This file contains quick notes to get you going. I'll integrate everything
in one document as soon as get some time.

Please look at the ChangeLog section.

The module name is changed to mm_auth_ldap_module.
The source file name is also changed to mm_mod_auth_ldap.c
The name of shared object is: mm_mod_auth_ldap.so in Unix
and mm_mod_auth_ldap.dll in Windows.

I did that because Apache 2.x has a ldap module and it is named same as 
mine. 

So keep a note of it if you're adding LoadModule line in httpd.conf file 
by hand.

Example:

In Unix:

# apache 1.3.x
LoadModule mm_auth_ldap_module libexec/mm_mod_auth_ldap.so
# apache 2.0.x and 2.2.x
LoadModule mm_auth_ldap_module modules/mm_mod_auth_ldap.so

In Windows:

LoadModule mm_auth_ldap_module modules/mm_mod_auth_ldap.dll
# For apache 1.3.x 
AddModule mm_mod_auth_ldap.c

Note for Apache 2.2.x
The following directive must be provided:
AuthBasicProvider "mm_ldap"

Otherwise you'll get a error message like:
    Bad file descriptor: Could not open password  (null)

Compile (Unix)
==============
  Apache 1.3.x example:
    $ ./configure --with-mem-cache \
            --with-apache-dir=/usr/local/apache1 \
            --with-ldap-dir=/usr/local/openldap \
            --with-apxs \
            --with-apache-ver=1 \
            --with-ssl=yes

  Apache 2.0.x example:
    $ ./configure --with-mem-cache \
            --with-apache-dir=/usr/local/apache1 \
            --with-ldap-dir=/usr/local/openldap \
            --with-apxs \
            --with-apache-ver=2 \
            --with-ssl=yes

  Apache 2.2.x example:

    $ ./configure --with-mem-cache \
            --with-apache-dir=/usr/local/apache1 \
            --with-ldap-dir=/usr/local/openldap \
            --with-apxs \
            --with-apache-ver=2.2 \
            --with-ssl=yes

    ./configure --help for more info

    o if your LDAP sdk is not contained in one directory, use the options
      --with-ldap-includes and --with-ldap-libraries to specify the path of
      ldap header files and libraries respectively.

    ** Look at the sample httpd.conf for a special directive AuthBasicProvider "mm_ldap"

Look at:
    For directives etc:
      http://muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html

    For Caching and related directives:
      http://muquit.com/muquit/software/mod_auth_ldap/mod_auth_ldap_apache2.html

    For SSL/TLS:
      http://muquit.com/muquit/software/mod_auth_ldap/ssl_tls.html

Look at example httpd.conf file.

ChangeLog
=========
v3.11
    - compile libghthash --wih-pic always, because in solaris gcc does not
    seem to like pic and non-pic objects mixed. 
    (May-29-2006)

    - in solaris, for whatever reason, apxs/libtool looks for mm_mod_auth_ldap.a
    for during module installation. Changed Makefile.in to handle that.
    Changed Makefile.in and configure  to handle apache 1.3.x.
    (May-29-2006)

    - Make the binaries for Windows avaialble for apache 1.3.36, 2.0.58 and
    2.2.2.
    (May-29-2006)

v3.10
    - compiled in windows for apache 2.2.2
    - using latest versionof libghthash
    (May-21-2006)

v3.09
    - was not compiling with opendlap sdk with ssl for apache 2.2.x.

v3.08
    - Added support for Apache 2.2.x. The support is still alpha
      (Mar-18-2006)

    - configure flag --with-ssl was turning off SSL. If that flag was
      not used, automatic detection was working however
      (Mar-18-2006)

v3.07
    - configure was not working for Apache 2.x
      (Nov-03-2005)

    - 2 debug messages were written to log even if debugging was set to off.
    (Oct-23-2005)

v3.06
    - Source file is renamed to mm_auth_ldap.c to avoid conflict with 
      Apache2's own ldap module.
      (Sep-30-2005)

    - New configuration directive Extra_SearchFilter. By default this filter
    is (objectclass=*). Example:

    Uid_Attr CN
    Extra_SearchFilter "(objectclass=inetOrgPerson)"

    So, during authentication if the user enter John Doe as user id, 
    the filter (&(objectclass=inetOrgPerson)(CN=John Doe)) will be constructed
    during the search. Suggested by Jason Lewis.
    (Sep-30-2005)

v3.05
    - LDAP_Deref, AuthOnBind,Sub_Dn directives were missing from code for 
      Apache 1.3.x
      (Mar-17-2005)

    - auth_on_bind was mistakenly a pointer to char, it should have be an int.
      (Mar-17-2005)

v3.04

    * Support for OpenDLAP ldaps:// is added.

    Turn it on with LDAP_OpenLDAP_Initialize On.  If you do that, you must 
    specify the LDAP_server as: LDAP_Server ldaps://ldap.foo.com:636
    Also the ldap server name has to be the same fqdn as specified in the 
    server's certificate (look at CN in the Subject in the certificate).  It's 
    added as some people run their LDAP server that way. It doesn't give 
    any extra security.

    Better yet, you can use LDAP_StartTLS On and don't have to modify
    LDAP_Server. 

    ** Note about SSL with StartTLS and ldaps://
        For security perspective, there's no difference.  If you start the 
        openldap server with ldaps://, It'll accept connection to a SSL 
        port. On the ther hand with StartTLS, encryption is negotiated 
        over the same standard ldap port, that means you can run plain 
        text and encrypted sessions over the same ldap port. ldaps:// is a 
        hack and not a standard, StartTLS is part of LDAPv3.

        Reference:
            http://www.openldap.org/lists/openldap-software/200201/msg00042.html
            http://www.openldap.org/lists/openldap-software/200206/msg00387.html


- If compiled with OpenLDAP and if OpenLDAP SDK is compiled
  with SSL/TLS support, SSL connection can be made initialized
  to LDAP with the directive 'LDAP_OpenLDAP_Initialize On'. 
  Thanks to Lars Bohn.
  (Mar-12-2005)

- Added support for Novell C LDAP SDK. configure will detect it automatically.
  SSL support for Novell SDK is not added yet.
  (Mar-12-2005)

- Filter size is increased to 512 bytes from 256 bytes.
  (Mar-12-2005)

========================== sample httpd.conf =============================
##
# Apache configuration parameters for LDAP Authentication module
# muquit@muquit.com Jul-24-2005 

# Load the module
LoadModule mm_auth_ldap_module libexec/mm_mod_auth_ldap.so
#LoadModule mm_auth_ldap_module modules/mm_mod_auth_ldap.dll
# for apache 1.3.x use AddModule
AddModule mm_mod_auth_ldap.c

LDAP_UseMemoryCache_G On
LDAP_HashTableSize_G 1024
LDAP_CacheTTL_G       5000
LDAP_Persistent_G     On
SupportNestedGroups_G On

# directory to protect
#<Directory "c:/apache/htdocs/ldap">

<Directory "c:/apache/htdocs/ldap">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
##*************************For Apache 2.2.x ***********************
#  For Apache 2.2.x, the following directive must be set
#AuthBasicProvider "mm_ldap"
##*************************For Apache 2.2.x ***********************
#AuthLDAPAuthoritative Off
#AuthAuthoritative Off
#AuthOnBind On
#Sub_DN  "ou=CIS,ou=People"
Bind_Tries 3
AuthName "Authorized imaginary staff only"
AuthType Basic
LDAP_Debug On
LDAP_Server 192.168.0.2
LDAP_Protocol_Version 3
#LDAP_OpenLDAP_Initialize On
# If compiled with OpenLDAP SSL only
#LDAP_Server ldaps://topo.muquit.com:636
#LDAP_Port 636
LDAP_Connect_Timeout 1000
#LDAP_StartTLS On
#-- if using SSL -stars--
#LDAP_Port 636
# The path where cert7.db is located
#LDAP_CertDbDir "/home/muquit/ssl"
#-- if using SSL -ends--
Base_DN "dc=muquit,dc=com"
##Base_DN "dc=muquit,dc=com"
#Bind_DN "uid=admin,dc=muquit,dc=com"
#Bind_DN "cn=Manager,dc=muquit,dc=com"
#Bind_Pass "secret"
#UID_Attr uid
#UID_Attr cn
#UID_Attr_Alt "mail"
require valid-user
#UID_Attr cn
##UID_Attr sn
#Group_Attr "uniqueMember2"
#require user one muquit ttwo theree foo
#require user foo bar doe test muquitt muquit
#require roomnumber "foo"
#require roomnumber "bar"
#require roomnumber "moo"
#require roomnumber "koo"
#require roomnumber "C119 Center Building"
#Group_Attr uniquemember
#require group cn=webgroup,ou=Groups
#require group cn=gr1,ou=Groups
#require group cn=itstaff,ou=Groups
#require group cn=Gastro,ou=Groups
#require group cn=ebiz,ou=Groups
#require group cn=rcs,ou=Groups
#require group cn=rcs,ou=Groups
#require group "cn=masterg,ou=TMP,ou=People"
#require filter "(emaildrop=muquit1@muquit.com)"
#require filter "(emaildrop=muquit2@muquit.com)"
#require filter "(emaildrop=muquit@muquit.com)"
#require filter "(emaildrop=muquirt@muquit.com)"
</Directory>

