptr, src_realpath);
+  if (rp == NULL) {
+    if (errno != ENOENT) {
+      pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+        "remove", ptr, "realpath() failed");
+      cmd->error_code = errno;
+      error_451();
+      return PR_ERROR(cmd);
+    }
+    /* If rp is NULL and errno is ENOENT, it means that 
+     * the file to be deleted does not exist. In this case,
+     * the post_dele_err callback will be called to log this.
+     */
+  }
+
+  if (rp != NULL)
+    ptr = rp;    
+
+  event->adt_ft_remove.f_path = ptr;
+  (void) dele_fill_attr(cmd, event);
+
+  return PR_DECLINED(cmd);
+}
+
+MODRET solaris_audit_post_dele(cmd_rec *cmd) {
+  return __solaris_audit_post(
+    cmd, "remove", ADT_SUCCESS, ADT_SUCCESS, NULL);
+}
+
+MODRET solaris_audit_post_dele_err(cmd_rec *cmd) {
+  return __solaris_audit_post(cmd, "remove", ADT_FAILURE, ADT_FAILURE, NULL);
+}
+/* } */
+
+
+/* Make directory. { */
+MODRET solaris_audit_pre_mkd(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+
+  event = __solaris_audit_pre_arg2(cmd, "mkdir", ADT_ft_mkdir, &ptr);
+  if (event == NULL) {
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  event->adt_ft_mkdir.d_path = ptr;
+  event->adt_ft_mkdir.d_attr = NULL;
+
+  /* Value 0777 is hardcoded in the ftp server. */
+  event->adt_ft_mkdir.arg = 0777;
+  event->adt_ft_mkdir.arg_id = 2;
+  event->adt_ft_mkdir.arg_desc = "mode";
+
+  return PR_DECLINED(cmd);
+}
+
+static const char* mkd_fill_event(cmd_rec *cmd, adt_event_data_t *event) {
+  char *rp = NULL;
+
+  rp = realpath(event->adt_ft_mkdir.d_path, src_realpath);
+  if (rp == NULL) {
+    cmd->error_code = errno;
+    return "realpath() failed";
+  }
+
+  event->adt_ft_mkdir.d_path = rp;
+  return __fill_attr(
+    cmd, event->adt_ft_mkdir.d_path, &(event->adt_ft_mkdir.d_attr)
+  );
+}
+
+static const char* mkd_fill_event_err(cmd_rec *cmd, adt_event_data_t *event) {
+  char *rp = NULL;
+
+  rp = realpath(event->adt_ft_mkdir.d_path, src_realpath);
+  if (rp != NULL) {
+    event->adt_ft_mkdir.d_path = rp;
+    (void) __fill_attr(
+      cmd, event->adt_ft_mkdir.d_path, &(event->adt_ft_mkdir.d_attr)); 
+  }
+
+  return NULL;
+}
+
+MODRET solaris_audit_post_mkd(cmd_rec *cmd) {
+  return __solaris_audit_post(
+    cmd, "mkdir", ADT_SUCCESS, ADT_SUCCESS, mkd_fill_event);
+}
+
+MODRET solaris_audit_post_mkd_err(cmd_rec *cmd) {
+  return __solaris_audit_post(
+    cmd, "mkdir", ADT_FAILURE, ADT_FAILURE, mkd_fill_event_err);
+}
+/* } */
+
+/* Remove directory. { */
+static const char* rmd_fill_attr(cmd_rec *cmd, adt_event_data_t *event) {
+  return __fill_attr(
+    cmd, event->adt_ft_rmdir.f_path, &(event->adt_ft_rmdir.f_attr)
+  );
+}
+
+MODRET solaris_audit_pre_rmd(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+  char* rp = NULL;
+ 
+  event = __solaris_audit_pre_arg2(cmd, "rmdir", ADT_ft_rmdir, &ptr);
+  if (event == NULL) {
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  rp = realpath(ptr, src_realpath);
+  if (rp == NULL) {
+    if (errno != ENOENT) {
+      cmd->error_code = errno;
+      pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+        "rmdir", ptr, "realpath() failed");
+      error_451();
+      return PR_ERROR(cmd);
+    }
+  }
+
+  if (rp != NULL)
+    ptr = rp;
+
+  event->adt_ft_rmdir.f_path = ptr;
+  (void) rmd_fill_attr(cmd, event);
+
+  return PR_DECLINED(cmd);
+}
+
+MODRET solaris_audit_post_rmd(cmd_rec *cmd) {
+  return __solaris_audit_post(cmd, "rmdir", ADT_SUCCESS, ADT_SUCCESS, NULL);
+}
+
+MODRET solaris_audit_post_rmd_err(cmd_rec *cmd) {
+  return __solaris_audit_post(cmd, "rmdir", ADT_FAILURE, ADT_FAILURE, NULL);
+}
+/* } */
+
+/* Get modification time and date. { */
+MODRET solaris_audit_pre_mdtm(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+  char* rp = NULL;
+  
+  event = __solaris_audit_pre_arg2(cmd, "utimes", ADT_ft_utimes, &ptr);
+  if (event == NULL) {
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  rp = realpath(ptr, src_realpath);
+  if (rp == NULL) {
+    if (errno != ENOENT) {
+      cmd->error_code = errno;
+      pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+        "utimes", ptr, "realpath() failed");
+      error_451();
+      return PR_ERROR(cmd);
+    }
+  }
+
+  if (rp != NULL)
+    ptr = rp;
+
+  event->adt_ft_utimes.f_path = ptr;
+  event->adt_ft_utimes.f_attr = NULL;
+
+  return PR_DECLINED(cmd);
+}
+
+static const char* mdtm_fill_attr(cmd_rec *cmd, adt_event_data_t *event) {
+  return __fill_attr(
+    cmd, event->adt_ft_utimes.f_path, &(event->adt_ft_utimes.f_attr)
+  );
+}
+
+MODRET solaris_audit_post_mdtm(cmd_rec *cmd) {
+  return __solaris_audit_post(
+    cmd, "utimes", ADT_SUCCESS, ADT_SUCCESS, mdtm_fill_attr);
+}
+
+MODRET solaris_audit_post_mdtm_err(cmd_rec *cmd) {
+  return __solaris_audit_post(cmd, "utimes", ADT_FAILURE, ADT_FAILURE, NULL);
+}
+/* } */
+
+/* Upload file. { */
+MODRET solaris_audit_pre_put(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+  
+  event = __solaris_audit_pre_arg2(cmd, "put", ADT_ft_put, &ptr);
+  if (event == NULL) {
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  event->adt_ft_put.f_path = ptr;
+  event->adt_ft_put.f_attr = NULL;
+
+  return PR_DECLINED(cmd);
+}
+
+static const char* put_fill_event(cmd_rec *cmd, adt_event_data_t *event) {
+  char *rp = NULL;
+
+  rp = realpath(event->adt_ft_put.f_path, src_realpath);
+  if (rp == NULL) {
+    cmd->error_code = errno;
+    return "realpath() failed";
+  }
+
+  event->adt_ft_put.f_path = rp;
+  return __fill_attr(
+    cmd, event->adt_ft_put.f_path, &(event->adt_ft_put.f_attr)
+  );
+}
+
+MODRET solaris_audit_post_put(cmd_rec *cmd) {
+  return __solaris_audit_post(
+    cmd, "put", ADT_SUCCESS, ADT_SUCCESS, put_fill_event);
+}
+
+MODRET solaris_audit_post_put_err(cmd_rec *cmd) {
+  return __solaris_audit_post(cmd, "put", ADT_FAILURE, ADT_FAILURE, NULL);
+}
+/* } */
+
+/* Download file. { */
+MODRET solaris_audit_pre_get(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+  char* rp = NULL;
+  
+  event = __solaris_audit_pre_arg2(cmd, "get", ADT_ft_get, &ptr);
+  if (event == NULL) {
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  rp = realpath(ptr, src_realpath);
+  if (rp == NULL) {
+    if (errno != ENOENT) {
+      cmd->error_code = errno;
+      pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+        "get", ptr, "realpath() failed");
+      error_451();
+      return PR_ERROR(cmd);
+    }
+  }
+
+  if (rp != NULL)
+    ptr = rp;
+
+  event->adt_ft_get.f_path = ptr;
+  event->adt_ft_get.f_attr = NULL;
+
+  return PR_DECLINED(cmd);
+}
+
+static const char* get_fill_attr(cmd_rec *cmd, adt_event_data_t *event) {
+  return __fill_attr(
+    cmd, event->adt_ft_get.f_path, &(event->adt_ft_get.f_attr)
+  );
+}
+
+MODRET solaris_audit_post_get(cmd_rec *cmd) {
+  return __solaris_audit_post(
+    cmd, "get", ADT_SUCCESS, ADT_SUCCESS, get_fill_attr);
+}
+
+MODRET solaris_audit_post_get_err(cmd_rec *cmd) {
+  return __solaris_audit_post(cmd, "get", ADT_FAILURE, ADT_FAILURE, NULL);
+}
+/* } */
+
+/* Rename file. { */
+/*
+ * The rename file implementation uses malloc()/free(),
+ * which the ProFTP module interface prohibits. I do not see another way.
+ * 
+ * Any memory allocation method provided by the ProFTP API uses a memory pool.
+ * To avoid malloc()/free() a persistent memory pool is needed.
+ */
+
+/*
+ * To successfully log the rename audit event, a cooperation
+ * of RNFR and RNTO command handlers is necessary.
+ * The RNFR command specifies the source file name,
+ * and the RNTO command specifies the destination file name.
+ * 
+ * The RNFR command handlers save the source file in the "src_path"
+ * variable, so that it is available to the RNTO command handler,
+ * which logs the audit event.
+ */
+static char* src_path = NULL;
+
+/* RNFR. { */
+static void __solaris_audit_rnfr_err(cmd_rec *cmd)
+{
+  adt_event_data_t *event = NULL;
+
+  if (src_path == NULL)
+    return;
+
+  event = __solaris_audit_pre_arg2(cmd, "RNFR", ADT_ft_rename, NULL);
+  if (event == NULL) {
+    error_451();
+    goto out;
+  }
+
+  event->adt_ft_rename.src_path = src_path;
+  event->adt_ft_rename.src_attr = NULL;
+  event->adt_ft_rename.dst_path = NULL;
+
+  (void) __solaris_audit_post(cmd, "RNFR", ADT_FAILURE, ADT_FAILURE, NULL);
+
+out:
+  free(src_path);
+  src_path = NULL;
+}
+
+MODRET solaris_audit_pre_rnfr(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  char* ptr = NULL;
+
+  /*
+   * If src_path is not NULL, it means that this RNFR command immediatelly
+   * follows a successfull RNFR command not terminated with a RNTO command.
+   * In such case, log an audit error for this unterminated RNFR command,
+   * and then continue normally.
+   *
+   * A correctly working ftp client can not cause this situation to happen.
+   * But this situation can be created, for instance, by manually sending
+   * commands to the ftp server with a telnet client.
+   */
+  if (src_path != NULL)
+    __solaris_audit_rnfr_err(cmd);
+
+  /*
+   * Prepare the audit event structure and remember the new src_path.
+   * This audit event structure will be used, if the RNFR command fails.
+   * It will be unused, if it succeeds.
+   */
+  event = __solaris_audit_pre_arg2(cmd, "get", ADT_ft_rename, &ptr);
+  if (event == NULL)
+    goto err;
+
+  event->adt_ft_rename.src_path = ptr;
+  event->adt_ft_rename.src_attr = NULL;
+  event->adt_ft_rename.dst_path = "";
+
+  src_path = strdup(cmd->argv[1]);
+  if (src_path == NULL) {
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+      "RNFR", ptr, "no memory");
+    goto err;
+  }
+
+  return PR_DECLINED(cmd);
+err:
+  return PR_ERROR(cmd);
+}
+
+/*
+ * On success, the RNFR command handlers do not log any audit event.
+ * A success means that a rename command is in progress and that
+ * the immediatelly following command is to be RNTO. 
+ */
+MODRET solaris_audit_post_rnfr(cmd_rec *cmd) {
+
+  char *ptr;
+
+  ptr = realpath(src_path, src_realpath);
+  if (ptr == NULL) {
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s) failed: %s",
+      "RNFR", src_path, "realpath() failed");
+    error_451();
+    return PR_ERROR(cmd);
+  }
+
+  /*
+   * The argument to RNFR command is saved in src_path.
+   * It will be used in the subsequent RNTO command, or RNFR command.
+   */
+  return PR_DECLINED(cmd);
+}
+
+/* It can happen, that RNFR command fails, but the source path exists.
+ * Therefore make an attempt to resolve its realpath before doing
+ * the audit log.
+ *
+ * Even if the realpath() call fails, the src_path contents are still
+ * copied to src_realpath buffer. This makes them available to the RNTO
+ * command handlers.
+ */
+static const char* rnfr_err_fill_event(cmd_rec *cmd, adt_event_data_t *event) {
+  char *ptr = NULL;
+
+  if (src_path != NULL) {
+    ptr = realpath(src_path, src_realpath);
+    if (ptr != NULL)
+      event->adt_ft_rename.src_path = ptr;
+  }
+
+  return NULL;
+}
+
+/*
+ * On error, an audit event is logged, specifying that a rename
+ * command failed. The destination path in the audit event structure
+ * is empty, simply because the corresponding RNTO command did not yet
+ * happen, and it is not suppossed to happen.
+ */
+MODRET solaris_audit_post_rnfr_err(cmd_rec *cmd) {
+  MODRET ret;
+
+  ret = __solaris_audit_post(cmd, "RNFR", ADT_FAILURE, ADT_FAILURE,
+    rnfr_err_fill_event);
+
+  free(src_path);
+  src_path = NULL;
+
+  return ret;
+}
+/* } RNFR. */
+
+/* RNTO. { */
+static const char* rnto_fill_attr(cmd_rec *cmd, adt_event_data_t *event) {
+  return __fill_attr(
+    cmd, event->adt_ft_rename.src_path, &(event->adt_ft_rename.src_attr)
+  );
+}
+
+MODRET solaris_audit_pre_rnto(cmd_rec *cmd) {
+  adt_event_data_t *event = NULL;
+  const char* msg = NULL;
+  char* ptr = NULL;
+
+  event = __solaris_audit_pre_arg2(cmd, "get", ADT_ft_rename, &ptr);
+  if (event == NULL)
+    goto err;
+
+  /*
+   * If src_path is NULL, this means that there is no previous
+   * successfull RNFR command. The ftp server should know about this
+   * and terminate this RNTO command with an error (call the error callback).
+   */
+  event->adt_ft_rename.src_path = (src_path)?src_path:"";
+  event->adt_ft_rename.dst_path = ptr;
+
+  /*
+   * If the code executes here, it means that there is a successfully finished
+   * RNFR command immediatelly before us, which means that the src_path exists,
+   * and it should be therefore possible to get its status.
+   */
+  msg = rnto_fill_attr(cmd, event);  
+  if (msg != NULL) {
+    pr_log_pri(PR_LOG_ERR, "Auditing of %s(%s,%s) failed: %s",
+      "RNTO", event->adt_ft_rename.src_path, ptr, msg);
+    goto err;
+  }
+
+  return PR_DECLINED(cmd);
+
+err:
+  error_451();
+  return PR_ERROR(cmd);
+}
+
+static const char* rnto_fill_event(cmd_rec *cmd, adt_event_data_t *event) {
+  char *ptr;
+
+  ptr = realpath(event->adt_ft_rename.dst_path, dst_realpath);
+  if (ptr == NULL) {
+    return "realpath() failed";
+  }
+
+  event->adt_ft_rename.src_path = src_realpath;
+  event->adt_ft_rename.dst_path = dst_realpath;
+
+  return NULL;
+}
+
+MODRET solaris_audit_post_rnto(cmd_rec *cmd) {
+   MODRET retval;
+
+  /* NULL means that there is no preceeding successfull RNFR command. */
+  if (src_path == NULL)
+    return PR_ERROR(cmd);
+
+  retval = __solaris_audit_post(cmd, "RNTO", ADT_SUCCESS, ADT_SUCCESS,
+    rnto_fill_event);
+  
+  free(src_path);
+  src_path = NULL;
+
+  return retval;
+}
+
+/* It can happen, that RNTO command fails, but the destination path exists.
+ * Therefore make an attempt to resolve its realpath before doing
+ * the audit log.
+ */
+static const char* rnto_err_fill_event(cmd_rec *cmd, adt_event_data_t *event) {
+
+  (void) realpath(event->adt_ft_rename.dst_path, dst_realpath);
+  event->adt_ft_rename.src_path = src_realpath;
+  event->adt_ft_rename.dst_path = dst_realpath;
+
+  return NULL;
+}
+
+MODRET solaris_audit_post_rnto_err(cmd_rec *cmd) {
+  MODRET retval;
+  retval = __solaris_audit_post(cmd, "RNTO", ADT_FAILURE, ADT_FAILURE,
+    rnto_err_fill_event);
+  if (src_path != NULL) {
+    free(src_path);
+    src_path = NULL;
+  }
+  return retval;
+}
+/* } RNTO. */
+
+static cmdtable solaris_audit_commands[] = {
+    /* Login, logout. */
+    { POST_CMD, C_PASS, G_NONE, solaris_audit_post_pass, FALSE, FALSE },
+    { POST_CMD_ERR, C_PASS, G_NONE, solaris_audit_post_fail, FALSE, FALSE },
+
+    /* Delete file. */
+    { PRE_CMD, C_DELE, G_NONE, solaris_audit_pre_dele, FALSE, FALSE },
+    { POST_CMD, C_DELE, G_NONE, solaris_audit_post_dele, FALSE, FALSE },
+    { POST_CMD_ERR, C_DELE, G_NONE, solaris_audit_post_dele_err,
+        FALSE, FALSE },
+
+    /* Make directory. */
+    { PRE_CMD, C_MKD, G_NONE, solaris_audit_pre_mkd, FALSE, FALSE },
+    { POST_CMD, C_MKD, G_NONE, solaris_audit_post_mkd, FALSE, FALSE },
+    { POST_CMD_ERR, C_MKD, G_NONE, solaris_audit_post_mkd_err,
+        FALSE, FALSE },
+
+    /* Remove directory. */
+    { PRE_CMD, C_RMD, G_NONE, solaris_audit_pre_rmd, FALSE, FALSE },
+    { POST_CMD, C_RMD, G_NONE, solaris_audit_post_rmd, FALSE, FALSE },
+    { POST_CMD_ERR, C_RMD, G_NONE, solaris_audit_post_rmd_err,
+        FALSE, FALSE },
+
+    { PRE_CMD, C_XRMD, G_NONE, solaris_audit_pre_rmd, FALSE, FALSE },
+    { POST_CMD, C_XRMD, G_NONE, solaris_audit_post_rmd, FALSE, FALSE },
+    { POST_CMD_ERR, C_XRMD, G_NONE, solaris_audit_post_rmd_err,
+        FALSE, FALSE },
+
+    /* Get modification time. */
+    { PRE_CMD, C_MDTM, G_NONE, solaris_audit_pre_mdtm, FALSE, FALSE },
+    { POST_CMD, C_MDTM, G_NONE, solaris_audit_post_mdtm, FALSE, FALSE },
+    { POST_CMD_ERR, C_MDTM, G_NONE, solaris_audit_post_mdtm_err,
+        FALSE, FALSE },
+
+    /* Upload file. */
+    { PRE_CMD, C_STOR, G_WRITE, solaris_audit_pre_put, FALSE, FALSE },
+    { POST_CMD, C_STOR, G_WRITE, solaris_audit_post_put, FALSE, FALSE },
+    { POST_CMD_ERR, C_STOR, G_WRITE, solaris_audit_post_put_err,
+        FALSE, FALSE },
+
+    { PRE_CMD, C_STOU, G_WRITE, solaris_audit_pre_put, FALSE, FALSE },
+    { POST_CMD, C_STOU, G_WRITE, solaris_audit_post_put, FALSE, FALSE },
+    { POST_CMD_ERR, C_STOU, G_WRITE, solaris_audit_post_put_err,
+        FALSE, FALSE },
+
+    { PRE_CMD, C_APPE, G_WRITE, solaris_audit_pre_put, FALSE, FALSE },
+    { POST_CMD, C_APPE, G_WRITE, solaris_audit_post_put, FALSE, FALSE },
+    { POST_CMD_ERR, C_APPE, G_WRITE, solaris_audit_post_put_err,
+        FALSE, FALSE },
+
+    /* Download file. */
+    { PRE_CMD, C_RETR, G_READ, solaris_audit_pre_get, FALSE, FALSE },
+    { POST_CMD, C_RETR, G_READ, solaris_audit_post_get, FALSE, FALSE },
+    { POST_CMD_ERR, C_RETR, G_READ, solaris_audit_post_get_err,
+        FALSE, FALSE },
+
+    /* Rename file. */
+    { PRE_CMD, C_RNFR, G_NONE, solaris_audit_pre_rnfr, FALSE, FALSE },
+    { POST_CMD, C_RNFR, G_NONE, solaris_audit_post_rnfr, FALSE, FALSE },
+    { POST_CMD_ERR, C_RNFR, G_NONE, solaris_audit_post_rnfr_err,
+        FALSE, FALSE },
+
+    { PRE_CMD, C_RNTO, G_NONE, solaris_audit_pre_rnto, FALSE, FALSE },
+    { POST_CMD, C_RNTO, G_NONE, solaris_audit_post_rnto, FALSE, FALSE },
+    { POST_CMD_ERR, C_RNTO, G_NONE, solaris_audit_post_rnto_err,
+        FALSE, FALSE },
+
+	{ 0, NULL }
+};
+
+module solaris_audit_module = {
+	NULL, NULL,		/* Always NULL */
+	0x20,			/* API Version 2.0 */
+	"solaris_audit",
+	NULL,			/* configuration table */
+	solaris_audit_commands,	/* command table is for local use only */
+	NULL,			/* No authentication handlers */
+	NULL,			/* No initialization function */
+	audit_sess_init		/* Post-fork "child mode" init */
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/mod_solaris_priv.c	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,446 @@
+/*
+ * ProFTPD - FTP server daemon
+ * Copyright (c) 1997, 1998 Public Flood Software
+ * Copyright (c) 2003-2010 The ProFTPD Project team
+ * Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
+ *
+ * As a special exemption, the copyright holders give permission to link
+ * this program with OpenSSL and distribute the resulting executable without
+ * including the source code for OpenSSL in the source distribution.
+ */
+
+/* Use Solaris privileges to severely limit root's access. After user
+ * authentication, this module _completely_ gives up most privileges,
+ * except for the * bare minimum functionality that is required. 
+ * VERY highly recommended for security-consious admins.
+ *
+ * The concept of this was copied from the Linux mod_cap.  Solaris
+ * also has the concept of basic privileges that we can take away to further
+ * restrict a process lower than what a normal user process can do, this
+ * module removes some of those as well.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <priv.h>
+
+#include "conf.h"
+#include "privs.h"
+
+#define MOD_SOLARIS_PRIV_VERSION	"mod_solaris_priv/1.0"
+
+/* Configuration handlers
+ */
+
+#define	PRIV_USE_FILE_CHOWN		0x0001
+#define	PRIV_USE_FILE_CHOWN_SELF	0x0002
+#define	PRIV_USE_DAC_READ		0x0004
+#define	PRIV_USE_DAC_WRITE		0x0008
+#define	PRIV_USE_DAC_SEARCH		0x0010
+#define	PRIV_USE_SETID			0x0020
+#define	PRIV_USE_FILE_OWNER		0x0040
+#define	PRIV_DROP_FILE_WRITE		0x0080
+
+static unsigned int solaris_priv_flags = 0;
+static unsigned char use_privs = TRUE;
+
+MODRET set_solaris_priv(cmd_rec *cmd) {
+  unsigned int flags = 0;
+  config_rec *c = NULL;
+  register unsigned int i = 0;
+
+  if (cmd->argc - 1 < 1)
+    CONF_ERROR(cmd, "need at least one parameter");
+
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
+
+  /* PRIV_CHOWN is enabled by default. */
+  flags |= PRIV_USE_FILE_CHOWN;
+
+  for (i = 1; i < cmd->argc; i++) {
+    char *cp = cmd->argv[i];
+    cp++;
+
+    if (*cmd->argv[i] != '+' && *cmd->argv[i] != '-')
+      CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, ": bad option: '",
+        cmd->argv[i], "'", NULL));
+
+    if (strcasecmp(cp, "PRIV_USE_FILE_CHOWN") == 0) {
+      if (*cmd->argv[i] == '-')
+        flags &= ~PRIV_USE_FILE_CHOWN;
+
+    } else if (strcasecmp(cp, "PRIV_FILE_CHOWN_SELF") == 0) {
+      if (*cmd->argv[i] == '-')
+        flags &= ~PRIV_USE_FILE_CHOWN_SELF;
+
+    } else if (strcasecmp(cp, "PRIV_DAC_READ") == 0) {
+      if (*cmd->argv[i] == '+')
+        flags |= PRIV_USE_DAC_READ;
+
+    } else if (strcasecmp(cp, "PRIV_DAC_WRITE") == 0) {
+      if (*cmd->argv[i] == '+')
+        flags |= PRIV_USE_DAC_WRITE;
+
+    } else if (strcasecmp(cp, "PRIV_DAC_SEARCH") == 0) {
+      if (*cmd->argv[i] == '+')
+        flags |= PRIV_USE_DAC_SEARCH;
+
+    } else if (strcasecmp(cp, "PRIV_FILE_OWNER") == 0) {
+      if (*cmd->argv[i] == '+')
+        flags |= PRIV_USE_FILE_OWNER;
+
+    } else {
+      CONF_ERROR(cmd, pstrcat(cmd->tmp_pool, "unknown privilege: '",
+        cp, "'", NULL));
+    }
+  }
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned int));
+  *((unsigned int *) c->argv[0]) = flags;
+
+  return PR_HANDLED(cmd);
+}
+
+
+MODRET set_solaris_priv_engine(cmd_rec *cmd) {
+  int bool = -1;
+  config_rec *c = NULL;
+
+  CHECK_ARGS(cmd, 1);
+  CHECK_CONF(cmd, CONF_ROOT|CONF_VIRTUAL|CONF_GLOBAL);
+
+  bool = get_boolean(cmd, 1);
+  if (bool == -1)
+    CONF_ERROR(cmd, "expecting Boolean parameter");
+
+  c = add_config_param(cmd->argv[0], 1, NULL);
+  c->argv[0] = pcalloc(c->pool, sizeof(unsigned char));
+  *((unsigned char *) c->argv[0]) = bool;
+
+  return PR_HANDLED(cmd);
+}
+
+/* Command handlers
+ */
+
+/* The POST_CMD handler for "PASS" is only called after PASS has
+ * successfully completed, which means authentication is successful,
+ * so we can "tweak" our root access down to almost nothing.
+ */
+MODRET solaris_priv_post_pass(cmd_rec *cmd) {
+  int res = 0;
+  priv_set_t *p, *i;
+
+  if (!use_privs)
+    return PR_DECLINED(cmd);
+
+  pr_signals_block();
+
+  /* The only privilege we need is PRIV_NET_PRIVADDR (bind
+   * ports < 1024).  Everything else can be discarded.  We set this
+   * in the permitted set only, as when we switch away from root
+   * we lose effective anyhow, and must reset it.
+   *
+   * We also remove the basic Solaris privileges we know we will
+   * never need.
+   */
+
+  i = priv_allocset();
+  priv_basicset(i);
+  priv_delset(i, PRIV_PROC_EXEC);
+  priv_delset(i, PRIV_PROC_FORK);
+  priv_delset(i, PRIV_PROC_INFO);
+  priv_delset(i, PRIV_PROC_SESSION);
+  setppriv(PRIV_SET, PRIV_INHERITABLE, i);
+
+  p = priv_allocset();
+  priv_basicset(p);
+
+  priv_addset(p, PRIV_NET_PRIVADDR);
+  priv_addset(p, PRIV_PROC_AUDIT);
+
+  priv_delset(p, PRIV_PROC_EXEC);
+  priv_delset(p, PRIV_PROC_FORK);
+  priv_delset(p, PRIV_PROC_INFO);
+  priv_delset(p, PRIV_PROC_SESSION);
+
+  if (solaris_priv_flags & PRIV_USE_SETID)
+    priv_addset(p, PRIV_PROC_SETID);
+
+  /* Add any of the configurable privileges. */
+  if (solaris_priv_flags & PRIV_USE_FILE_CHOWN)
+    priv_addset(p, PRIV_FILE_CHOWN);
+
+  if (solaris_priv_flags & PRIV_USE_FILE_CHOWN_SELF)
+    priv_addset(p, PRIV_FILE_CHOWN_SELF);
+
+  if (solaris_priv_flags & PRIV_USE_DAC_READ)
+    priv_addset(p, PRIV_FILE_DAC_READ);
+
+  if (solaris_priv_flags & PRIV_USE_DAC_WRITE)
+    priv_addset(p, PRIV_FILE_DAC_WRITE);
+
+  if (solaris_priv_flags & PRIV_USE_DAC_SEARCH)
+    priv_addset(p, PRIV_FILE_DAC_SEARCH);
+
+  if (solaris_priv_flags & PRIV_USE_FILE_OWNER)
+    priv_addset(p, PRIV_FILE_OWNER);
+
+  if (solaris_priv_flags & PRIV_DROP_FILE_WRITE)
+    priv_delset(p, PRIV_FILE_WRITE);
+
+  res = setppriv(PRIV_SET, PRIV_PERMITTED, p);
+  res = setppriv(PRIV_SET, PRIV_EFFECTIVE, p);
+
+  if (setreuid(session.uid, session.uid) == -1) {
+    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": setreuid: %s",
+	strerror(errno));
+    pr_signals_unblock();
+    end_login(1);
+  }
+  pr_signals_unblock();
+
+  if (res != -1) {
+    /* That's it!  Disable all further id switching */
+    session.disable_id_switching = TRUE;
+
+  } else {
+    pr_log_pri(PR_LOG_NOTICE, MOD_SOLARIS_PRIV_VERSION ": attempt to configure "
+      "capabilities failed, reverting to normal operation");
+  }
+
+  return PR_DECLINED(cmd);
+}
+
+/* The POST_CMD_ERR handler for "PASS" is only called after PASS has
+ * failed so we need only limited set of privs to complete cleanup and logging.
+ */
+MODRET solaris_priv_post_fail(cmd_rec *cmd) {
+  int res = 0;
+  priv_set_t *p, *i;
+
+  if (!use_privs)
+    return PR_DECLINED(cmd);
+
+  pr_signals_block();
+
+  /* The only privilege we need is PRIV_NET_PRIVADDR (bind
+   * ports < 1024).  Everything else can be discarded.  We set this
+   * in the permitted set only, as when we switch away from root
+   * we lose effective anyhow, and must reset it.
+   *
+   * We also remove the basic Solaris privileges we know we will
+   * never need.
+   */
+
+  i = priv_allocset();
+  priv_basicset(i);
+  priv_delset(i, PRIV_PROC_EXEC);
+  priv_delset(i, PRIV_PROC_FORK);
+  priv_delset(i, PRIV_PROC_INFO);
+  priv_delset(i, PRIV_PROC_SESSION);
+  setppriv(PRIV_SET, PRIV_INHERITABLE, i);
+
+  p = priv_allocset();
+  priv_basicset(p);
+
+  priv_addset(p, PRIV_NET_PRIVADDR);
+  priv_addset(p, PRIV_PROC_AUDIT);
+
+  priv_delset(p, PRIV_PROC_EXEC);
+  priv_delset(p, PRIV_PROC_FORK);
+  priv_delset(p, PRIV_PROC_INFO);
+  priv_delset(p, PRIV_PROC_SESSION);
+
+  res = setppriv(PRIV_SET, PRIV_PERMITTED, p);
+  res = setppriv(PRIV_SET, PRIV_EFFECTIVE, p);
+
+  if (setreuid(session.uid, session.uid) == -1) {
+    pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": setreuid: %s",
+	strerror(errno));
+    pr_signals_unblock();
+    end_login(1);
+  }
+  pr_signals_unblock();
+
+  if (res != -1) {
+    /* That's it!  Disable all further id switching */
+    session.disable_id_switching = TRUE;
+
+  } else {
+    pr_log_pri(PR_LOG_NOTICE, MOD_SOLARIS_PRIV_VERSION ": attempt to configure "
+      "capabilities failed, reverting to normal operation");
+  }
+
+  return PR_DECLINED(cmd);
+}
+
+/* Initialization routines
+ */
+
+static int solaris_priv_sess_init(void) {
+  /* Check to see if the lowering of capabilities has been disabled in the
+   * configuration file.
+   */
+  if (use_privs) {
+    unsigned char *solaris_priv_engine;
+
+    solaris_priv_engine = get_param_ptr(main_server->conf, "PrivilegeEngine", FALSE);
+    if (solaris_priv_engine &&
+        *solaris_priv_engine == FALSE) {
+      pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+        ": lowering of capabilities disabled");
+      use_privs = FALSE;
+    }
+  }
+
+  /* Check for which specific capabilities to include/exclude. */
+  if (use_privs) {
+    int use_setuid = FALSE;
+    config_rec *c;
+
+    c = find_config(main_server->conf, CONF_PARAM, "PrivilegeSet", FALSE);
+    if (c != NULL) {
+      solaris_priv_flags = *((unsigned int *) c->argv[0]);
+
+      if (!(solaris_priv_flags & PRIV_USE_FILE_CHOWN)) {
+        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+          ": removing PRIV_CHOWN privilege");
+      }
+
+      if (solaris_priv_flags & PRIV_USE_DAC_READ) {
+        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+          ": adding PRIV_FILE_DAC_READ privilege"); 
+      }
+
+      if (solaris_priv_flags & PRIV_USE_DAC_WRITE) {
+        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+          ": adding PRIV_FILE_DAC_WRITE privilege"); 
+      }
+
+      if (solaris_priv_flags & PRIV_USE_DAC_SEARCH) {
+        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+          ": adding PRIV_DAC_SEARCH privilege");
+      }
+
+      if (solaris_priv_flags & PRIV_USE_FILE_OWNER) {
+        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+          ": adding PRIV_FILE_OWNER privilege");
+      }
+    }
+
+    c = find_config(main_server->conf, CONF_PARAM, "AllowOverwrite", FALSE);
+    if (c && *((int *) c->argv[0]) == FALSE) {
+        pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+          ": removing PRIV_FILE_WRITE basic privilege");
+        solaris_priv_flags |= PRIV_DROP_FILE_WRITE;
+    }
+	    
+
+    /* We also need to check for things which want to revoke root privs
+     * altogether: mod_exec, mod_sftp, and the RootRevoke directive.
+     * Revoking root privs completely requires the SETUID/SETGID
+     * capabilities.
+     */
+
+    if (use_setuid == FALSE &&
+        pr_module_exists("mod_sftp.c")) {
+      c = find_config(main_server->conf, CONF_PARAM, "SFTPEngine", FALSE);
+      if (c &&
+          *((int *) c->argv[0]) == TRUE) {
+        use_setuid = TRUE;
+      }
+    }
+
+    if (use_setuid == FALSE &&
+        pr_module_exists("mod_exec.c")) {
+      c = find_config(main_server->conf, CONF_PARAM, "ExecEngine", FALSE);
+      if (c &&
+          *((unsigned char *) c->argv[0]) == TRUE) {
+        use_setuid = TRUE;
+      }
+    }
+
+    if (use_setuid == FALSE) {
+      c = find_config(main_server->conf, CONF_PARAM, "RootRevoke", FALSE);
+      if (c &&
+          *((unsigned char *) c->argv[0]) == TRUE) {
+        use_setuid = TRUE;
+      }
+    }
+
+    if (use_setuid) {
+      solaris_priv_flags |= PRIV_USE_SETID;
+      pr_log_debug(DEBUG3, MOD_SOLARIS_PRIV_VERSION
+        ": adding PRIV_SETID ");
+    }
+
+  }
+
+  return 0;
+}
+
+static int solaris_priv_module_init(void) {
+
+  return 0;
+}
+
+
+/* Module API tables
+ */
+
+static conftable solaris_priv_conftab[] = {
+  { "PrivilegeEngine", set_solaris_priv_engine, NULL },
+  { "PrivilegeSet",    set_solaris_priv,        NULL },
+  { NULL, NULL, NULL }
+};
+
+static cmdtable solaris_priv_cmdtab[] = {
+  { POST_CMD, C_PASS, G_NONE, solaris_priv_post_pass, FALSE, FALSE },
+  { POST_CMD_ERR, C_PASS, G_NONE, solaris_priv_post_fail, FALSE, FALSE },
+  { 0, NULL }
+};
+
+module solaris_priv_module = {
+  NULL, NULL,
+
+  /* Module API version */
+  0x20,
+
+  /* Module name */
+  "cap",
+
+  /* Module configuration handler table */
+  solaris_priv_conftab,
+
+  /* Module command handler table */
+  solaris_priv_cmdtab,
+
+  /* Module authentication handler table */
+  NULL,
+
+  /* Module initialization */
+  solaris_priv_module_init,
+
+  /* Session initialization */
+  solaris_priv_sess_init,
+
+  /* Module version */
+  MOD_SOLARIS_PRIV_VERSION
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/proftpd/patches/proftpd-configuration-html.patch	Wed Jun 15 01:09:08 2011 -0700
@@ -0,0 +1,12280 @@
+--- proftpd-1.3.3e/doc/Configuration.html	Fri Oct  5 17:38:32 2007
++++ proftpd-1.3.3e/doc/Configuration.html	Wed Apr  6 10:47:44 2011
[email protected]@ -3,9 +3,7 @@
+ ><HEAD
+ ><TITLE
+ >Configuration Directive List</TITLE
+-><META
+-NAME="GENERATOR"
+-CONTENT="Modular DocBook HTML Stylesheet Version 1.79"></HEAD
++><meta name="generator" content="Bluefish 2.0.2" ></HEAD
+ ><BODY
+ CLASS="BOOK"
+ BGCOLOR="#FFFFFF"
[email protected]@ -113,11 +111,6 @@
+ >&nbsp;--&nbsp;User based allow rules</DT
+ ><DT
+ ><A
+-HREF="#ANONRATIO"
+->&#13;AnonRatio</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+ HREF="#ANONREJECTPASSWORDS"
+ >&#13;AnonRejectPasswords</A
+ >&nbsp;--&nbsp;Block certain anonymous user passwords</DT
[email protected]@ -178,21 +171,6 @@
+ >&nbsp;--&nbsp;Bind the server or Virtualhost to a specific IP address [deprecated]</DT
+ ><DT
+ ><A
+-HREF="#BYTERATIOERRMSG"
+->&#13;ByteRatioErrMsg</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+-HREF="#CAPABILITIESENGINE"
+->&#13;CapabilitiesEngine</A
+->&nbsp;--&nbsp;Enable/disable mod_cap</DT
+-><DT
+-><A
+-HREF="#CAPABILITIESSET"
+->&#13;CapabilitiesSet</A
+->&nbsp;--&nbsp;Configure the set of Linux capabilities processed</DT
+-><DT
+-><A
+ HREF="#CDPATH"
+ >&#13;CDPath</A
+ >&nbsp;--&nbsp;Sets "search paths" for the cd command</DT
[email protected]@ -218,11 +196,6 @@
+ >&nbsp;--&nbsp;Create and populate users' home directories as needed</DT
+ ><DT
+ ><A
+-HREF="#CWDRATIOMSG"
+->&#13;CwdRatioMsg</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+ HREF="#DEBUGLEVEL"
+ >&#13;DebugLevel</A
+ >&nbsp;--&nbsp;Set the debugging output level</DT
[email protected]@ -364,21 +337,11 @@
+ >&nbsp;--&nbsp;Set the file to display on quit</DT
+ ><DT
+ ><A
+-HREF="#DISPLAYREADME"
+->&#13;DisplayReadme</A
+->&nbsp;--&nbsp;Enable display of file modification times on a file pattern</DT
+-><DT
+-><A
+ HREF="#EXTENDEDLOG"
+ >&#13;ExtendedLog</A
+ >&nbsp;--&nbsp;Specify custom logfiles</DT
+ ><DT
+ ><A
+-HREF="#FILERATIOERRMSG"
+->&#13;FileRatioErrMsg</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+ HREF="#GLOBAL"
+ >&#13;Global</A
+ >&nbsp;--&nbsp;Set some directives to apply across the entire daemon</DT
[email protected]@ -399,11 +362,6 @@
+ >&nbsp;--&nbsp;Set a group-wide password</DT
+ ><DT
+ ><A
+-HREF="#GROUPRATIO"
+->&#13;GroupRatio</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+ HREF="#HIDDENSTOR"
+ >&#13;HiddenStor</A
+ >&nbsp;--&nbsp;Enables more safe file uploads [deprecated]</DT
[email protected]@ -435,11 +393,6 @@
+ >&nbsp;--&nbsp;Enable hiding of files based on user owner</DT
+ ><DT
+ ><A
+-HREF="#HOSTRATIO"
+->&#13;HostRatio</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+ HREF="#IDENTLOOKUPS"
+ >&#13;IdentLookups</A
+ >&nbsp;--&nbsp;Toggle ident lookups</DT
[email protected]@ -465,170 +418,6 @@
+ >&nbsp;--&nbsp;Load additional configuration directives from a file</DT
+ ><DT
+ ><A
+-HREF="#LDAPALIASDEREFERENCE"
+->&#13;    LDAPAliasDereference</A
+->&nbsp;--&nbsp;Specify how LDAP alias dereferencing is done</DT
+-><DT
+-><A
+-HREF="#LDAPATTR"
+->&#13;LDAPAttr</A
+->&nbsp;--&nbsp;Map LDAP Attributes to something non standard</DT
+-><DT
+-><A
+-HREF="#LDAPAUTHBINDS"
+->&#13;			LDAPAuthBinds</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+-HREF="#LDAPDEFAULTAUTHSCHEME"
+->&#13;			LDAPDefaultAuthScheme</A
+->&nbsp;--&nbsp;			Set the authentication scheme/hash that is used when no leading
+-			{hashname} is present.
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPDEFAULTGID"
+->&#13;			LDAPDefaultGID</A
+->&nbsp;--&nbsp;			Set the default GID to be assigned to users when no uidNumber
+-			attribute is found.
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPDEFAULTUID"
+->&#13;			LDAPDefaultUID</A
+->&nbsp;--&nbsp;			Set the default UID to be assigned to users when no uidNumber
+-			attribute is found.
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPDNINFO"
+->&#13;			LDAPDNInfo</A
+->&nbsp;--&nbsp;Set DN information to be used for initial bind</DT
+-><DT
+-><A
+-HREF="#LDAPDOAUTH"
+->&#13;			LDAPDoAuth</A
+->&nbsp;--&nbsp;Enable LDAP authentication</DT
+-><DT
+-><A
+-HREF="#LDAPDOGIDLOOKUPS"
+->&#13;			LDAPDoGIDLookups</A
+->&nbsp;--&nbsp;			Enable LDAP lookups for user group membership and GIDs in
+-			directory listings
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPDOQUOTALOOKUPS"
+->&#13;			LDAPDoQuotaLookups</A
+->&nbsp;--&nbsp;Enable LDAP quota limit support</DT
+-><DT
+-><A
+-HREF="#LDAPDOUIDLOOKUPS"
+->&#13;      LDAPDoUIDLookups</A
+->&nbsp;--&nbsp;      Enable LDAP lookups for UIDs in directory listings
+-    </DT
+-><DT
+-><A
+-HREF="#LDAPFORCEDEFAULTGID"
+->&#13;			LDAPForceDefaultGID</A
+->&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same GID.</DT
+-><DT
+-><A
+-HREF="#LDAPFORCEDEFAULTUID"
+->&#13;			LDAPForceDefaultUID</A
+->&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same UID.</DT
+-><DT
+-><A
+-HREF="#LDAPFORCEGENERATEDHOMEDIR"
+->&#13;      LDAPForceGeneratedHomedir</A
+->&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
+-      prefix/suffix.
+-    </DT
+-><DT
+-><A
+-HREF="#LDAPFORCEHOMEDIRONDEMAND"
+->&#13;      LDAPForceHomedirOnDemand</A
+->&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
+-      prefix/suffix. [deprecated]
+-    </DT
+-><DT
+-><A
+-HREF="#LDAPGENERATEHOMEDIR"
+->&#13;			LDAPGenerateHomedir</A
+->&nbsp;--&nbsp;			Enable the creation of user home directories on demand
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->&#13;			LDAPGenerateHomedirPrefix</A
+->&nbsp;--&nbsp;			Enable the creation of user home directories on demand
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+->&#13;LDAPGenerateHomedirPrefixNoUsername</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+-HREF="#LDAPHOMEDIRONDEMAND"
+->&#13;			LDAPHomedirOnDemand</A
+->&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPHOMEDIRONDEMANDPREFIX"
+->&#13;			LDAPHomedirOnDemandPrefix</A
+->&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
+->&#13;LDAPHomedirOnDemandPrefixNoUsername</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+-HREF="#LDAPHOMEDIRONDEMANDSUFFIX"
+->&#13;			LDAPHomedirOnDemandSuffix</A
+->&nbsp;--&nbsp;			Specify an additional directory to be created inside a user's
+-			home directory on demand. [deprecated]
+-		</DT
+-><DT
+-><A
+-HREF="#LDAPNEGATIVECACHE"
+->&#13;			LDAPNegativeCache</A
+->&nbsp;--&nbsp;Enable negative caching for LDAP lookups</DT
+-><DT
+-><A
+-HREF="#LDAPPROTOCOLVERSION"
+->&#13;LDAPProtocolVersion</A
+->&nbsp;--&nbsp;Set the LDAP protocol version</DT
+-><DT
+-><A
+-HREF="#LDAPQUERYTIMEOUT"
+->&#13;			LDAPQueryTimeout</A
+->&nbsp;--&nbsp;Set a timeout for LDAP queries</DT
+-><DT
+-><A
+-HREF="#LDAPSEARCHSCOPE"
+->&#13;			LDAPSearchScope</A
+->&nbsp;--&nbsp;Specify the search scope used in LDAP queries</DT
+-><DT
+-><A
+-HREF="#LDAPSERVER"
+->&#13;			LDAPServer</A
+->&nbsp;--&nbsp;Specify the LDAP server to use for lookups</DT
+-><DT
+-><A
+-HREF="#LDAPUSETLS"
+->&#13;			LDAPUseTLS</A
+->&nbsp;--&nbsp;Enable TLS/SSL connections to the LDAP server.</DT
+-><DT
+-><A
+-HREF="#LEECHRATIOMSG"
+->&#13;LeechRatioMsg</A
+->&nbsp;--&nbsp;Sets the 'over ratio' error message</DT
+-><DT
+-><A
+ HREF="#LIMIT"
+ >&#13;Limit</A
+ >&nbsp;--&nbsp;Set the commands/actions to be controlled</DT
[email protected]@ -749,86 +538,11 @@
+ >&nbsp;--&nbsp;Set the port for the control socket</DT
+ ><DT
+ ><A
+-HREF="#RADIUSACCTSERVER"
+->&#13;RadiusAcctServer</A
+->&nbsp;--&nbsp;Setup RADIUS accounting details</DT
+-><DT
+-><A
+-HREF="#RADIUSAUTHSERVER"
+->&#13;RadiusAuthServer</A
+->&nbsp;--&nbsp;Setup RADIUS authenticator details</DT
+-><DT
+-><A
+-HREF="#RADIUSENGINE"
+->&#13;RadiusEngine</A
+->&nbsp;--&nbsp;Enable RADIUS support</DT
+-><DT
+-><A
+-HREF="#RADIUSLOG"
+->&#13;RadiusLog</A
+->&nbsp;--&nbsp;Specify the logfile for reporting / debugging</DT
+-><DT
+-><A
+-HREF="#RADIUSREALM"
+->&#13;RadiusRealm</A
+->&nbsp;--&nbsp;Setup the authentication realm</DT
+-><DT
+-><A
+-HREF="#RADIUSUSERINFO"
+->&#13;RadiusUserInfo</A
+->&nbsp;--&nbsp;Configure login information via RADIUS</DT
+-><DT
+-><A
+-HREF="#RATIOFILE"
+->&#13;RatioFile</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+-HREF="#RATIOS"
+->&#13;Ratios</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+-HREF="#RATIOTEMPFILE"
+->&#13;RatioTempFile</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+ HREF="#REQUIREVALIDSHELL"
+ >&#13;RequireValidShell</A
+ >&nbsp;--&nbsp;Allow connections based on /etc/shells</DT
+ ><DT
+ ><A
+-HREF="#REWRITECONDITION"
+->&#13;RewriteCondition</A
+->&nbsp;--&nbsp;Define a rule condition</DT
+-><DT
+-><A
+-HREF="#REWRITEENGINE"
+->&#13;RewriteEngine</A
+->&nbsp;--&nbsp;Enable/disable mod_rewrite</DT
+-><DT
+-><A
+-HREF="#REWRITELOCK"
+->&#13;RewriteLock</A
+->&nbsp;--&nbsp;Set the filename for synchronization lockfile</DT
+-><DT
+-><A
+-HREF="#REWRITELOG"
+->&#13;RewriteLog</A
+->&nbsp;--&nbsp;Specify a log file for mod_rewrite reporting</DT
+-><DT
+-><A
+-HREF="#REWRITEMAP"
+->&#13;RewriteMap</A
+->&nbsp;--&nbsp;Define a rewrite map</DT
+-><DT
+-><A
+-HREF="#REWRITERULE"
+->&#13;RewriteRule</A
+->&nbsp;--&nbsp;Define a rewrite rule</DT
+-><DT
+-><A
+ HREF="#RLIMITCPU"
+ >&#13;RLimitCPU</A
+ >&nbsp;--&nbsp;Configure the maximum CPU time in seconds used by a process</DT
[email protected]@ -854,11 +568,6 @@
+ >&nbsp;--&nbsp;Drop root privileges completely</DT
+ ><DT
+ ><A
+-HREF="#SAVERATIOS"
+->&#13;SaveRatios</A
+->&nbsp;--&nbsp;FIXME FIXME</DT
+-><DT
+-><A
+ HREF="#SCOREBOARDFILE"
+ >&#13;ScoreboardFile</A
+ >&nbsp;--&nbsp;Sets the name and path of the scoreboard file</DT
[email protected]@ -891,7 +600,7 @@
+ ><A
+ HREF="#SETENV"
+ >&#13;SetEnv</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
++>&nbsp;--&nbsp;Set environment variable</DT
+ ><DT
+ ><A
+ HREF="#SHOWSYMLINKS"
[email protected]@ -909,131 +618,6 @@
+ >&nbsp;--&nbsp;Tune socket-level options</DT
+ ><DT
+ ><A
+-HREF="#SQLAUTHENTICATE"
+->&#13;    SQLAuthenticate</A
+->&nbsp;--&nbsp;    Specify authentication methods and what to authenticate 
+-  </DT
+-><DD
+-><DL
+-><DT
+-><A
+-HREF="#AEN8505"
+->Group Table Structure</A
+-></DT
+-></DL
+-></DD
+-><DT
+-><A
+-HREF="#SQLAUTHTYPES"
+->&#13;SQLAuthTypes</A
+->&nbsp;--&nbsp;Specify the allowed authentication types and their check order</DT
+-><DT
+-><A
+-HREF="#SQLBACKEND"
+->&#13;SQLBackend</A
+->&nbsp;--&nbsp;Set the SQL backend module</DT
+-><DT
+-><A
+-HREF="#SQLCONNECTINFO"
+->&#13;SQLConnectInfo</A
+->&nbsp;--&nbsp;Specify connection information for the backend</DT
+-><DT
+-><A
+-HREF="#SQLDEFAULTGID"
+->&#13;SQLDefaultGID</A
+->&nbsp;--&nbsp;Configure the default GID for users</DT
+-><DT
+-><A
+-HREF="#SQLDEFAULTHOMEDIR"
+->&#13;SQLDefaultHomedir</A
+->&nbsp;--&nbsp;Configure the default homedir</DT
+-><DT
+-><A
+-HREF="#SQLDEFAULTUID"
+->&#13;SQLDefaultUID</A
+->&nbsp;--&nbsp;Configure the default UID for users</DT
+-><DT
+-><A
+-HREF="#SQLENGINE"
+->&#13;SQLEngine</A
+->&nbsp;--&nbsp;Configure how mod_sql will operate</DT
+-><DT
+-><A
+-HREF="#SQLGROUPINFO"
+->&#13;SQLGroupInfo</A
+->&nbsp;--&nbsp;Configure the group table and fields that hold group information</DT
+-><DT
+-><A
+-HREF="#SQLGROUPWHERECLAUSE"
+->&#13;SQLGroupWhereClause</A
+->&nbsp;--&nbsp;Configure a WHERE clause for every group query</DT
+-><DT
+-><A
+-HREF="#SQLHOMEDIRONDEMAND"
+->&#13;SQLHomedirOnDemand</A
+->&nbsp;--&nbsp;Have mod_sql create home directories as needed [deprecated]</DT
+-><DT
+-><A
+-HREF="#SQLLOG"
+->&#13;SQLLog</A
+->&nbsp;--&nbsp;Log information to a database table</DT
+-><DT
+-><A
+-HREF="#SQLLOGFILE"
+->&#13;SQLLogFile</A
+->&nbsp;--&nbsp;Specify a log file for mod_sql reporting and debugging</DT
+-><DT
+-><A
+-HREF="#SQLMINID"
+->&#13;SQLMinID</A
+->&nbsp;--&nbsp;Set SQLMinUserGID and SQLMinUserID in one place</DT
+-><DT
+-><A
+-HREF="#SQLMINUSERGID"
+->&#13;SQLMinUserGID</A
+->&nbsp;--&nbsp;Set a minimum GID</DT
+-><DT
+-><A
+-HREF="#SQLMINUSERUID"
+->&#13;SQLMinUserUID</A
+->&nbsp;--&nbsp;Set a minimum UID</DT
+-><DT
+-><A
+-HREF="#SQLNAMEDQUERY"
+->&#13;SQLNamedQuery</A
+->&nbsp;--&nbsp;Specify a query and an identifier for SQLShowInfo and SQLLog</DT
+-><DT
+-><A
+-HREF="#SQLNEGATIVECACHE"
+->&#13;			SQLNegativeCache</A
+->&nbsp;--&nbsp;Enable negative caching for SQL lookups</DT
+-><DT
+-><A
+-HREF="#SQLRATIOS"
+->&#13;SQLRatios</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+-HREF="#SQLRATIOSTATS"
+->&#13;SQLRatioStats</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
+-><DT
+-><A
+-HREF="#SQLSHOWINFO"
+->&#13;SQLShowInfo</A
+->&nbsp;--&nbsp;Create a message to be sent to the user after any successful command</DT
+-><DT
+-><A
+-HREF="#SQLUSERINFO"
+->&#13;SQLUserInfo</A
+->&nbsp;--&nbsp;Configure the user table and fields that hold user information</DT
+-><DT
+-><A
+-HREF="#SQLUSERWHERECLAUSE"
+->&#13;SQLUserWhereClause</A
+->&nbsp;--&nbsp;Configure a WHERE clause for every user query&#60;</DT
+-><DT
+-><A
+ HREF="#STOREUNIQUEPREFIX"
+ >&#13;StoreUniquePrefix</A
+ >&nbsp;--&nbsp;Set the prefix to be added to uniquely generated filenames</DT
[email protected]@ -1186,7 +770,7 @@
+ ><A
+ HREF="#TLSPASSPHRASEPROVIDER"
+ >&#13;TLSPassPhraseProvider</A
+->&nbsp;--&nbsp;FIXFIXFIX</DT
++>&nbsp;--&nbsp;Configure external provider for key</DT
+ ><DT
+ ><A
+ HREF="#TLSPROTOCOL"
[email protected]@ -1246,7 +830,7 @@
+ ><A
+ HREF="#UNSETENV"
+ >&#13;UnsetEnv</A
+->&nbsp;--&nbsp;(docs incomplete)</DT
++>&nbsp;--&nbsp;Unset environment variable</DT
+ ><DT
+ ><A
+ HREF="#USEFTPUSERS"
[email protected]@ -1294,11 +878,6 @@
+ >&nbsp;--&nbsp;Creates a hardcoded username/password pair</DT
+ ><DT
+ ><A
+-HREF="#USERRATIO"
+->&#13;UserRatio</A
+->&nbsp;--&nbsp;Ratio directive</DT
+-><DT
+-><A
+ HREF="#USESENDFILE"
+ >&#13;UseSendfile</A
+ >&nbsp;--&nbsp;Toggles use of sendfile() functionality</DT
[email protected]@ -1348,11 +927,6 @@
+ >&nbsp;--&nbsp;Prevent information leak through timing attacks</DT
+ ><DT
+ ><A
+-HREF="#MOD-LDAP"
+->&#13;			mod_ldap</A
+->&nbsp;--&nbsp;LDAP authentication support</DT
+-><DT
+-><A
+ HREF="#MOD-LOG"
+ >&#13;mod_log</A
+ >&nbsp;--&nbsp;Logging support</DT
[email protected]@ -1363,31 +937,6 @@
+ >&nbsp;--&nbsp;file listing functionality</DT
+ ><DT
+ ><A
+-HREF="#MOD-RADIUS"
+->&#13;mod_radius</A
+->&nbsp;--&nbsp;RADIUS based authentication support</DT
+-><DT
+-><A
+-HREF="#MOD-RATIO"
+->&#13;mod_ratio</A
+->&nbsp;--&nbsp;FIX ME FIX ME</DT
+-><DT
+-><A
+-HREF="#MOD-README"
+->&#13;mod_readme</A
+->&nbsp;--&nbsp;"README" file support</DT
+-><DT
+-><A
+-HREF="#AEN12975"
+-></A
+->&nbsp;--&nbsp;</DT
+-><DT
+-><A
+-HREF="#MOD-SQL"
+->&#13;mod_sql</A
+->&nbsp;--&nbsp;SQL support module</DT
+-><DT
+-><A
+ HREF="#MOD-TLS"
+ >&#13;mod_tls</A
+ >&nbsp;--&nbsp;TLS/SSL support module</DT
[email protected]@ -1400,7 +949,7 @@
+ ><A
+ HREF="#MOD-XFER"
+ >&#13;mod_xfer</A
+->&nbsp;--&nbsp;FIX ME FIX ME</DT
++>&nbsp;--&nbsp;control transfer</DT
+ ></DL
+ ></DD
+ ><DT
[email protected]@ -1465,26 +1014,6 @@
+ ></DL
+ ></DIV
+ ><DIV
+-CLASS="LOT"
+-><DL
+-CLASS="LOT"
+-><DT
+-><B
+->List of Examples</B
+-></DT
+-><DT
+->1-1. <A
+-HREF="#EXAMPLE-USERMAP"
+->Example Usermap</A
+-></DT
+-><DT
+->1-2. <A
+-HREF="#EXAMPLE-FIFONAMEDPIPE"
+->Example FIFO/Named Pipe 1:1 mapping</A
+-></DT
+-></DL
+-></DIV
+-><DIV
+ CLASS="CHAPTER"
+ ><HR><H1
+ ><A
[email protected]@ -3216,113 +2745,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="ANONRATIO"
+-></A
+->
+-AnonRatio</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN701"
+-></A
+-><H2
+->Name</H2
+->AnonRatio&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN704"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->AnonRatio</B
+->  [  <CODE
+-CLASS="OPTION"
+->foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN731"
+-></A
+-><H2
+->Description</H2
+-><P
+->The AnonRatio directive ....</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN734"
+-></A
+-><H2
+->See also</H2
+-><P
+->AnonRatio</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN737"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="ANONREJECTPASSWORDS"
+ ></A
+ >
[email protected]@ -4845,320 +4267,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="BYTERATIOERRMSG"
+-></A
+->
+-ByteRatioErrMsg</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN1336"
+-></A
+-><H2
+->Name</H2
+->ByteRatioErrMsg&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN1339"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->ByteRatioErrMsg</B
+->  [  <CODE
+-CLASS="OPTION"
+->foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1366"
+-></A
+-><H2
+->Description</H2
+-><P
+->The ByteRatioErrMsg directive ....
+-Example:
+-ByteRatioErrMsg</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1369"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1372"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="CAPABILITIESENGINE"
+-></A
+->
+-CapabilitiesEngine</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN1383"
+-></A
+-><H2
+->Name</H2
+->CapabilitiesEngine&nbsp;--&nbsp;Enable/disable mod_cap</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN1386"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->CapabilitiesEngine</B
+->  [  <CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->off</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->CapabilitiesEngine On, if running on a Linux hosts that supports capabilities</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;VirtualHost&gt;, &lt;Global&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_cap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.8rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1414"
+-></A
+-><H2
+->Description</H2
+-><P
+->The CapabilitiesEngine directive enables or disables the module's
+-  runtime capabilities engine. If set to off, this module does no runtime
+-  capabilities processing at all. Use this directive to disable the
+-  module.</P
+-></DIV
+-><H1
+-><A
+-NAME="CAPABILITIESSET"
+-></A
+->
+-CapabilitiesSet</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN1425"
+-></A
+-><H2
+->Name</H2
+->CapabilitiesSet&nbsp;--&nbsp;Configure the set of Linux capabilities processed</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN1428"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->CapabilitiesSet</B
+->  [  <CODE
+-CLASS="OPTION"
+->[+/-]capability</CODE
+->...]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->CapabilitiesSet +CAP_CHOWN</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;VirtualHost&gt;, &lt;Global&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_cap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.8rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1455"
+-></A
+-><H2
+->Description</H2
+-><P
+->By default, mod_cap removes all but two capabilities from the
+-  session-handling process: CAP_NET_BIND_SERVICE, for binding to ports lower
+-  than 1024 (required for active data transfers), and CAP_CHOWN, for
+-  allowing a process to change a file's ownership to a different user. The
+-  latter capability is only strictly necessary if the UserOwner
+-  configuration directive is in use; if not being used, the CAP_CHOWN
+-  capability is best removed. The CapabilitiesSet directive is used to
+-  manipulate the set of capabilities that mod_cap grants.</P
+-><P
+->To remove a capability, prefix the name with a '-'; to enable a
+-  capability, use '+'. At present, this directive only supports one
+-  capability: CAP_CHOWN.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1459"
+-></A
+-><H2
+->Example</H2
+-><P
+->  &lt;IfModule mod_cap.c&gt;
+-    CapabilitiesEngine on
+-    CapabilitiesSet -CAP_CHOWN
+-  &lt;/IfModule&gt;</P
+-></DIV
+-><H1
+-><A
+ NAME="CDPATH"
+ ></A
+ >
[email protected]@ -5781,115 +4889,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="CWDRATIOMSG"
+-></A
+->
+-CwdRatioMsg</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN1720"
+-></A
+-><H2
+->Name</H2
+->CwdRatioMsg&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN1723"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->CwdRatioMsg</B
+->  [  <CODE
+-CLASS="OPTION"
+->foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1750"
+-></A
+-><H2
+->Description</H2
+-><P
+->The CwdRatioMsg directive ....
+-Example:
+-CwdRatioMsg</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1753"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN1756"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="DEBUGLEVEL"
+ ></A
+ >
[email protected]@ -9452,128 +8451,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="DISPLAYREADME"
+-></A
+->
+-DisplayReadme</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN3148"
+-></A
+-><H2
+->Name</H2
+->DisplayReadme&nbsp;--&nbsp;Enable display of file modification times on a file pattern</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN3151"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->DisplayReadme</B
+->  [  <CODE
+-CLASS="OPTION"
+->DisplayReadme filename or pattern</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Global&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_readme</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.0pre8 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3178"
+-></A
+-><H2
+->Description</H2
+-><P
+->Module: mod_readme
+-The DisplayReadme directive notifies the user of the last change date of the 
+-specified file or pattern. Only a single DisplayReadme directive is allowed per configuration 
+-scope. 
+-DisplayReadme README
+-Will result in:
+-Please read the file README it was last modified on Sun Oct 17 10:36:14 
+-1999 - 0 days ago 
+-Being displayed to the user on a cwd. 
+-DisplayReadmePattern README*
+-Will result in:
+-Please read the file README
+-it was last modified on Tue Jan 25 04:47:48 2000 - 0 days ago
+-Please read the file README.first
+-it was last modified on Tue Jan 25 04:48:04 2000 - 0 days ago
+-Being displayed to the user on a cwd. </P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3181"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3184"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="EXTENDEDLOG"
+ ></A
+ >
[email protected]@ -9733,115 +8610,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="FILERATIOERRMSG"
+-></A
+->
+-FileRatioErrMsg</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN3249"
+-></A
+-><H2
+->Name</H2
+->FileRatioErrMsg&nbsp;--&nbsp;(docs incomplete)</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN3252"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->FileRatioErrMsg</B
+->  [  <CODE
+-CLASS="OPTION"
+->FileRatioErrMsg foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3279"
+-></A
+-><H2
+->Description</H2
+-><P
+->The FileRatioErrMsg directive ....
+-Example:
+-FileRatioErrMsg</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3282"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3285"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="GLOBAL"
+ ></A
+ >
[email protected]@ -10297,115 +9065,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="GROUPRATIO"
+-></A
+->
+-GroupRatio</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN3486"
+-></A
+-><H2
+->Name</H2
+->GroupRatio&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN3489"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->GroupRatio</B
+->  [  <CODE
+-CLASS="OPTION"
+->GroupRatio foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3516"
+-></A
+-><H2
+->Description</H2
+-><P
+->The GroupRatio directive ....
+-Example:
+-GroupRatio</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3519"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3522"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="HIDDENSTOR"
+ ></A
+ >
[email protected]@ -11103,115 +9762,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="HOSTRATIO"
+-></A
+->
+-HostRatio</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN3817"
+-></A
+-><H2
+->Name</H2
+->HostRatio&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN3820"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->HostRatio</B
+->  [  <CODE
+-CLASS="OPTION"
+->HostRatio foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3847"
+-></A
+-><H2
+->Description</H2
+-><P
+->The HostRatio directive ....
+-Example:
+-HostRatio</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3850"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN3853"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="IDENTLOOKUPS"
+ ></A
+ >
[email protected]@ -11818,3747 +10368,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="LDAPALIASDEREFERENCE"
+-></A
+->
+-    LDAPAliasDereference</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4111"
+-></A
+-><H2
+->Name</H2
+->LDAPAliasDereference&nbsp;--&nbsp;Specify how LDAP alias dereferencing is done</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4114"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPAliasDereference</B
+->  [      <CODE
+-CLASS="OPTION"
+->never</CODE
+->
+-      <CODE
+-CLASS="OPTION"
+->find</CODE
+->
+-      <CODE
+-CLASS="OPTION"
+->search</CODE
+->
+-      <CODE
+-CLASS="OPTION"
+->always</CODE
+->
+-    ]</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4122"
+-></A
+-><H2
+-></H2
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->LDAPAliasDereference never</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->2.8.16 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4145"
+-></A
+-><H2
+->Description</H2
+-><P
+->Should be one of never, always, search, or find to specify that
+-  aliases are never dereferenced, always dereferenced, dereferenced when
+-  searching, or dereferenced only when locating the base object for the
+-  search.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4148"
+-></A
+-><H2
+->Examples</H2
+-><P
+->LDAPAliasDereference always</P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPATTR"
+-></A
+->
+-LDAPAttr</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4159"
+-></A
+-><H2
+->Name</H2
+->LDAPAttr&nbsp;--&nbsp;Map LDAP Attributes to something non standard</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4162"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPAttr</B
+->  [  <CODE
+-CLASS="OPTION"
+->uid</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->uidNumber</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->gidNumber</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->homeDirectory</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->userPassword</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->loginShell</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->cn</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->memberUid</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->ftpQuota</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->"NewAttribute"</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+-></P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->2.8.13 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4199"
+-></A
+-><H2
+->Description</H2
+-><P
+->FIXMEFIXMEFIXME</P
+-><P
+->This dicrective has to be set before any of the LDAPDo* directives.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4203"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4206"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+->FIXFIXFIX</P
+-><P
+->FIXFIX</P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPAUTHBINDS"
+-></A
+->
+-			LDAPAuthBinds</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4218"
+-></A
+-><H2
+->Name</H2
+->LDAPAuthBinds&nbsp;--&nbsp;(docs incomplete)</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4221"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->Syntax: LDAPAuthBinds</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+->(docs incomplete)</B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPAuthBinds off in mod_ldap &#60;= 2.7.6,
+-				LDAPAuthBinds on in mod_ldap &#62;= 2.8
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.5 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4249"
+-></A
+-><H2
+->Description</H2
+-><P
+->By default, the DN specified by LDAPDNInfo will be used to
+-		bind to the LDAP server to obtain user information, including the
+-		userPassword attribute. If LDAPAuthBinds is set to on, the DN
+-		specified by LDAPDNInfo will be used to fetch all user information
+-		except the userPassword attribute. Then, mod_ldap will bind to the
+-		LDAP server as the user who is logging in via FTP with the
+-		user-supplied password. If this bind succeeds, the user is
+-		considered authenticated and is allowed to log in. This method of
+-		LDAP authentication has the added benefit of supporting any password
+-		encryption scheme that your LDAP server supports.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4252"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4255"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDEFAULTAUTHSCHEME"
+-></A
+->
+-			LDAPDefaultAuthScheme</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4266"
+-></A
+-><H2
+->Name</H2
+->LDAPDefaultAuthScheme&nbsp;--&nbsp;			Set the authentication scheme/hash that is used when no leading
+-			{hashname} is present.
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4269"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDefaultAuthScheme</B
+->  [				<CODE
+-CLASS="OPTION"
+->crypt</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->clear</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPDefaultAuthScheme "crypt"
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4297"
+-></A
+-><H2
+->Description</H2
+-><P
+->Specifies the authentication scheme used for passwords with no
+-		{prefix} in the LDAP database. For example, if you are using
+-		something like userPassword: mypass in your LDAP database, you would
+-		want to set LDAPDefaultAuthScheme to clear.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4300"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4303"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDEFAULTGID"
+-></A
+->
+-			LDAPDefaultGID</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4314"
+-></A
+-><H2
+->Name</H2
+->LDAPDefaultGID&nbsp;--&nbsp;			Set the default GID to be assigned to users when no uidNumber
+-			attribute is found.
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4317"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDefaultGID</B
+->  [				<CODE
+-CLASS="OPTION"
+->default-gid</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				None
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4344"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive is useful primarily in virtual-user
+-		environments common in large-scale ISPs and hosting organizations.
+-		If a user does not have a LDAP gidNumber attribute, the
+-		LDAPDefaultGID is used. This allows one to have a large number of
+-		users in an LDAP database without gidNumber attributes; setting this
+-		configuration directive will automatically assign those users a
+-		single GID.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4347"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4350"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDEFAULTUID"
+-></A
+->
+-			LDAPDefaultUID</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4361"
+-></A
+-><H2
+->Name</H2
+->LDAPDefaultUID&nbsp;--&nbsp;			Set the default UID to be assigned to users when no uidNumber
+-			attribute is found.
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4364"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDefaultUID</B
+->  [				<CODE
+-CLASS="OPTION"
+->default-uid</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				None
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4391"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive is useful primarily in virtual-user
+-		environments common in large-scale ISPs and hosting organizations.
+-		If a user does not have a LDAP uidNumber attribute, the
+-		LDAPDefaultUID is used. This allows one to have a large number of
+-		users in an LDAP database without uidNumber attributes; setting this
+-		configuration directive will automatically assign those users a
+-		single UID.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4394"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4397"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDNINFO"
+-></A
+->
+-			LDAPDNInfo</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4408"
+-></A
+-><H2
+->Name</H2
+->LDAPDNInfo&nbsp;--&nbsp;Set DN information to be used for initial bind</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4411"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDNInfo</B
+->  [				<CODE
+-CLASS="OPTION"
+->LDAPDNInfo "ldap-dn" "dn-password"</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPDNInfo "" "" (anonymous bind)
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->			mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4438"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive specifies the LDAP DN and password to use when
+-		binding to the LDAP server. If this configuration directive is not
+-		specified, anonymous binds are used.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4441"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4444"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDOAUTH"
+-></A
+->
+-			LDAPDoAuth</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4455"
+-></A
+-><H2
+->Name</H2
+->LDAPDoAuth&nbsp;--&nbsp;Enable LDAP authentication</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4458"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDoAuth</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"auth-base-dn"</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"search-filter-template"</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPDoAuth off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4490"
+-></A
+-><H2
+->Description</H2
+-><P
+->This configuration directive activates LDAP authentication.
+-		The second argument to this directive is the LDAP base DN to use for
+-		authentication.  The third argument is a template to be used for the
+-		search filter; %v will be replaced with the username that is being
+-		authenticated.
+-		 By default, the search filter template
+-		"(&amp;(uid=%v)(objectclass=posixAccount))" is used.
+-		The uid for the the search filter is taken from the
+-		<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+-> directive.
+-		Search filter
+-		templates are only supported in mod_ldap v2.7 and later.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4494"
+-></A
+-><H2
+->See also</H2
+-><P
+->			<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+->
+-		</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4498"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDOGIDLOOKUPS"
+-></A
+->
+-			LDAPDoGIDLookups</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4509"
+-></A
+-><H2
+->Name</H2
+->LDAPDoGIDLookups&nbsp;--&nbsp;			Enable LDAP lookups for user group membership and GIDs in
+-			directory listings
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4512"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDoGIDLookups</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"gid-base-dn"</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"cn-filter-template"</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"gid-number-filter-template"</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"member-uid-filter-template"</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPDoGIDLookups off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4548"
+-></A
+-><H2
+->Description</H2
+-><P
+->This configuration directive activates LDAP GID-to-name
+-		lookups in directory listings. The second argument to this directive
+-		is the LDAP base DN to use for GID-to-name lookups. The third
+-		through fifth arguments are templates to be used for the search
+-		filter; %v will be replaced with the GID that is being looked
+-		up.</P
+-><P
+->By default, the search filter templates look like this:</P
+-><P
+->		cn_filter:        "(cn=%v)(objectclass=posixGroup))",
+-		gidnumber_filter: "(gidNumber=%v)(objectclass=posixGroup))",
+-		memberuid_filter: "(memberUid=%v)(objectclass=posixGroup))".
+-		</P
+-><P
+->The attribute names used in the default search filters are
+-		taken from the <A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+->
+-		directive.</P
+-><P
+->Filter templates are only supported in mod_ldap v2.8.3 and
+-		later.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4556"
+-></A
+-><H2
+->See also</H2
+-><P
+->			<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+->
+-		</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4560"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDOQUOTALOOKUPS"
+-></A
+->
+-			LDAPDoQuotaLookups</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4571"
+-></A
+-><H2
+->Name</H2
+->LDAPDoQuotaLookups&nbsp;--&nbsp;Enable LDAP quota limit support</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4574"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDoQuotaLookups</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"base-dn"</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"quota-filter-template"</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->"default-quota"</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPDoQuotaLookups off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8.12 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4608"
+-></A
+-><H2
+->Description</H2
+-><P
+->This configuration directive activates LDAP quota lookups. 
+-		The second argument to this directive is the LDAP base DN to use for
+-		quota limit search.  The third argument is a template to be used for
+-		the search filter; %v will be replaced with the username that is
+-		being authenticated. By default, the search filter template
+-		"(&amp;(LDAPAttr_uid=%v)(objectclass=posixAccount))" is used.
+-		
+-		The uid for the the search filter is taken from the
+-		<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+-> directive	
+-		Search filter
+-		templates are only supported in mod_ldap v2.7 and later.</P
+-><P
+->If specified, the <CODE
+-CLASS="OPTION"
+->default-quota<CODE
+-CLASS="OPTION"
+-> argument
+-		specifies the quota limits to use if a user does not have a ftpQuota
+-		attribute. This argument is formatted the same way as the ftpQuota
+-		LDAP attribute.</CODE
+-></CODE
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4615"
+-></A
+-><H2
+->See also</H2
+-><P
+->			<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+->
+-		</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4619"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPDOUIDLOOKUPS"
+-></A
+->
+-      LDAPDoUIDLookups</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4630"
+-></A
+-><H2
+->Name</H2
+->LDAPDoUIDLookups&nbsp;--&nbsp;      Enable LDAP lookups for UIDs in directory listings
+-    </DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4633"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPDoUIDLookups</B
+->  [        <CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-        <CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-      ] [        <CODE
+-CLASS="OPTION"
+->"uid-base-dn"</CODE
+->
+-      ] [        <CODE
+-CLASS="OPTION"
+->"uid-filter-template"</CODE
+->
+-      ]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->        LDAPDoUIDLookups off
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->        server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->        mod_ldap v2.0 and later
+-      </P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4665"
+-></A
+-><H2
+->Description</H2
+-><P
+->	This configuration directive activates LDAP UID-to-name
+-	lookups in directory listings. The second argument to this directive
+-	is the LDAP base DN to use for UID-to-name lookups. The third
+-	argument is a template to be used for the search filter; %v will be
+-	replaced with the UID that is being looked up. By default, the
+-	search filter template
+-	"(&amp;(LDAPAttr_uidNumber=%v)(objectclass=posixAccount))" is used.
+-	The uid for the the search filter is taken from the
+-	<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+-> directive
+-	Search
+-	filter templates are only supported in mod_ldap v2.7 and
+-	later.
+-	</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4669"
+-></A
+-><H2
+->See also</H2
+-><P
+->		<A
+-HREF="#LDAPATTR"
+->LDAPAttr</A
+->
+-	</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4673"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPFORCEDEFAULTGID"
+-></A
+->
+-			LDAPForceDefaultGID</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4684"
+-></A
+-><H2
+->Name</H2
+->LDAPForceDefaultGID&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same GID.</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4687"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->Syntax: LDAPForceDefaultGID</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPForceDefaultGID off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4715"
+-></A
+-><H2
+->Description</H2
+-><P
+->Even when a <A
+-HREF="#LDAPDEFAULTGID"
+->LDAPDefaultGID</A
+->
+-		is configured, mod_ldap will allow individual users to have
+-		gidNumber attributes that will override this default GID. With
+-		LDAPForceDefaultGID enabled, all LDAP-authenticated users are given
+-		the default GID; GIDs may not be overridden by gidNumber
+-		attributes.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4719"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4722"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPFORCEDEFAULTUID"
+-></A
+->
+-			LDAPForceDefaultUID</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4733"
+-></A
+-><H2
+->Name</H2
+->LDAPForceDefaultUID&nbsp;--&nbsp;Force all LDAP-authenticated users to use the same UID.</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4736"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->Syntax: LDAPForceDefaultUID</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPForceDefaultUID off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4764"
+-></A
+-><H2
+->Description</H2
+-><P
+->Even when a <A
+-HREF="#LDAPDEFAULTUID"
+->LDAPDefaultUID</A
+->
+-		is configured, mod_ldap will allow individual users to have
+-		uidNumber attributes that will override this default UID. With
+-		LDAPForceDefaultUID enabled, all LDAP-authenticated users are given
+-		the default UID; UIDs may not be overridden by uidNumber
+-		attributes.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4768"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4771"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPFORCEGENERATEDHOMEDIR"
+-></A
+->
+-      LDAPForceGeneratedHomedir</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4782"
+-></A
+-><H2
+->Name</H2
+->LDAPForceGeneratedHomedir&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
+-      prefix/suffix.
+-    </DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4785"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPForceGeneratedHomedir</B
+->  [        <CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-        <CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-      ] [        <CODE
+-CLASS="OPTION"
+->directory-mode</CODE
+->
+-      ]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->        LDAPForceGeneratedHomedir off
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->        server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->        mod_ldap v2.8.13 and later
+-      </P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4815"
+-></A
+-><H2
+->Description</H2
+-><P
+->Even when a
+-    <A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->LDAPGenerateHomedirPrefix</A
+->
+-    is configured, mod_ldap will allow individual users to have
+-    homeDirectory attributes that will override the default. With
+-    LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given
+-    the default prefix and/or suffix; homedirs may not be overridden by LDAP
+-    homeDirectory attributes.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4819"
+-></A
+-><H2
+->See also</H2
+-><P
+->	<A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+->
+-	<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->LDAPGenerateHomedirPrefix</A
+->
+-	<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+->LDAPGenerateHomedirPrefixNoUsername</A
+->
+-   </P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4825"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPFORCEHOMEDIRONDEMAND"
+-></A
+->
+-      LDAPForceHomedirOnDemand</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4836"
+-></A
+-><H2
+->Name</H2
+->LDAPForceHomedirOnDemand&nbsp;--&nbsp;      Force all LDAP-authenticated users to use the default HomeDironDemand
+-      prefix/suffix. [deprecated]
+-    </DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4839"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPForceHomedirOnDemand</B
+->  [        <CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-        <CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-      ] [        <CODE
+-CLASS="OPTION"
+->directory-mode</CODE
+->
+-      ]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->        LDAPForceHomedirOnDemand off
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->        server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-      </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->        mod_ldap v2.8.11 and later
+-      </P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4869"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive has been deprecated with mod_ldap v2.8.13.
+-	  Please take a look at LDAPForceGenerateHomedir
+-    </P
+-><P
+->Even when a
+-    <A
+-HREF="#LDAPHOMEDIRONDEMANDPREFIX"
+->LDAPHomeDironDemandPrefix</A
+->
+-    is configured, mod_ldap will allow individual users to have
+-    homeDirectory attributes that will override the default. With
+-    LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given
+-    the default prefix and/or suffix; homedirs may not be overridden by LDAP
+-    homeDirectory attributes.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4875"
+-></A
+-><H2
+->See also</H2
+-><P
+->LDAPForceGenerateHomedir</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4879"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPGENERATEHOMEDIR"
+-></A
+->
+-			LDAPGenerateHomedir</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4890"
+-></A
+-><H2
+->Name</H2
+->LDAPGenerateHomedir&nbsp;--&nbsp;			Enable the creation of user home directories on demand
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4893"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPGenerateHomedir</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->directory-mode</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPGenerateHomedir off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8.13 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4923"
+-></A
+-><H2
+->Description</H2
+-><P
+->LDAPGenerateHomedir activates on-demand home directory creation.
+-		If a user logs in and does not yet have a home directory, a home
+-		directory is created automatically.</P
+-><P
+->In mod_ldap &#60;= 2.7.6, the home directory will be owned by the
+-		same user and group that ProFTPD runs as (see the User and Group
+-		configuration directives). mod_ldap &#62;= 2.8 can create home
+-		directories for users with any UID/GID, not just those with the same
+-		UID/GID as the main ProFTPD server.</P
+-><P
+->The second argument allows you to specify the mode (default
+-		permissions) to use when creating home directories on demand,
+-		subject to ProFTPD's umask (see the Umask directive). If no
+-		directory mode is specified, the default of 0755 is used. Directory
+-		mode setting is only supported in mod_ldap v2.7 or later.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4928"
+-></A
+-><H2
+->See also</H2
+-><P
+->		<A
+-HREF="#LDAPFORCEGENERATEDHOMEDIR"
+->LDAPForceGeneratedHomedir</A
+->
+-		<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->LDAPGenerateHomedirPrefix</A
+->
+-		<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+->LDAPGenerateHomedirPrefixNoUsername</A
+->
+-		</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4934"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+->%<H1
+-><A
+-NAME="LDAPGENERATEHOMEDIRPREFIX"
+-></A
+->
+-			LDAPGenerateHomedirPrefix</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4945"
+-></A
+-><H2
+->Name</H2
+->LDAPGenerateHomedirPrefix&nbsp;--&nbsp;			Enable the creation of user home directories on demand
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN4948"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPGenerateHomedirPrefix</B
+->  [				<CODE
+-CLASS="OPTION"
+->leading-path</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPGenerateHomedirPrefix off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8.13 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4975"
+-></A
+-><H2
+->Description</H2
+-><P
+->LDAPGenerateHomedirPrefix enables a prefix to be specified for
+-		on-demand home directory creation. This is most useful if mod_ldap
+-		is being used to authenticate against an LDAP directory that does
+-		not return a homeDirectory attribute, either because it cannot
+-		(Microsoft Active Directory, for example) or because you do not wish
+-		to extend your existing directory schema.</P
+-><P
+->For example, setting this directive to "/home" and logging in
+-		as the user "joe" would result in his home directory being created
+-		as "/home/joe". The directory will be created with the mode
+-		specified in <A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+->.  To use
+-		this directive, <A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+-> must be
+-		enabled.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4981"
+-></A
+-><H2
+->See also</H2
+-><P
+->		<A
+-HREF="#LDAPFORCEGENERATEDHOMEDIR"
+->LDAPForceGeneratedHomedir</A
+->
+-		<A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+->
+-		<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+->LDAPGenerateHomedirPrefixNoUsername</A
+->
+-		</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN4987"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+-></A
+->
+-LDAPGenerateHomedirPrefixNoUsername</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN4998"
+-></A
+-><H2
+->Name</H2
+->LDAPGenerateHomedirPrefixNoUsername&nbsp;--&nbsp;(docs incomplete)</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5001"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPGenerateHomedirPrefixNoUsername</B
+->  [  <CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-  <CODE
+-CLASS="OPTION"
+->off</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->(docs incomplete)</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;, .ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap 2.8.13 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5029"
+-></A
+-><H2
+->Description</H2
+-><P
+->(docs incomplete)</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5032"
+-></A
+-><H2
+->See also</H2
+-><P
+->		<A
+-HREF="#LDAPFORCEGENERATEDHOMEDIR"
+->LDAPForceGeneratedHomedir</A
+->
+-		<A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+->
+-		<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->LDAPGenerateHomedirPrefix</A
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPHOMEDIRONDEMAND"
+-></A
+->
+-			LDAPHomedirOnDemand</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5046"
+-></A
+-><H2
+->Name</H2
+->LDAPHomedirOnDemand&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5049"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPHomedirOnDemand</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			] [				<CODE
+-CLASS="OPTION"
+->directory-mode</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPHomedirOnDemand off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5079"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive has been deprecated with mod_ldap v2.8.13.
+-	  	Please take a look at <A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+->
+-		</P
+-><P
+->LDAPHomedirOnDemand activates on-demand home directory creation.
+-		If a user logs in and does not yet have a home directory, a home
+-		directory is created automatically.</P
+-><P
+->In mod_ldap &#60;= 2.7.6, the home directory will be owned by the
+-		same user and group that ProFTPD runs as (see the User and Group
+-		configuration directives). mod_ldap &#62;= 2.8 can create home
+-		directories for users with any UID/GID, not just those with the same
+-		UID/GID as the main ProFTPD server.</P
+-><P
+->The second argument allows you to specify the mode (default
+-		permissions) to use when creating home directories on demand,
+-		subject to ProFTPD's umask (see the Umask directive). If no
+-		directory mode is specified, the default of 0755 is used. Directory
+-		mode setting is only supported in mod_ldap v2.7 or later.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5086"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#LDAPGENERATEHOMEDIR"
+->LDAPGenerateHomedir</A
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5090"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPHOMEDIRONDEMANDPREFIX"
+-></A
+->
+-			LDAPHomedirOnDemandPrefix</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5101"
+-></A
+-><H2
+->Name</H2
+->LDAPHomedirOnDemandPrefix&nbsp;--&nbsp;			Enable the creation of user home directories on demand [deprecated]
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5104"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPHomedirOnDemandPrefix</B
+->  [				<CODE
+-CLASS="OPTION"
+->leading-path</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPHomedirOnDemandPrefix off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5131"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive has been deprecated with mod_ldap v2.8.13.
+-	  	Please take a look at <A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->LDAPGenerateHomedirPrefix</A
+->
+-		</P
+-><P
+->LDAPHomedirOnDemandPrefix enables a prefix to be specified for
+-		on-demand home directory creation. This is most useful if mod_ldap
+-		is being used to authenticate against an LDAP directory that does
+-		not return a homeDirectory attribute, either because it cannot
+-		(Microsoft Active Directory, for example) or because you do not wish
+-		to extend your existing directory schema.</P
+-><P
+->For example, setting this directive to "/home" and logging in
+-		as the user "joe" would result in his home directory being created
+-		as "/home/joe". The directory will be created with the mode
+-		specified in <A
+-HREF="#LDAPHOMEDIRONDEMAND"
+->LDAPHomedirOnDemand</A
+->.  To use
+-		this directive, <A
+-HREF="#LDAPHOMEDIRONDEMAND"
+->LDAPHomedirOnDemand</A
+-> must be
+-		enabled.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5139"
+-></A
+-><H2
+->See also</H2
+-><P
+->		<A
+-HREF="#LDAPGENERATEHOMEDIRPREFIX"
+->LDAPGenerateHomedirPrefix</A
+->
+-		</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5143"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME"
+-></A
+->
+-LDAPHomedirOnDemandPrefixNoUsername</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5154"
+-></A
+-><H2
+->Name</H2
+->LDAPHomedirOnDemandPrefixNoUsername&nbsp;--&nbsp;(docs incomplete)</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5157"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPHomedirOnDemandPrefixNoUsername</B
+->  [  <CODE
+-CLASS="OPTION"
+->"name" limit|regex|ip value</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->(docs incomplete)</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;, .ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.5rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5184"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive has been deprecated with mod_ldap v2.8.13.
+-	Please take a look at <A
+-HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+->LDAPGenerateHomedirPrefixNoUsername</A
+->
+-	</P
+-><P
+->(docs incomplete)</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5189"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#LDAPGENERATEHOMEDIRPREFIXNOUSERNAME"
+->LDAPGenerateHomedirPrefixNoUsername</A
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPHOMEDIRONDEMANDSUFFIX"
+-></A
+->
+-			LDAPHomedirOnDemandSuffix</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5201"
+-></A
+-><H2
+->Name</H2
+->LDAPHomedirOnDemandSuffix&nbsp;--&nbsp;			Specify an additional directory to be created inside a user's
+-			home directory on demand. [deprecated]
+-		</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5204"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPHomedirOnDemandSuffix</B
+->  [				<CODE
+-CLASS="OPTION"
+->additional-directory1</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->additional-directory2</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->additional-directory3</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPHomedirOnDemandSuffix ""
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.6 and later.
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5233"
+-></A
+-><H2
+->Description</H2
+-><P
+->		This directive is deprecated and was removed from mod_ldap v2.8.13.
+-		It has no replacement option.
+-		</P
+-><P
+->to be created within a user's home directory when it is
+-		created on demand. For example, if a user's home directory is
+-		"/home/user", setting this configuration directive to "public_html"
+-		will also create "/home/user/public_html" on demand. In mod_ldap
+-		v2.7.6 and earlier, you must also activate LDAPHomedirOnDemand in
+-		your configuration.</P
+-><P
+->mod_ldap &#62;= 2.8 supports multiple suffix arguments and does
+-		not require LDAPHomedirOnDemand to be enabled.</P
+-><P
+->mod_ldap &#62;= 2.8.11 supports additional mode information;
+-		you can add ":octal-mode" to a directory argument to have it created
+-		with that mode. For example,
+-		LDAPHomedirOnDemandSuffix foo:700 will create the
+-		suffix directory foo with the mode 700.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5239"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5242"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPNEGATIVECACHE"
+-></A
+->
+-			LDAPNegativeCache</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5253"
+-></A
+-><H2
+->Name</H2
+->LDAPNegativeCache&nbsp;--&nbsp;Enable negative caching for LDAP lookups</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5256"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPNegativeCache</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPNegativeCache off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v1.1 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5284"
+-></A
+-><H2
+->Description</H2
+-><P
+->LDAPNegativeCache specifies whether or not to cache negative
+-		responses from the LDAP server when using LDAP for UID/GID lookups.
+-		This option is useful if you also use/are in transition from another
+-		authentication system; if there are many users in your old
+-		authentication system that aren't in the LDAP database, there can be
+-		a significant delay when a directory listing is performed as the
+-		UIDs not in the LDAP database are repeatedly looked up in an attempt
+-		to present usernames instead of UIDs in directory listings. With
+-		LDAPNegativeCache set to on, negative ("not found") responses from
+-		the LDAP server will be cached and speed will improve on directory
+-		listings that contain many users not present in the LDAP
+-		database.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5287"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5290"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPPROTOCOLVERSION"
+-></A
+->
+-LDAPProtocolVersion</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5301"
+-></A
+-><H2
+->Name</H2
+->LDAPProtocolVersion&nbsp;--&nbsp;Set the LDAP protocol version</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5304"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPProtocolVersion</B
+->  [  <CODE
+-CLASS="OPTION"
+->2 | 3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->3</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->2.8.13 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5331"
+-></A
+-><H2
+->Description</H2
+-><P
+->FIX FIX FIX</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5334"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5337"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+->FIXFIXFIX</P
+-><P
+->FIXFIX</P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPQUERYTIMEOUT"
+-></A
+->
+-			LDAPQueryTimeout</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5349"
+-></A
+-><H2
+->Name</H2
+->LDAPQueryTimeout&nbsp;--&nbsp;Set a timeout for LDAP queries</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5352"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPQueryTimeout</B
+->  [				<CODE
+-CLASS="OPTION"
+->timeout-seconds</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPQueryTimeout default-api-timeout
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5379"
+-></A
+-><H2
+->Description</H2
+-><P
+->Sets the timeout used for LDAP directory queries. The default
+-		is the default timeout used by your LDAP API.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5382"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5385"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPSEARCHSCOPE"
+-></A
+->
+-			LDAPSearchScope</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5396"
+-></A
+-><H2
+->Name</H2
+->LDAPSearchScope&nbsp;--&nbsp;Specify the search scope used in LDAP queries</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5399"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPSearchScope</B
+->  [				<CODE
+-CLASS="OPTION"
+->onelevel</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->subtree</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPSearchScope subtree
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.6 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5427"
+-></A
+-><H2
+->Description</H2
+-><P
+->Set the scope used for LDAP searches. The default setting,
+-		subtree, searches for all entries in the tree from the current level
+-		down. Setting this directive to onelevel searches only one level
+-		deep in the LDAP tree.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5430"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5433"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPSERVER"
+-></A
+->
+-			LDAPServer</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5444"
+-></A
+-><H2
+->Name</H2
+->LDAPServer&nbsp;--&nbsp;Specify the LDAP server to use for lookups</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5447"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LDAPServer</B
+->  [				<CODE
+-CLASS="OPTION"
+->"hostname1:port1 hostname2:port2"</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPServer "localhost"
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v1.0 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5474"
+-></A
+-><H2
+->Description</H2
+-><P
+->LDAPServer allows you to to specify the hostname(s) and
+-		port(s) of the LDAP server(s) to use for LDAP authentication. If no
+-		LDAPServer configuration directive is present, the default LDAP
+-		servers specified by your LDAP API will be used.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5477"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5480"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LDAPUSETLS"
+-></A
+->
+-			LDAPUseTLS</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5491"
+-></A
+-><H2
+->Name</H2
+->LDAPUseTLS&nbsp;--&nbsp;Enable TLS/SSL connections to the LDAP server.</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5494"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->Syntax: LDAPUseTLS</B
+->  [				<CODE
+-CLASS="OPTION"
+->on</CODE
+->
+-				<CODE
+-CLASS="OPTION"
+->off</CODE
+->
+-			]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->				LDAPUseTLS off
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->				server config, &lt;VirtualHost&gt;, &lt;Global&gt;
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ldap
+-			</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->				mod_ldap v2.8 and later
+-			</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5522"
+-></A
+-><H2
+->Description</H2
+-><P
+->By default, mod_ldap connects to the LDAP server via a
+-		non-encrypted connection. Enabling this option causes mod_ldap to
+-		use an encrypted (TLS/SSL) connection to the LDAP server. If a
+-		secure connection to the LDAP server fails, mod_ldap will not
+-		authenticate users (mod_ldap will *not* fall back to an unsecure
+-		connection).</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5525"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5528"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="LEECHRATIOMSG"
+-></A
+->
+-LeechRatioMsg</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN5539"
+-></A
+-><H2
+->Name</H2
+->LeechRatioMsg&nbsp;--&nbsp;Sets the 'over ratio' error message</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN5542"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->LeechRatioMsg</B
+->  [  <CODE
+-CLASS="OPTION"
+->LeechRatioMsg foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5569"
+-></A
+-><H2
+->Description</H2
+-><P
+->The LeechRatioMsg directive defines the response message sent
+-back to the client upon breaking their quota limits.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5572"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN5575"
+-></A
+-><H2
+->Examples</H2
+-><PRE
+-CLASS="PROGRAMLISTING"
+->LeechRatioMsg "please upload as well as download"</PRE
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="LIMIT"
+ ></A
+ >
[email protected]@ -18584,967 +13393,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="RADIUSACCTSERVER"
+-></A
+->
+-RadiusAcctServer</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN6758"
+-></A
+-><H2
+->Name</H2
+->RadiusAcctServer&nbsp;--&nbsp;Setup RADIUS accounting details</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN6761"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RadiusAcctServer</B
+->  [  <CODE
+-CLASS="OPTION"
+->server[:port] shared-secret [timeout]</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->none</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_radius</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.7rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6788"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P
+-><P
+->Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P
+-><P
+->If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6793"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#RADIUSAUTHSERVER"
+->RadiusAuthServer</A
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RADIUSAUTHSERVER"
+-></A
+->
+-RadiusAuthServer</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN6805"
+-></A
+-><H2
+->Name</H2
+->RadiusAuthServer&nbsp;--&nbsp;Setup RADIUS authenticator details</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN6808"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RadiusAuthServer</B
+->  [  <CODE
+-CLASS="OPTION"
+->server[:port] shared-secret [timeout]</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->none</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_radius</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.7rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6835"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P
+-><P
+->Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P
+-><P
+->If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6840"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#RADIUSAUTHSERVER"
+->RadiusAuthServer</A
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RADIUSENGINE"
+-></A
+->
+-RadiusEngine</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN6852"
+-></A
+-><H2
+->Name</H2
+->RadiusEngine&nbsp;--&nbsp;Enable RADIUS support</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN6855"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RadiusEngine</B
+->  [  <CODE
+-CLASS="OPTION"
+->on|off</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->off</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_radius</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.7rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6882"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RadiusEngine directive enables or disables the module's runtime RADIUS engine. If it is set to off this module does no RADIUS authentication or accounting at all. Use this directive to disable the module instead of commenting out all mod_radius directives. </P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6885"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RADIUSLOG"
+-></A
+->
+-RadiusLog</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN6896"
+-></A
+-><H2
+->Name</H2
+->RadiusLog&nbsp;--&nbsp;Specify the logfile for reporting / debugging</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN6899"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RadiusLog</B
+->  [  <CODE
+-CLASS="OPTION"
+->"file"|none</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->none</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_radius</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.7rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6926"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RadiusLog directive is used to a specify a log file for mod_radius
+-reporting and debugging, and can be done a per-server basis. The file
+-parameter must be the full path to the file to use for logging. Note
+-that this path must not be to a world-writeable directory and, unless
+-AllowLogSymlinks is explicitly set to on (generally a bad idea), the
+-path must not be a symbolic link.</P
+-><P
+->If file is "none", no logging will be done at all; this setting can be
+-used to override a RadiusLog setting inherited from a &lt;Global&gt; context.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6930"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RADIUSREALM"
+-></A
+->
+-RadiusRealm</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN6941"
+-></A
+-><H2
+->Name</H2
+->RadiusRealm&nbsp;--&nbsp;Setup the authentication realm</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN6944"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RadiusRealm</B
+->  [  <CODE
+-CLASS="OPTION"
+->realm</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->none</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_radius</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.7rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6971"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RadiusRealm directive configures a realm string that will be added to the username in the constructed RADIUS packets.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6974"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN6977"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+->&nbsp;&nbsp;RadiusRealm&nbsp;.castaglia.org</P
+-></DIV
+-><H1
+-><A
+-NAME="RADIUSUSERINFO"
+-></A
+->
+-RadiusUserInfo</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN6988"
+-></A
+-><H2
+->Name</H2
+->RadiusUserInfo&nbsp;--&nbsp;Configure login information via RADIUS</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN6991"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RadiusUserInfo</B
+->  [  <CODE
+-CLASS="OPTION"
+->uid gid home shell [suppl-group-names suppl-group-ids]</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->none</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_radius</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.7rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7018"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RadiusUserInfo directive is used to configure login information used for every user authenticated via RADIUS. The optional suppl-group-names and suppl-group-ids parameters are used to specify supplemental group membership for each user; the number of names and IDs must match if these parameters are used.</P
+-><P
+->In order to support RADIUS servers that may use custom attributes in their Access-Accept response packets to supply user information back to the RADIUS client (mod_radius in this case), this directive allows the following syntax for some of its parameters:</P
+-><P
+->&#13;<P
+-CLASS="LITERALLAYOUT"
+->&nbsp;&nbsp;$(attribute-id:default-value)</P
+->&#13;</P
+-><P
+->where the enclosing $() signals that the parameter is to be supplied by
+-the RADIUS server, attribute-id is the custom attribute ID for which to
+-search in the response packet, and default-value is the value to use in
+-case the requested attribute is not present in the response packet. This
+-syntax is not supported for the suppl-group-names or suppl-group-ids
+-parameters.</P
+-><P
+->If RadiusUserInfo is not used, mod_radius will perform pure "yes/no"
+-authentication only, in the style of PAM. The information that would
+-have been configured via this directive will be pulled from other sources
+-(e.g. /etc/passwd, AuthUserFiles, MySQL tables, etc).</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7026"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RATIOFILE"
+-></A
+->
+-RatioFile</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7037"
+-></A
+-><H2
+->Name</H2
+->RatioFile&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7040"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RatioFile</B
+->  [  <CODE
+-CLASS="OPTION"
+->RatioFile foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7067"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RatioFile directive ....
+-Example:
+-RatioFile</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7070"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7073"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RATIOS"
+-></A
+->
+-Ratios</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7084"
+-></A
+-><H2
+->Name</H2
+->Ratios&nbsp;--&nbsp;(docs incomplete)</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7087"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->Ratios</B
+->  [  <CODE
+-CLASS="OPTION"
+->Ratios foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7114"
+-></A
+-><H2
+->Description</H2
+-><P
+->The Ratios directive ....
+-Example:
+-Ratios</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7117"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7120"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="RATIOTEMPFILE"
+-></A
+->
+-RatioTempFile</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7131"
+-></A
+-><H2
+->Name</H2
+->RatioTempFile&nbsp;--&nbsp;Ratio directive</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7134"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RatioTempFile</B
+->  [  <CODE
+-CLASS="OPTION"
+->RatioTempFile foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7161"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RatioTempFile directive ....
+-Example:
+-RatioTempFile</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7164"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7167"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="REQUIREVALIDSHELL"
+ ></A
+ >
[email protected]@ -19656,1592 +13504,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="REWRITECONDITION"
+-></A
+->
+-RewriteCondition</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7225"
+-></A
+-><H2
+->Name</H2
+->RewriteCondition&nbsp;--&nbsp;Define a rule condition</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7228"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RewriteCondition</B
+->  [  <CODE
+-CLASS="OPTION"
+->condition pattern</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Directory&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_rewrite</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.6rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7255"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RewriteCondition directive defines a rule condition. Precede a
+-<A
+-HREF="#REWRITERULE"
+->RewriteRule</A
+-> directive with one or more
+-RewriteCondition directives. The following rewriting rule is only used if
+-its pattern matches the current state of the FTP command and if these
+-additional conditions apply too.</P
+-><P
+->Condition is a string which can contain the following expanded constructs
+-in addition to plain text:</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->		<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->RewriteRule backreferences</B
+-></SPAN
+->
+-	      </P
+-><P
+->		These are backreferences of the form:
+-	      </P
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->$N</B
+-></SPAN
+-></P
+-><P
+->		(0 &#60;= N &#60;= 9) which provide access to the grouped
+-	       	parts (parentheses!) of the pattern from the corresponding
+-		RewriteRule directive (the one following the current bunch
+-		of RewriteCondition directives). Note that $0 will refer
+-		back to the entire original string being matched.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->		<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->RewriteCondition backreferences</B
+-></SPAN
+->
+-	      </P
+-><P
+->		These are backreferences of the form:
+-	      </P
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%N</B
+-></SPAN
+-></P
+-><P
+->		(0 &#60;= N &#60;= 9) which provide access to the grouped parts
+-		(parentheses!) of the pattern from the previous
+-		RewriteCondition attached to this RewriteRule.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->		<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->RewriteMap expansions:</B
+-></SPAN
+->
+-	      </P
+-><P
+->		These are expansions of the form:
+-	      </P
+-><P
+->	      <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->${map-name:lookup-key|default-value}</B
+-></SPAN
+->
+-	      </P
+-><P
+->		See the documentation for <A
+-HREF="#REWRITEMAP"
+->RewriteMap
+-		</A
+-> for more details.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->		<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Variable substitutions:</B
+-></SPAN
+->
+-	      </P
+-><P
+->		These are substitutions of the form:
+-              </P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%a</B
+-></SPAN
+->
+-			client IP address
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%c</B
+-></SPAN
+->
+-			name of Class for current session
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%f</B
+-></SPAN
+->
+-			filename
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%F</B
+-></SPAN
+->
+-			transfer path, as seen by the client (only useful
+-			for upload/download commands)
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%g</B
+-></SPAN
+->
+-			primary group of authenticated user
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%G</B
+-></SPAN
+->
+-			supplemental groups of authenticated user
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%h</B
+-></SPAN
+->
+-			client DNS name
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%m</B
+-></SPAN
+->
+-			FTP command
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%p</B
+-></SPAN
+->
+-			port of server handling the session
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%u</B
+-></SPAN
+->
+-			name of authenticated user
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%U</B
+-></SPAN
+->
+-			name of user sent by client via USER
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->%v</B
+-></SPAN
+->
+-			ServerName of server handling the session
+-			</P
+-></LI
+-></UL
+-></LI
+-></UL
+-><P
+->Pattern is the condition pattern, i.e., a regular expression which is
+-applied to the current instance of the condition, i.e., condition is
+-evaluated and then matched against pattern. You can prefix the pattern
+-string with a '!' character (exclamation mark) to specify a non-matching
+-pattern.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7325"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#REWRITERULE"
+->RewriteRule</A
+->
+-<A
+-HREF="#REWRITEMAP"
+->RewriteMap</A
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7330"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="REWRITEENGINE"
+-></A
+->
+-RewriteEngine</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7341"
+-></A
+-><H2
+->Name</H2
+->RewriteEngine&nbsp;--&nbsp;Enable/disable mod_rewrite</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7344"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RewriteEngine</B
+->  [  <CODE
+-CLASS="OPTION"
+->on|off</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->off</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_rewrite</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.6rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7371"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RewriteEngine directive enables or disables the module's runtime
+-rewriting engine. If it is set to off this module does no parsing or
+-rewriting at all. Use this directive to disable the module instead of
+-commenting out all mod_rewrite directives.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7374"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="REWRITELOCK"
+-></A
+->
+-RewriteLock</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7385"
+-></A
+-><H2
+->Name</H2
+->RewriteLock&nbsp;--&nbsp;Set the filename for synchronization lockfile</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7388"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RewriteLock</B
+->  [  <CODE
+-CLASS="OPTION"
+->filename</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_rewrite</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.6rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7415"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RewriteLock directive sets the filename for a synchronization lockfile
+-which mod_rewrite needs to communicate with RewriteMaps of type fifo. Set
+-file to a local absolute path (not on a NFS-mounted device) when you want
+-to use a rewriting FIFO. It is not required for other types of rewriting maps.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7418"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="REWRITELOG"
+-></A
+->
+-RewriteLog</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7429"
+-></A
+-><H2
+->Name</H2
+->RewriteLog&nbsp;--&nbsp;Specify a log file for mod_rewrite reporting</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7432"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RewriteLog</B
+->  [  <CODE
+-CLASS="OPTION"
+->file|"none"</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_rewrite</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.6rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7459"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RewriteLog directive is used to a specify a log file for mod_rewrite
+-reporting and debugging, and can be done a per-server basis. The file
+-parameter must be the full path to the file to use for logging. Note
+-that this path must <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->not</B
+-></SPAN
+-> be to a
+-world-writeable directory and, unless AllowLogSymlinks is explicitly
+-set to on (generally a bad idea), the path must
+-<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->not</B
+-></SPAN
+-> be a symbolic link. In general,
+-this directive should only be used for debugging your mod_rewrite
+-configuration, and should be removed once debugging is completed;
+-<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->do not use this directive in a production
+-configuration.</B
+-></SPAN
+-></P
+-><P
+->If file is "none", no logging will be done at all; this setting can be
+-used to override a RewriteLog setting inherited from a &lt;Global&gt; context. </P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7466"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="REWRITEMAP"
+-></A
+->
+-RewriteMap</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7477"
+-></A
+-><H2
+->Name</H2
+->RewriteMap&nbsp;--&nbsp;Define a rewrite map</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7480"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RewriteMap</B
+->  [  <CODE
+-CLASS="OPTION"
+->map-name map-type:map-soure</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_rewrite</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.6rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7507"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RewriteMap directive defines a rewriting map which can be used inside
+-rule substitution strings by the mapping-functions to insert/substitute
+-fields through a key lookup. The source of this lookup can be of various types.</P
+-><P
+->The map-name is the name of the map and will be used to specify a
+-mapping-function for the substitution strings of a rewriting rule via
+-one of the following constructs:</P
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->${ map-name :  lookup-key }</B
+-></SPAN
+-></P
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->${ map-name :  lookup-key</B
+-></SPAN
+->
+- | 
+-<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->default-value</B
+-></SPAN
+-></P
+-><P
+->When such a construct occurs the map map-name is consulted and the key
+-lookup-key is resolved. If the key is found, the map-function construct
+-is substituted by subst-value. If the key is not found then it is
+-substituted by default-value or by the empty string if no default-value
+-was specified.</P
+-><P
+->The following combinations for map-type and map-src can be used:</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Standard Plain Text</B
+-></SPAN
+->
+-		</P
+-><P
+->			map-type: txt, map-src: Unix filesystem path to
+-			valid regular file.
+-		</P
+-><P
+->		This is the standard rewriting map feature where
+-		the map-src is a plain ASCII file containing either blank
+-		lines, comment lines (starting with a '#' character) or
+-		pairs like the following - one per line.
+-		</P
+-><P
+->			<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->matching-key subst-value</B
+-></SPAN
+->
+-		</P
+-><DIV
+-CLASS="EXAMPLE"
+-><A
+-NAME="EXAMPLE-USERMAP"
+-></A
+-><P
+-><B
+->Example 1-1. Example Usermap</B
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->		    # --------------------------------------------
+-    		    # usermap.txt -- map for rewriting user names
+-    		    # --------------------------------------------
+-
+-    		    Dave.Admin      dave       # The Uber-admin
+-    		    root            anonymous  # no one should be logging in as root anyway
+-		</PRE
+-></DIV
+-><P
+->			And, to configure this map to be used:
+-		</P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->			RewriteMap real-to-user txt:/path/to/file/usermap.txt
+-		</PRE
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->FIFO/Named Pipe</B
+-></SPAN
+-></P
+-><P
+->			map-type: fifo, map-src: Unix filesystem path
+-			to valid FIFO.
+-		</P
+-><P
+->		For this rewriting map, map-src is a FIFO (a.k.a. named pipe).
+-		To create it, you can use the mkfifo(1) command. An
+-		external program that opens the FIFO for reading and
+-		writing <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->must</B
+-></SPAN
+->  be started
+-		before proftpd is started. This program can communicate
+-		with the rewriting engine via the FIFO. For each mapping
+-		lookup, it can read the key to lookup as a newline-terminated
+-		string from the FIFO. It then has to write back to the FIFO
+-		the looked-up value as a newline-terminated string, or just
+-		simply newline character (denoting an empty string) if there
+-		is no corresponding value for the given key).
+-		</P
+-><P
+->		An example program which will implement a 1:1 mapping
+-		(i.e., key == value) could be:
+-		</P
+-><DIV
+-CLASS="EXAMPLE"
+-><A
+-NAME="EXAMPLE-FIFONAMEDPIPE"
+-></A
+-><P
+-><B
+->Example 1-2. Example FIFO/Named Pipe 1:1 mapping</B
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->#!/usr/bin/perl
+-    use strict;
+-
+-    use File::Basename qw(basename);
+-    use Getopt::Long;
+-    use IO::Handle;
+-    use IO::Select;
+-
+-    my $default_delay = 0.5;
+-    my $program = basename($0);
+-    my %opts = ();
+-
+-    GetOptions(\%opts, 'delay=f', 'fifo=s', 'help', 'verbose');
+-
+-    usage() if $opts{'help'};
+-
+-    my $delay = $opts{'delay'} ? $opts{'delay'} : $default_delay;
+-
+-    die "$program: missing required --fifo parameter\n" unless $opts{'fifo'};
+-    my $fifo = $opts{'fifo'};
+-
+-    my $verbose = $opts{'verbose'} ? 1 : 0;
+-
+-    open(my $fifo_fh, "+&#62; $fifo") or die "$program: unable to open $fifo: $!\n";
+-
+-    # Instantiate a Select object for knowing when to read from and write to
+-    # the FIFO.
+-    my $sel = IO::Select-&#62;new();
+-
+-    while (1) {
+-
+-      # Blocking select() for reading.
+-      $sel-&#62;add($fifo_fh);
+-
+-      print STDERR "$program: selecting for reading\n" if $verbose;
+-      my ($rfh) = $sel-&#62;can_read();
+-
+-      my $key = &lt;$rfh&gt;;
+-      print STDERR "$program: read '$key'\n" if $verbose;
+-
+-      # Lookup a value for the given key.
+-      my $value = lookup_value($key);
+-
+-      # Clear the Select object's filehandles.
+-      $sel-&#62;remove();
+-
+-      print $fifo_fh "$value\n" if $verbose;
+-      $fifo_fh-&#62;flush();
+-
+-      print STDERR "$program: wrote '$value'\n" if $verbose;
+-
+-      # Wait for the buffer's byte to be cleared before reading again.
+-      wait_fifo($fifo_fh);
+-    }
+-
+-    close($fifo_fh);
+-    print STDOUT "$program: done\n" if $verbose;
+-
+-    exit 0;
+-
+-    # --------------------------------------------------------------------------
+-    sub lookup_value {
+-      my ($key) = @_;
+-
+-      # NOTE: do something to obtain a value for the given key here.
+-      chomp(my $value = $key);
+-
+-      return $value;
+-    }
+-
+-    # --------------------------------------------------------------------------
+-    sub usage {
+-      print STDOUT &lt;&lt;END_OF_USAGE;
+-
+-    usage: $program [options]
+-
+-      --delay         Configure the buffer check delay.
+-                      The default is $default_delay seconds.
+-
+-      --fifo          Configure the path to the FIFO.  Required.
+-
+-      --help          Displays this message.
+-
+-      --verbose       Enables verbose output while $program runs.
+-
+-    END_OF_USAGE
+-
+-      exit 0;
+-    }
+-
+-    # --------------------------------------------------------------------------
+-    sub wait_fifo {
+-      my ($fh) = @_;
+-
+-      # Now we get tricky.  Use ioctl(2) to poll the number of bytes to
+-      # be read from the FIFO filehandle.  When the number drops to zero,
+-      # it means that the data we just wrote has been read from the buffer
+-      # by some other process, so we can go back to the top of this loop.
+-      # Otherwise, if this program loops faster than the reader/writer on
+-      # the other end of the FIFO, we'd end up reading the data we just
+-      # wrote.  Quite annoying, actually.
+-      #
+-      # Note: this value must be manually extracted from the system header files
+-      # using the following program:
+-      #
+-      # -------- fionread.c -------------------
+-      #  #include &lt;sys/ioctl.h&gt;
+-      #
+-      #  int main(int argc, char *argv[]) {
+-      #   printf("%#08x\n", FIONREAD);
+-      #   return 0;
+-      # }
+-      # ---------------------------------------
+-      #
+-      # &#62; cc -o fionread fionread.c
+-      # &#62; ./fionread
+-
+-      my $FIONREAD = 0x00541b;
+-
+-      my $size = pack('L', 0);
+-      ioctl($fh, $FIONREAD, $size) or die "$program: unable to use ioctl: $!\n";
+-      $size = unpack('L', $size);
+-
+-      while ($size != 0) {
+-        print STDERR "$program: waiting for buffer to be read\n" if $verbose;
+-        select(undef, undef, undef, $delay);
+-
+-        $size = pack('L', 0);
+-        ioctl($fh, $FIONREAD, $size) or die "$program: unable to use ioctl: $!\n";
+-        $size = unpack('L', $size);
+-      }
+-    }
+-
+-		</PRE
+-></DIV
+-><P
+->		To make use of this example script, simply implement your
+-		lookup code in the lookup_value() subroutine. Be very
+-		careful with such scripts, though:
+-		</P
+-><P
+-></P
+-><OL
+-TYPE="1"
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			     "Keep it simple, stupid" (KISS), because if
+-			      this program hangs it will hang proftpd when
+-			      the rule occurs. Well, keep it as simple as
+-			      possible...
+-			     </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			     Avoid one common mistake: avoid buffered I/O
+-			     if possible. This can cause a deadloop. If
+-			     necessary, be sure to flush the filehandle
+-			     before reading, and after writing.
+-			     </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->			     Use the RewriteLock directive to define a
+-			     lockfile mod_rewrite can use to synchronize
+-			     the communication to the FIFO program. By
+-			     default no such synchronization takes place.
+-			     </P
+-></LI
+-></OL
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Internal Function</B
+-></SPAN
+-></P
+-><P
+->			map-type: int, map-src: Internal mod_rewrite function.
+-		</P
+-><P
+->		Here the map-src is a mod_rewrite built-in function.
+-		Currently you cannot create your own, but the following
+-		functions already exist:
+-		</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->toupper</B
+-></SPAN
+-></P
+-><P
+->			Converts the looked up key to all upper case.
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->tolower</B
+-></SPAN
+-></P
+-><P
+->			Converts the looked up key to all lower case.
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->unescape</B
+-></SPAN
+-></P
+-><P
+->			Translates hex-encodings in the looked up key back
+-			to special characters.
+-			</P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->utf8trans</B
+-></SPAN
+-></P
+-><P
+->			Translates UTF-8 encodings in the lookup up key into
+-			Latin-1 characters.
+-			</P
+-></LI
+-></UL
+-></LI
+-></UL
+-><P
+->The RewriteMap directive can occur more than once. For each mapping-function
+-use one RewriteMap directive to declare its rewriting map name.</P
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Note:</B
+-></SPAN
+-> For plain text files the looked-up
+-keys are cached in-core until the mtime of the text map file changes or
+-the server does a restart. This way you can have map-functions in rules
+-which are used for <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->every</B
+-></SPAN
+-> request. This
+-is no problem, because the parsing of the text files only happens once!</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7575"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#REWRITECONDITION"
+->RewriteCondition</A
+-></P
+-></DIV
+-><H1
+-><A
+-NAME="REWRITERULE"
+-></A
+->
+-RewriteRule</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7587"
+-></A
+-><H2
+->Name</H2
+->RewriteRule&nbsp;--&nbsp;Define a rewrite rule</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7590"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->RewriteRule</B
+->  [  <CODE
+-CLASS="OPTION"
+->pattern substitution</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;, &lt;Anonymous&gt;, &lt;Directory&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_rewrite</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.6rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7617"
+-></A
+-><H2
+->Description</H2
+-><P
+->The RewriteRule directive is the real rewriting workhorse. The configuration
+-directive can occur more than once. Each directive defines a single
+-rewriting rule. The order of definition of these rules is important,
+-because this order is used when applying the rules at run-time.</P
+-><P
+->Pattern can be POSIX regular expression which gets applied to the current
+-FTP command argument(s).</P
+-><P
+->Some hints about the syntax of regular expressions:</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Text:</B
+-></SPAN
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->	        .           Any single character
+-  		[chars]     Character class: one of chars
+-		[^chars]    Character class: none of chars
+-  		text1|text2 Alternative: text1 or text2
+-	      </PRE
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Quantifiers:</B
+-></SPAN
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->	        ?           0 or 1 of the preceding text
+-  		*           0 or N of the preceding text (N &#62; 0)
+-  		+           1 or N of the preceding text (N &#62; 1)
+-	      </PRE
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Grouping:</B
+-></SPAN
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+-> 	      (text)       Grouping of text
+-              		   (either to set the borders of an alternative or
+-              		   for making backreferences where the Nth group can 
+-              		   be used on the RHS of a RewriteRule with $N)
+-	      </PRE
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Anchors:</B
+-></SPAN
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->	        ^           Start of line anchor
+-  		$           End of line anchor
+-	      </PRE
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Escaping:</B
+-></SPAN
+-></P
+-><PRE
+-CLASS="PROGRAMLISTING"
+->		\char       Escape that particular char
+-              		    (for instance to specify the chars ".[]()" etc.)
+-	      </PRE
+-></LI
+-></UL
+-><P
+->For more information about regular expressions have a look at your local
+-regex(3) manpage. If you are interested in more detailed information about
+-regular expressions and their variants (POSIX regex, Perl regex, etc.) have
+-a look at the following dedicated book on this topic:</P
+-><P
+->Mastering Regular Expressions
+-Jeffrey E.F. Friedl
+-Nutshell Handbook Series
+-O'Reilly &#38; Associates, Inc. 1997
+-ISBN 1-56592-257-3</P
+-><P
+->Additionally in mod_rewrite the NOT character ('!') is a possible pattern
+-prefix. This gives you the ability to negate a pattern; to say, for instance:
+-"if the current argument(s) does NOT match this pattern". This can be used
+-for exceptional cases, where it is easier to match the negative pattern,
+-or as a last default rule.</P
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Notice:</B
+-></SPAN
+-> When using the NOT character to
+-negate a pattern you cannot have grouped wildcard parts in the pattern.
+-This is impossible because when the pattern does NOT match, there are no
+-contents for the groups. In consequence, if negated patterns are used,
+-you cannot use $N in the substitution string.</P
+-><P
+->Substitution of a rewriting rule is the string which is substituted for
+-(or replaces) the original argument(s) for which pattern matched. Beside
+-plain text you can use:</P
+-><P
+-></P
+-><OL
+-TYPE="1"
+-><LI
+-><P
+->     $N backreferences to the RewriteRule pattern
+-     </P
+-></LI
+-><LI
+-><P
+->     %N backreferences to the last matched RewriteCondition pattern
+-     </P
+-></LI
+-><LI
+-><P
+->     variables as in RewriteCondition test strings
+-     </P
+-></LI
+-><LI
+-><P
+->     map function calls (${map-name:lookup-key|default-value}) 
+-     </P
+-></LI
+-></OL
+-><P
+->Backreferences are $<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->N</B
+-></SPAN
+->
+-(<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->N</B
+-></SPAN
+->=0..9) identifiers which will be replaced
+-by the contents of the <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->N</B
+-></SPAN
+->th group of the
+-matched pattern. The variables are the same as for the condition of a
+-<A
+-HREF="#REWRITECONDITION"
+->RewriteCondition</A
+-> directive, with two
+-additions:</P
+-><P
+-></P
+-><UL
+-><LI
+-><P
+->	%<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->P</B
+-></SPAN
+->
+-	process ID
+-	</P
+-></LI
+-><LI
+-><P
+->	%<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->t</B
+-></SPAN
+->
+-	Unix time since the epoch, in seconds
+-	</P
+-></LI
+-></UL
+-><P
+->The map functions come from the <A
+-HREF="#REWRITEMAP"
+->RewriteMap</A
+->
+-directive and are explained there. These four types of variables are
+-expanded in the order of the above list.</P
+-><P
+->All of the rewriting rules are applied to substitution. The command
+-argument(s) is completely replaced by the substitution.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7673"
+-></A
+-><H2
+->See also</H2
+-><P
+-><A
+-HREF="#REWRITECONDITION"
+->RewriteCondition</A
+->
+-<A
+-HREF="#REWRITEMAP"
+->RewriteMap</A
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7678"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="RLIMITCPU"
+ ></A
+ >
[email protected]@ -21815,115 +14077,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="SAVERATIOS"
+-></A
+->
+-SaveRatios</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN7924"
+-></A
+-><H2
+->Name</H2
+->SaveRatios&nbsp;--&nbsp;FIXME FIXME</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN7927"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->SaveRatios</B
+->  [  <CODE
+-CLASS="OPTION"
+->SaveRatios foo1 foo2 foo3</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None known</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->&lt;Directory&gt;, &lt;Anonymous&gt;, &lt;Limit&gt;,.ftpaccess</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_ratio</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->at least 1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7954"
+-></A
+-><H2
+->Description</H2
+-><P
+->The SaveRatios directive ....
+-Example:
+-SaveRatios</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7957"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN7960"
+-></A
+-><H2
+->Examples</H2
+-><P
+-></P
+-></DIV
+-><H1
+-><A
+ NAME="SCOREBOARDFILE"
+ ></A
+ >
[email protected]@ -22585,7 +14738,7 @@
+ ></A
+ ><H2
+ >Name</H2
+->SetEnv&nbsp;--&nbsp;(docs incomplete)</DIV
++>SetEnv&nbsp;--&nbsp;Set environment variable</DIV
+ ><DIV
+ CLASS="REFSYNOPSISDIV"
+ ><A
[email protected]@ -23038,3443 +15191,6 @@
+ ></DIV
+ ><H1
+ ><A
+-NAME="SQLAUTHENTICATE"
+-></A
+->
+-    SQLAuthenticate</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN8431"
+-></A
+-><H2
+->Name</H2
+->SQLAuthenticate&nbsp;--&nbsp;    Specify authentication methods and what to authenticate 
+-  </DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN8434"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->SQLAuthenticate</B
+->  {on | off}</P
+-><P
+->&nbsp;&nbsp;or</P
+-><P
+-><B
+-CLASS="COMMAND"
+->SQLAuthenticate</B
+->  [      users
+-    ] [      groups
+-    ] [      userset [fast]
+-    ] [      groupset [fast]
+-    ]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->          SQLAuthenticate <SAMP
+-CLASS="COMPUTEROUTPUT"
+->on</SAMP
+-> 
+-        </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->          server config, &lt;Global&gt;, &lt;VirtualHost&gt;
+-        </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->          mod_sql
+-        </P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->          1.2.5rc1 and later
+-        </P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8472"
+-></A
+-><H2
+->Description</H2
+-><P
+->The SQLAuthenticate directive configures mod_sql's authentication behavior,
+-controlling whether to provide user and/or group information during
+-authentication, and how that provisioning is performed. The parameters may
+-appear in any order.</P
+-><P
+->The available parameter values are:</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->on</B
+-></SPAN
+-></P
+-><P
+->		Shorthand for SQLAuthenticate users groups userset groupset.
+-	      </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->off</B
+-></SPAN
+-></P
+-><P
+->		Disables all mod_sql authentication functions.
+-	      </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->users</B
+-></SPAN
+-></P
+-><P
+->		If present, mod_sql will do user lookups. If not present,
+-		mod_sql will do no user lookups at all, including the
+-		{set|get|end}pwent() calls (see below).
+-	      </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->groups</B
+-></SPAN
+-></P
+-><P
+->		If present, mod_sql will do group lookups. If not present,
+-		mod_sql will do no group lookups at all, including the
+-		{set|get|end}grent() calls (see below).
+-	      </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->userset[fast]</B
+-></SPAN
+-></P
+-><P
+->		If present, mod_sql will process the potentially expensive
+-		{set|get|end}pwent() calls. If not present, mod_sql will
+-		not process these calls. Adding the suffix "fast" tells
+-		mod_sql to process the users as a single large query, rather
+-		than making a query per user. This may significantly reduce
+-		the number of queries against the database at the expense
+-		of increased memory use. This parameter will have no effect
+-		if "users" is not specified.
+-	      </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->groupset[fast]</B
+-></SPAN
+-></P
+-><P
+->		If present, mod_sql will process the potentially expensive
+-		{set|get|end}grent() calls. If not present, mod_sql will
+-		not process these calls. Adding the suffix "fast" tells
+-		mod_sql to process the groups as a single large query, 
+-		rather than making a query per group. This may significantly
+-		reduce the number of queries against the database at the
+-		expense of increased memory use. This parameter will have no
+-		effect if "groups" is not specified.
+-	      </P
+-></LI
+-></UL
+-><P
+->The SQLLog and SQLShowInfo directives will always be processed by mod_sql.
+-The SQLAuthenticate directive only affects the user and group
+-lookup/authentication portions of the module.</P
+-><P
+->Turning off (i.e. by not including) the userset or groupset parameters
+-affects the functionality of mod_sql. Not allowing these lookups may remove
+-the ability to control access or control functionality by group membership,
+-depending on your other authentication handlers and the data available to
+-them. At the same time, choosing not to do these lookups may dramatically
+-speed login for many large sites.</P
+-><P
+->The "fast" suffix is not appropriate for every site. Normally, mod_sql will
+-retrieve a list of users and groups, and get information from the database
+-on a per-user or per-group basis. This is query intensive: it requires
+-(nn + 1) queries, where n is the number of users or groups to lookup. By 
+-choosing "fast" lookups, mod_sql will make a single SELECT query to get
+-information from the database.</P
+-><P
+->In exchange for the radical reduction in the number of queries, the single
+-query will increase the memory consumption of the process; all group or user
+-information will be read at once rather than in discrete chunks.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT2"
+-><A
+-NAME="AEN8505"
+-></A
+-><H3
+->Group Table Structure</H3
+-><P
+->Normally <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->mod_sql</B
+-></SPAN
+-> allows multiple group
+-members per row, and multiple rows per group. If you use the "fast"
+-option for groupset, you <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->must</B
+-></SPAN
+-> use only one
+-row per group. For example, normally mod_sql treats the following three
+-tables in exactly the same way:</P
+-><P
+-CLASS="LITERALLAYOUT"
+->|--------------------------------------------------|<br>
+-|&nbsp;&nbsp;GROUPNAME&nbsp;&nbsp;|&nbsp;&nbsp;GID&nbsp;&nbsp;|&nbsp;&nbsp;MEMBERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|--------------------------------------------------|<br>
+-|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;naomi&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;priscilla&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;gertrude&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|--------------------------------------------------|<br>
+-<br>
+-|--------------------------------------------------|<br>
+-|&nbsp;&nbsp;GROUPNAME&nbsp;&nbsp;|&nbsp;&nbsp;GID&nbsp;&nbsp;|&nbsp;&nbsp;MEMBERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|--------------------------------------------------|<br>
+-|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;naomi,&nbsp;priscilla&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;gertrude&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|--------------------------------------------------|<br>
+-<br>
+-|--------------------------------------------------|<br>
+-|&nbsp;&nbsp;GROUPNAME&nbsp;&nbsp;|&nbsp;&nbsp;GID&nbsp;&nbsp;|&nbsp;&nbsp;MEMBERS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|<br>
+-|--------------------------------------------------|<br>
+-|&nbsp;group1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;|&nbsp;1000&nbsp;&nbsp;|&nbsp;naomi,&nbsp;priscilla,&nbsp;gertrude&nbsp;|<br>
+-|--------------------------------------------------|</P
+-><P
+->If you use the "fast" option, mod_sql assumes that all entries are 
+-structured like the last example.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8512"
+-></A
+-><H2
+->See also</H2
+-><P
+->      <A
+-HREF="#SQLUSERINFO"
+->SQLUserInfo</A
+-> 
+-      <A
+-HREF="#SQLGROUPINFO"
+->SQLGroupInfo</A
+->
+-    </P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8517"
+-></A
+-><H2
+->Examples</H2
+-></DIV
+-><H1
+-><A
+-NAME="SQLAUTHTYPES"
+-></A
+->
+-SQLAuthTypes</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN8527"
+-></A
+-><H2
+->Name</H2
+->SQLAuthTypes&nbsp;--&nbsp;Specify the allowed authentication types and their check order</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN8530"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->SQLAuthTypes</B
+->  [  <CODE
+-CLASS="OPTION"
+->[OpenSSL]</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[Crypt]</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[Backend]</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[Plaintext]</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[Empty]</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->none</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_sql</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8565"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive deprecates 'SQLEmptyPasswords',
+-'SQLScrambledPasswords', 'SQLSSLHashedPasswords',
+-'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'.</P
+-><P
+->The SQLAuthTypes directive specifies which authentication method
+-are to be allowed, and their order of use.
+-<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->You must specify at least one authentication
+-method.</B
+-></SPAN
+-></P
+-><P
+->The current supported authentication methods are:</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Backend</B
+-></SPAN
+-></P
+-><P
+->		Allows database-specific backend passwords. Not all
+-		backend databases support this option. For example,
+-		MySQL datatabases use this option to authenticate MySQL
+-		'PASSWORD()' encrypted passwords. The Postgres backend,
+-		however, does nothing.<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Caveat
+-		</B
+-></SPAN
+->: if your MySQL activity log is world-readable,
+-		the user password <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->will be visible
+-		</B
+-></SPAN
+->. You have been warned.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Crypt</B
+-></SPAN
+-></P
+-><P
+->		Allows passwords in the database to be of Unix crypt(3) form.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Empty</B
+-></SPAN
+-></P
+-><P
+->		Allows empty passwords in the database, which match
+-		against <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->any</B
+-></SPAN
+-> password
+-		the user may give. The database field must be a truly
+-		empty string; NULL values are not acceptable as empty
+-		passwords. <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Be very careful if using
+-		this authentication method.</B
+-></SPAN
+->
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->OpenSSL</B
+-></SPAN
+-></P
+-><P
+->		Allows passwords in the database to be of the form
+-		'{digest-name}hashed-value', where hashed-value
+-		is the base64-encoded digest of the passsword.
+-		Only available if you define HAVE_OPENSSL when you
+-		compile proftpd  and you link with OpenSSL's libcrypto
+-		library.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->Plaintext</B
+-></SPAN
+-></P
+-><P
+->		Allows passwords in the database to be in plaintext.
+-              </P
+-></LI
+-></UL
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8596"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8599"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+->	SQLAuthTypes&nbsp;Crypt&nbsp;Empty</P
+-><P
+->configures mod_sql to first attempt to verify the password using the
+-Unix crypt(3) function, then, if that fails, determine if the password
+-in the database is empty (thus matching any given password). If all of
+-the configured authentication methods fail, mod_sql will fail to
+-authenticate the user.</P
+-></DIV
+-><H1
+-><A
+-NAME="SQLBACKEND"
+-></A
+->
+-SQLBackend</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN8611"
+-></A
+-><H2
+->Name</H2
+->SQLBackend&nbsp;--&nbsp;Set the SQL backend module</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN8614"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->SQLBackend</B
+->  [  <CODE
+-CLASS="OPTION"
+->backend</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->Depends</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_sql</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.3.0rc1 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8641"
+-></A
+-><H2
+->Description</H2
+-><P
+->In 1.3.0rc1, the mod_sql module gained the ability to be compiled with multiple
+-backend modules supported, e.g. to have both mod_sql_mysql and mod_sql_postgres
+-usable in the same proftpd daemon. The SQLBackend directive configures which of
+-these different database backends should be used.</P
+-><P
+->If there is only one backend module compiled in, the SQLBackend directive is not
+-needed. If there are multiple backend modules compiled and no SQLBackend directive
+-is specified, then mod_sql will default to using the first backend module listed.
+-For instance, if you configured proftpd using a configure command such as:
+-
+-  ./configure --with-modules=mod_sql:mod_sql_postgres:mod_sql_mysql ...
+-
+-then mod_sql would default to using mod_sql_postgres as the backend module to use.</P
+-><P
+->You might have multiple &lt;VirtualHost&gt; sections which use different SQL backends.
+-Use "mysql" for the mod_sql_mysql module, and "postgres" for the mod_sql_postgres
+-module.</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8646"
+-></A
+-><H2
+->See also</H2
+-><P
+-></P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8649"
+-></A
+-><H2
+->Examples</H2
+-><P
+-CLASS="LITERALLAYOUT"
+->&nbsp;&nbsp;&lt;VirtualHost&nbsp;1.2.3.4&gt;<br>
+-&nbsp;&nbsp;&nbsp;&nbsp;SQLBackend&nbsp;mysql<br>
+-&nbsp;&nbsp;&nbsp;&nbsp;...<br>
+-&nbsp;&nbsp;&lt;/VirtualHost&gt;<br>
+-<br>
+-&nbsp;&nbsp;&lt;VirtualHost&nbsp;5.6.7.8&gt;<br>
+-&nbsp;&nbsp;&nbsp;&nbsp;SQLBackend&nbsp;postgres<br>
+-&nbsp;&nbsp;&nbsp;&nbsp;...<br>
+-&nbsp;&nbsp;&lt;/VirtualHost&gt;</P
+-></DIV
+-><H1
+-><A
+-NAME="SQLCONNECTINFO"
+-></A
+->
+-SQLConnectInfo</H1
+-><DIV
+-CLASS="REFNAMEDIV"
+-><A
+-NAME="AEN8660"
+-></A
+-><H2
+->Name</H2
+->SQLConnectInfo&nbsp;--&nbsp;Specify connection information for the backend</DIV
+-><DIV
+-CLASS="REFSYNOPSISDIV"
+-><A
+-NAME="AEN8663"
+-></A
+-><H2
+->Synopsis</H2
+-><P
+-><B
+-CLASS="COMMAND"
+->SQLConnectInfo</B
+->  [  <CODE
+-CLASS="OPTION"
+->connection-info</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[username]</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[password]</CODE
+->] [  <CODE
+-CLASS="OPTION"
+->[policy]</CODE
+->]</P
+-><P
+-></P
+-><DIV
+-CLASS="VARIABLELIST"
+-><P
+-><B
+-></B
+-></P
+-><DL
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Default</PRE
+-></DT
+-><DD
+-><P
+->None</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Context</PRE
+-></DT
+-><DD
+-><P
+->server config, &lt;Global&gt;, &lt;VirtualHost&gt;</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Module</PRE
+-></DT
+-><DD
+-><P
+->mod_sql</P
+-></DD
+-><DT
+-><PRE
+-CLASS="SYNOPSIS"
+->Compatibility</PRE
+-></DT
+-><DD
+-><P
+->1.2.0 and later</P
+-></DD
+-></DL
+-></DIV
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8696"
+-></A
+-><H2
+->Description</H2
+-><P
+->This directive deprecates 'MySQLInfo', 'PostgresInfo', and
+-'PostgresPort'.</P
+-><P
+->The SQLConnectInfo directive configures the information necessary to
+-connect to the backend database. The connection-info parameter specifies
+-the database, host, port, and other backend-specific information. The
+-optional username and password parameters specify a username and password
+-to use when connecting to the database. Both default to NULL, which the
+-backend will treat in some backend-specific manner. If you specify a
+-password, you <SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->must</B
+-></SPAN
+-> specify a username.
+-If no SQLConnectInfo directive is specified, mod_sql will disable itself.</P
+-><P
+->Any given database backend has the opportunity, though not necessarily
+-the responsibility, to check for syntax errors in the connection-info
+-field at server startup, but you should not expect semantic errors
+-(i.e., cannot connect to the database) to be caught until mod_sql 
+-attempts to connect for a given host.</P
+-><P
+->A given database connection is governed by a connection policy that
+-specifies when a connection should be opened and when it should be
+-closed. There are three options:</P
+-><P
+-></P
+-><UL
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+-><SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->PERSESSION</B
+-></SPAN
+-></P
+-><P
+->		Open a database connection at the start of the session
+-		and close the database connection at the end of the session.
+-              </P
+-></LI
+-><LI
+-STYLE="list-style-type: disc"
+-><P
+->number (<SPAN
+-CLASS="bold"
+-><B
+-CLASS="EMPHASIS"
+->TIMED</B
+-></SPAN
+->)</P
+-><P
+->		Timed database connections that close themselves
+-		after number seconds of inactivity.
+-              </P
+-></LI
+-></UL
+-><P
+->If a connection policy is not specified, if the policy is not a number or
+-is a number less than 1, or if the policy is the string "PERSESSION",
+-the PERSESSION policy will be used.</P
+-><P
+->If the connection policy is any number greater than 0, it specifies the
+-number of seconds that a connection will be held open without activity.
+-After that many seconds of database inactivity, the connection to the
+-database will be closed. As soon as database activity starts again,
+-the connection will be opened and the timer will restart.</P
+-><P
+->The MySQL and Postgres backends' connection-info is expected to be of the form:</P
+-><P
+->database[@hostname][:port]</P
+-><P
+->hostname will default to a backend-specific hostname (which happens to be
+-'localhost' for both the MySQL and Postgres backends), and port will default
+-to a backend-specific default port (3306 for the MySQL backend, 5432 for
+-the Postgres backend).</P
+-><P
+->From the MySQL documentation:</P
+-><P
+->the value of host may be either a hostname or an IP address. If host is
+-NULL or the string "localhost", a connection to the local host is assumed.
+-If the OS supports sockets (Unix) or named pipes (Windows), they are used
+-instead of TCP/IP to connect to the server.</P
+-><P
+->From the PostgreSQL documentation:</P
+-><P
+->If [the hostname] begins with a slash, it specifies Unix-domain
+-communication rather than TCP/IP communication; the value is the
+-name of the directory in which the socket file is stored. The default
+-is to connect to a Unix-domain socket in /tmp.</P
+-><P
+->If you plan to use the TIMED connection policy, consider the effect of
+-directives such as DefaultRoot on local socket communication: once a user
+-has been chroot()ed, the local socket file will probably not be available
+-within the chroot directory tree, and attempts to reopen communication will
+-fail. One way around this may be to use hardlinks within the user's
+-directory tree. PERSESSION connections are not affected by this because
+-the database will be opened prior to the chroot() call, and held open
+-for the life of the session. Network communications are not affected by
+-this problem. For example, while localhost would not work for MySQL since
+-the MySQL client library will try to use socket communications for that
+-host, 127.0.0.1 will work (as long as your database is setup to accept
+-these connections).</P
+-></DIV
+-><DIV
+-CLASS="REFSECT1"
+-><A
+-NAME="AEN8722"
+-></A
+-><H2
+->See also</H2
+-><P