News
----

The most important changes in this release are the following:

1. mod_authz_ldap has been ported to apache2. This also lead to a little
   code cleanup, some functionality already present e.g. in the OpenSSL
   libraries replaces certain of our functions. The most important change
   however was that the apache2 version of mod_authz_ldap no longer offers
   the EAPI, which was _the_ public interface to get information from inside
   mod_ssl. Instead, the function ssl_var_lookup is now declared in the
   public header mod_ssl.h, so we can use this to retrieve certificate
   information.

   Since the EAPI is no longer available and a good indicator of whether
   SSL is available or not, a new configuration flag --disable-ssl has
   been added to prevent inclusion of code that depends on mod_ssl in
   situations where one is only interested in the LDAP authentication
   functionality.

2. It turned out that ssl_var_lookup is also available in mod_ssl for
   apache 1.3, except that it must be declared as we don't have it in
   a public header. Consequently, the EAPI is no longer used not even
   in apache 1.3, and it is no longer necessary to patch mod_ssl!

Here is the ChangeLog section for this release

Release 0.22:
	* documentation changes to reflect all the changes in this release
	* some small bug fixes
	* add configuration directive AuthzLDAPCacheConnection for caching
	  connections (to allow .htaccess files to use mod_authz_ldap,
	  which previously caused a file descriptor leak)
	* changes for Apache 2: mod_ssl in Apache 2 does no longer use
	  the EAPI, which was used in Apache 1 to store information about
	  the client certificate. Instead, the client certificate data is
	  accessible via the ssl_var_lookup function defined in mod_ssl.h.
	  As a consequence, the logic previously handled in the mod_ssl patch
	  has been folded into certmap.c (for apache2). Fortunately, this
	  also works for apache1 (with the exception that there is no official
	  header to define ssl_var_lookup, so we have to do it ourselves
	  in the certmap.c file).
	* converted from EAPI context variables for authz_ldap::userdn to
	  apache notes table (which still works in apache2)
	* added a configuration directive AuthzLDAPEngine that must be set to
	  on if mod_authz_ldap should become active (allows AuthzLDAPServer
	  to have a more reasonable default)
	* added configuration directive to set ldap protocol version,
	  required for OpenLDAP 2.1.5. Default set so that if LDAP_VERSION3
	  symbol is defined, protocol version 3 is used. Otherwise, protocol
	  version is not set at all.
	* fix authzldap.ldif, the sample LDAP directory contents so that
	  it becomes acceptable for OpenLDAP 2.1.5
	* fix authzldap.schema so that it becomes acceptable for OpenLDAP
	  2.1.5
	* updated autoconf/automake to new versions


--
$Id: NEWS,v 1.7 2002/10/10 08:48:03 afm Exp $
