directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From akaras...@apache.org
Subject svn commit: r329112 - in /directory/apacheds/trunk: main/ main/src/main/java/org/apache/ldap/server/configuration/ main/src/main/java/org/apache/ldap/server/jndi/ xdocs/users/
Date Fri, 28 Oct 2005 05:54:28 GMT
Author: akarasulu
Date: Thu Oct 27 22:54:05 2005
New Revision: 329112

URL: http://svn.apache.org/viewcvs?rev=329112&view=rev
Log:
changes ...

 o some more doco but generated from confluence to xdoc converter
 o changed main to now use enriques new p-p configuration beans
 o added the ntp protocol provider to the server 
 o revamped (removed most) code in ServerContextFactory thanks to these 
   ServiceConfiguration beans
 

Added:
    directory/apacheds/trunk/xdocs/users/subtreespecificationgrammar.xml
Modified:
    directory/apacheds/trunk/main/project.xml
    directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/MutableServerStartupConfiguration.java
    directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/ServerStartupConfiguration.java
    directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java
    directory/apacheds/trunk/xdocs/users/subentries.xml

Modified: directory/apacheds/trunk/main/project.xml
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/project.xml?rev=329112&r1=329111&r2=329112&view=diff
==============================================================================
--- directory/apacheds/trunk/main/project.xml (original)
+++ directory/apacheds/trunk/main/project.xml Thu Oct 27 22:54:05 2005
@@ -95,16 +95,21 @@
       <artifactId>apacheds-shared</artifactId>
       <version>${pom.currentVersion}</version>
     </dependency>
-      <dependency>
-        <groupId>directory-protocols</groupId>
-        <artifactId>ldap-protocol</artifactId>
-        <version>0.9.3-SNAPSHOT</version>
-      </dependency>
-      <dependency>
-        <groupId>directory-protocols</groupId>
-        <artifactId>kerberos-protocol</artifactId>
-        <version>0.5.1-SNAPSHOT</version>
-      </dependency>
+    <dependency>
+      <groupId>directory-protocols</groupId>
+      <artifactId>ldap-protocol</artifactId>
+      <version>0.9.3-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>directory-protocols</groupId>
+      <artifactId>kerberos-protocol</artifactId>
+      <version>0.5.1-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>directory-protocols</groupId>
+      <artifactId>ntp-protocol</artifactId>
+      <version>0.1-SNAPSHOT</version>
+    </dependency>
     <dependency>
       <groupId>directory-asn1</groupId>
       <artifactId>asn1-codec</artifactId>
@@ -114,6 +119,11 @@
       <groupId>directory-shared</groupId>
       <artifactId>apache-ldapber-provider</artifactId>
       <version>0.9.3</version>
+    </dependency>
+    <dependency>
+      <groupId>directory-shared</groupId>
+      <artifactId>protocol-common</artifactId>
+      <version>0.5.0-SNAPSHOT</version>
     </dependency>
     <dependency>
       <groupId>directory-asn1</groupId>

Modified: directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/MutableServerStartupConfiguration.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/MutableServerStartupConfiguration.java?rev=329112&r1=329111&r2=329112&view=diff
==============================================================================
--- directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/MutableServerStartupConfiguration.java
(original)
+++ directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/MutableServerStartupConfiguration.java
Thu Oct 27 22:54:05 2005
@@ -86,6 +86,11 @@
         super.setEnableKerberos( enableKerberos );
     }
 
+    public void setEnableNtp( boolean enableNtp )
+    {
+        super.setEnableNtp( enableNtp );
+    }
+
     public void setLdapPort( int ldapPort )
     {
         super.setLdapPort( ldapPort );

Modified: directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/ServerStartupConfiguration.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/ServerStartupConfiguration.java?rev=329112&r1=329111&r2=329112&view=diff
==============================================================================
--- directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/ServerStartupConfiguration.java
(original)
+++ directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/configuration/ServerStartupConfiguration.java
Thu Oct 27 22:54:05 2005
@@ -41,6 +41,7 @@
     private int ldapPort = 389;
     private int ldapsPort = 636;
     private boolean enableKerberos;
+    private boolean enableNtp;
     private final Collection extendedOperationHandlers = new ArrayList();
 
     protected ServerStartupConfiguration()
@@ -72,11 +73,27 @@
     }
 
     /**
+     * Returns <tt>true</tt> if Kerberos support is enabled.
+     */
+    public boolean isEnableNtp()
+    {
+        return enableNtp;
+    }
+
+    /**
      * Sets whether to enable Kerberos support or not.
      */
     protected void setEnableKerberos( boolean enableKerberos )
     {
         this.enableKerberos = enableKerberos;
+    }
+
+    /**
+     * Sets whether to enable Ntp support or not.
+     */
+    protected void setEnableNtp( boolean enableNtp )
+    {
+        this.enableNtp = enableNtp;
     }
 
     /**

Modified: directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java?rev=329112&r1=329111&r2=329112&view=diff
==============================================================================
--- directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java
(original)
+++ directory/apacheds/trunk/main/src/main/java/org/apache/ldap/server/jndi/ServerContextFactory.java
Thu Oct 27 22:54:05 2005
@@ -21,23 +21,14 @@
 import java.net.InetSocketAddress;
 import java.util.Hashtable;
 import java.util.Iterator;
-import java.util.Properties;
 
-import javax.naming.Context;
 import javax.naming.NamingException;
-import javax.naming.ldap.Control;
-import javax.naming.ldap.InitialLdapContext;
-import javax.naming.ldap.LdapContext;
 
 import org.apache.kerberos.kdc.KdcConfiguration;
-import org.apache.kerberos.protocol.KerberosProtocolProvider;
-import org.apache.kerberos.sam.SamSubsystem;
+import org.apache.kerberos.kdc.KerberosServer;
 import org.apache.kerberos.store.JndiPrincipalStoreImpl;
 import org.apache.kerberos.store.PrincipalStore;
 import org.apache.ldap.common.exception.LdapConfigurationException;
-import org.apache.ldap.common.name.LdapName;
-import org.apache.ldap.common.util.NamespaceTools;
-import org.apache.ldap.common.util.PropertiesUtils;
 import org.apache.ldap.server.DirectoryService;
 import org.apache.ldap.server.configuration.ServerStartupConfiguration;
 import org.apache.ldap.server.protocol.ExtendedOperationHandler;
@@ -45,6 +36,8 @@
 import org.apache.mina.common.TransportType;
 import org.apache.mina.registry.Service;
 import org.apache.mina.registry.ServiceRegistry;
+import org.apache.ntp.NtpServer;
+import org.apache.ntp.NtpConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -61,7 +54,8 @@
 {
     private static Logger log = LoggerFactory.getLogger( ServerContextFactory.class.getName()
);
     private static Service ldapService;
-    private static Service kerberosService;
+    private static KerberosServer kdcServer;
+    private static NtpServer ntpServer;
     private static ServiceRegistry minaRegistry;
 
 
@@ -70,6 +64,7 @@
         return minaRegistry;
     }
 
+
     public void afterShutdown( DirectoryService service )
     {
         if ( minaRegistry != null )
@@ -84,18 +79,29 @@
                 ldapService = null;
             }
 
-            if ( kerberosService != null )
+            if ( kdcServer != null )
             {
-                minaRegistry.unbind( kerberosService );
+                kdcServer.destroy();
                 if ( log.isInfoEnabled() )
                 {
-                    log.info( "Unbind of KRB5 Service complete: " + kerberosService );
+                    log.info( "Unbind of KRB5 Service complete: " + kdcServer );
                 }
-                kerberosService = null;
+                kdcServer = null;
+            }
+
+            if ( ntpServer != null )
+            {
+                ntpServer.destroy();
+                if ( log.isInfoEnabled() )
+                {
+                    log.info( "Unbind of NTP Service complete: " + ntpServer );
+                }
+                ntpServer = null;
             }
         }
     }
-    
+
+
     public void afterStartup( DirectoryService service ) throws NamingException
     {
         ServerStartupConfiguration cfg =
@@ -109,89 +115,26 @@
 
             if ( cfg.isEnableKerberos() )
             {
-                startKerberosProtocol( env );
+                // construct the configuration, get the port, create the service, and prepare
kdc objects
+                KdcConfiguration kdcConfiguration = new KdcConfiguration( env );
+                PrincipalStore kdcStore = new JndiPrincipalStoreImpl( kdcConfiguration, this
);
+                kdcServer = new KerberosServer( kdcConfiguration, minaRegistry, kdcStore
);
             }
-        }
-    }
 
-    /**
-     * Starts up the MINA registry so various protocol providers can be started.
-     */
-    private void setupRegistry( ServerStartupConfiguration cfg )
-    {
-        minaRegistry = cfg.getMinaServiceRegistry();
-    }
-
-
-    /**
-     * Starts the Kerberos protocol provider which is backed by the LDAP store.
-     *
-     * @throws NamingException if there are problems starting up the Kerberos provider
-     */
-    private void startKerberosProtocol( Hashtable env ) throws NamingException
-    {
-        /*
-         * Looks like KdcConfiguration takes properties and we use Hashtable for JNDI
-         * so I'm copying over the String based properties into a new Properties obj.
-         */
-        Properties props = new Properties();
-        Iterator list = env.keySet().iterator();
-        while ( list.hasNext() )
-        {
-            String key = ( String ) list.next();
-
-            if ( env.get( key ) instanceof String )
-            {
-                props.setProperty( key, ( String ) env.get( key ) );
-            }
-        }
-
-        // construct the configuration, get the port, create the service, and prepare kdc
objects
-        KdcConfiguration config = new KdcConfiguration( props );
-        int port = PropertiesUtils.get( env, KdcConfiguration.KDC_PORT_KEY, KdcConfiguration.KDC_DEFAULT_PORT
);
-        Service service= new Service( "kerberos", TransportType.DATAGRAM, new InetSocketAddress(
port ) );
-        LdapContext ctx = getBaseRealmContext( config, env );
-        PrincipalStore store = new JndiPrincipalStoreImpl( ctx, new LdapName( "ou=Users"
) );
-        SamSubsystem.getInstance().setUserContext( ctx, "ou=Users" );
-
-        try
-        {
-            minaRegistry.bind( service, new KerberosProtocolProvider( config, store ) );
-            kerberosService = service;
-            if ( log.isInfoEnabled() )
+            if ( cfg.isEnableNtp() )
             {
-                log.info( "Successful bind of KRB5 Service completed: " + kerberosService
);
+                NtpConfiguration ntpConfig = new NtpConfiguration( env );
+                ntpServer = new NtpServer( ntpConfig, minaRegistry );
             }
         }
-        catch ( IOException e )
-        {
-            log.error( "Could not start the kerberos service on port " +
-                        KdcConfiguration.KDC_DEFAULT_PORT, e );
-        }
     }
 
-
     /**
-     * Maps a Kerberos Realm name to a position within the DIT.  The primary realm of
-     * the KDC will use this area for configuration and for storing user entries.
-     *
-     * @param config the KDC's configuration
-     * @param env the JNDI environment properties
-     * @return the base context for the primary realm of the KDC
-     * @throws NamingException
+     * Starts up the MINA registry so various protocol providers can be started.
      */
-    private LdapContext getBaseRealmContext( KdcConfiguration config, Hashtable env ) throws
NamingException
+    private void setupRegistry( ServerStartupConfiguration cfg )
     {
-        Hashtable cloned = ( Hashtable ) env.clone();
-        String dn = NamespaceTools.inferLdapName( config.getPrimaryRealm() );
-        cloned.put( Context.PROVIDER_URL, dn );
-
-        if ( log.isInfoEnabled() )
-        {
-            log.info( "Getting initial context for realm base at " + dn + " for " + config.getPrimaryRealm()
);
-        }
-
-        return new InitialLdapContext( cloned, new Control[]{} );
+        minaRegistry = cfg.getMinaServiceRegistry();
     }
 
 

Modified: directory/apacheds/trunk/xdocs/users/subentries.xml
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/xdocs/users/subentries.xml?rev=329112&r1=329111&r2=329112&view=diff
==============================================================================
--- directory/apacheds/trunk/xdocs/users/subentries.xml (original)
+++ directory/apacheds/trunk/xdocs/users/subentries.xml Thu Oct 27 22:54:05 2005
@@ -1,36 +1,356 @@
 <?xml version="1.0" encoding="UTF-8"?>
+
 <document>
   <properties>
-    <author email="akarasulu@apache.org">Alex Karasulu</author>
-    <title>Subentries</title>
+    <author email="akarasulu">akarasulu</author>
+    <title>Subentry Implementation</title>
   </properties>
-  
   <body>
-
-    <section name="What are they?">
-      <subsection name="Status">
-        <p>
-        </p>
-
-        <p>
-        </p>
+    <section heading="h2" name="Introduction">
+      <p>
+Subentries are used for managing the administration of different aspects of the
+directory.  LDAP has just recently formalized the notion of subentires
+in
+        <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+.  Subentries have existed within X.500 Directories for years with clear
+specifications for administering collective attributes, schema, and access
+controls.  Although LDAP has no equivalent *yet* for administering these aspects
+it is well on its way with RFC 3672 towards adopting and adapting these
+mechanisms from X.500 Directories.  It is only a matter of
+time.
+      </p>
+      <p>
+For this reason we intend to remain ahead of the curve by implementing these
+aspects of administration using Subentries and Administrative Areas similar to
+X.500
+Directories.</p>
+      <p>
+This page describes how Subentries are implemented within ApacheDS according to
+RFC 3672.  An understanding of this RFC and our implementation is critical for
+implementing administration mechanisms for the various mentioned
+aspects.</p>
+    </section>
+    <section heading="h2" name="SubtreeSpecificationParser Class">
+      <p>
+Within the *org.apache.ldap.common.subtree* package there resides a
+SubtreeSpecificationParser which parses the value of a subtreeSpecification
+attribute as defined by RFC 3672.  It generates a bean representation of the
+subtreeSpecification, a SubtreeSpecification instance.  This parser is used by
+the subentry management subsystem of ApacheDS to create these objects to track
+and manage subtrees representing collections of
+entries.</p>
+    </section>
+    <section heading="h2" name="SubtreeEvaluator Class">
+      <p>
+Within the *org.apache.ldap.server.subtree* package there resides a
+SubtreeEvaluator class.  An evaluate() method in this class determines whether
+or not an entry is included by the entry collection described by a
+subtreeSpecification attribute present within a
+subentry.</p>
+      <p>
+The SubtreeEvaluator uses the SubtreeSpecification objects generated  by
+SubtreeSpecificationParser instances.  The evaluator is a critical component as
+we'll see
+later.</p>
+    </section>
+    <section heading="h2" name="Tracking Entry Incusion in Subtrees">
+      <p>
+ApacheDS will need to rapidly determine which subentries an entry is contained
+in.  This will be required for schema checking, access controls, and collective
+attribute handling.  Eventually trigger handling and replication will also
+depend on this
+mechanism.</p>
+      <p>
+To determine the set of subentries including an entry we must use the
+SubtreeEvaluator on each subentry within a naming context.  Searching for these
+subentries, then parsing their subtreeSpecification attribute values every time
+would be an extremely expensive task to perform for each operation.  For this
+reason the subentry subsystem must load all subentry specifications at startup. 
+The parsing of the subtreeSpecification attribute to generate instances of
+SubtreeSpecifcation beans would happen upon initialization of the subsystem. 
+Furthermore the subsystem must track the addition, deletion and modification of
+subentry subtreeSpecifications to update this cache.  Checking for inclusion
+with this cache eliminates the need to search for subentries and parse their
+subtreeSpecification
+attributes.</p>
+      <p>
+There still remains a considerable effort to evaluate all the subentry
+SubtreeSpecifications for each operation on an entry.  When done once this
+information can be cached as well, however it can be permanantly stored with the
+entry using operational attributes.  For this reason we use subentry operational
+attributes within entries to reference the subentries whose subtreeSpecification
+includes them.  Such operational attributes can have a value or multiple values
+containing the DN of the subentry.  A different subentry operational attribute
+is used for each type of administrativeRole associated with the Administrative
+Point corresponding to the subentry.  Hence a subentry operational attribute for
+accessControlSpecificAreas for example can contain zero or more values pointing
+to subentries responsible for Directory Acces Control Domains (DACD). 
+Partitioning the operational attributes according to the administrativeRoles
+further reduces the processing overhead for locating including subentries for an
+entry based on functional needs.  These subentry operational attributes are
+injected automatically into entries by the subentry subsystem on add operations.
+They are modified whenever the subtreeSpecification value on subentries are
+altered or the name of and entry is changed via a modifyRdn operation.  Note
+that these operational attributes also make it easier to search for entries
+included within a subentry's
+subtree.</p>
+    </section>
+    <section heading="h2" name="Subentry Subsystem Implementation">
+      <p>
+The subentry subsystem must search for all subentries corresponding to a naming
+context and parse their subtreeSpecifications on startup.  The
+SubtreeSpecification objects are cached in memory using a hash.  The normalized
+DN of the subentry is used as the key into this
+hash.</p>
+      <p>
+The subsystem uses an interceptor to detect the addition, deletion and
+modification of subentries to update this cache with new information.  This way
+a restart will not be required to update the cache when administrative changes
+are made via subentry
+modifications.</p>
+      <p>
+Whenever an entry is added or its name is changed via a modifyRdn operation, the
+interceptor traps these calls and evaluates or re-evaluates the subentry
+operational attributes for that entry.  The cache of SubtreeSpecifications is
+accessed to test for inclusion of that entry within a subentry's
+subtree.</p>
+      <p>
+The subsystem may partition the SubtreeSpecification cache based on the naming
+context under which its subentry is located.  Partitioning the space this way
+reduces the overall search for including
+subtrees.</p>
+    </section>
+    <section heading="h2" name="Actions to take on operations">
+      <subsection heading="h3" name="Operations on Subentries">
+        <ul nesting="1">
+          <li>
+Add
+Subentry</li>
+          <ul nesting="2">
+            <li>
+Parse and add SubtreeSpecification of the Subentry to
+cache</li>
+            <li>
+Find and update the subentry operational attributes of all entries included by
+the new
+subtreeSpecification</li>
+          </ul>
+          <li>
+Delete
+Subentry</li>
+          <ul nesting="2">
+            <li>
+Remove the SubtreeSpecification of the Subentry from the
+cache</li>
+            <li>
+Find all entries that were included in the subtree and remove references to the
+subentry</li>
+          </ul>
+          <li>
+Modify Subentry's subtreeSpecification
+Attribute</li>
+          <ul nesting="2">
+            <li>
+Remove all entry references to the subentry's according to the old
+subtree</li>
+            <li>
+Remove the old SubtreeSpecification from the SS
+cache</li>
+            <li>
+Parse and add the new SubtreeSpecification to the SS
+cache</li>
+            <li>
+Find all entries selected by the new SubtreeSpecification and update their
+operational attributes to point to the
+subentry</li>
+          </ul>
+          <li>
+ModifyRdn on
+Subentry</li>
+          <ul nesting="2">
+            <li>
+Lookup all entries that reference the old name of the subentry and replace those
+operational attributes with the new
+name</li>
+          </ul>
+        </ul>
       </subsection>
-
-      <subsection name="Subentry Handling in ApacheDS">
-        <p>
-        </p>
+      <subsection heading="h3" name="Operations on Entries">
+        <ul nesting="1">
+          <li>
+Add
+Entry</li>
+          <ul nesting="2">
+            <li>
+Check to see if the entry is included by any
+SubtreeSpecifications</li>
+            <li>
+If it is add the appropriate subentry operational attributes to the entry to
+reference the
+subentry</li>
+          </ul>
+          <li>
+ModifyRdn</li>
+          <ul nesting="2">
+            <li>
+Some specific exclusions may cause Rdn name changes to affect inclusion so we
+have to remove all subentry operational attributes within the entry and
+recompute then once
+again.</li>
+            <li>
+Operations that change the names of administrative points directly via a
+modifyRdn on the AP or via one of the AP's ancestors cannot be permitted.  The
+reason is these changes would change the name of subentries referenced by
+entries in scope below the AP.  To move an AP the user must make it a normal
+entry
+first.</li>
+          </ul>
+        </ul>
       </subsection>
-
-      <subsection name="SubtreeSpecification Examples">
-        <p>
-        </p>
-      </subsection>
-
-      <subsection name="Subentry Examples">
-        <p>
-        </p>
-      </subsection>
-
+    </section>
+    <section heading="h2" name="Subentry Operational Attributes in Entries">
+      <p>
+Our approach here is justified in part by the use of subschemaSubentry
+operational attributes which point to subentries managing schema information for
+an entry.  We will expand on this concept for the other aspects of
+administration, namely for access control and collective attribute management. 
+RFC 3672 defines the following administrativeRole values for an administrative
+point:</p>
+      <table>
+        <tr>
+          <th>
+OID</th>
+          <th>
+NAME</th>
+        </tr>
+        <tr>
+          <td>
+2.5.23.1</td>
+          <td>
+autonomousArea</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.2</td>
+          <td>
+accessControlSpecificArea</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.3</td>
+          <td>
+accessControlInnerArea</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.4</td>
+          <td>
+subschemaAdminSpecificArea</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.5</td>
+          <td>
+collectiveAttributeSpecificArea</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.6</td>
+          <td>
+collectiveAttributeInnerArea</td>
+        </tr>
+      </table>
+      <p>
+We propose the following subentry operational attribute types to be used to
+correspond to these
+administrativeRoles:</p>
+      <table>
+        <tr>
+          <th>
+OID</th>
+          <th>
+NAME</th>
+          <th>
+ATTRIBUTE TYPE
+NAME</th>
+        </tr>
+        <tr>
+          <td>
+2.5.23.1</td>
+          <td>
+autonomousArea</td>
+          <td>
+automomousAreaSubentry</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.2</td>
+          <td>
+accessControlSpecificArea</td>
+          <td>
+accessControlAreaSubentries</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.3</td>
+          <td>
+accessControlInnerArea</td>
+          <td>
+accessControlInnerAreaSubentries</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.4</td>
+          <td>
+subschemaAdminSpecificArea</td>
+          <td>
+subschemaSubentry
+(EXISTS)</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.5</td>
+          <td>
+collectiveAttributeSpecificArea</td>
+          <td>
+collectiveAttributeSubentries
+(EXISTS)</td>
+        </tr>
+        <tr>
+          <td>
+2.5.23.6</td>
+          <td>
+collectiveAttributeInnerArea</td>
+          <td>
+collectiveAttributeSubentries
+(EXISTS)</td>
+        </tr>
+      </table>
+    </section>
+    <section heading="h2" name="Collective Attributes: a good simple usecase">
+      <p>
+Collective attributes use subentries and are perhaps the simplest mechanism by
+which we can demonstrate the use of subentries.  Here is an RFC for LDAP that
+describes
+how:
+        <a href="http://www.faqs.org/rfcs/rfc3671.html">RFC 3671</a>
+      </p>
+    </section>
+    <section heading="h2" name="Looking Ahead">
+      <p>
+It's a safe bet to partition the SubtreeSpecification cache based on the naming
+context of a subentry.  However better results may be achieved by partitioning
+the cache based on administrative areas and their roles.  An approach here is
+yet to be
+determined.</p>
+    </section>
+    <section heading="h2" name="Grammar used to implement SubtreeSpecification">
+      <p>
+Take a look at the subtree specification grammar
+here
+        <a href="./subtreespecificationgrammar.html">SubtreeSpecificationGrammar</a>
+.
+      </p>
     </section>
   </body>
 </document>

Added: directory/apacheds/trunk/xdocs/users/subtreespecificationgrammar.xml
URL: http://svn.apache.org/viewcvs/directory/apacheds/trunk/xdocs/users/subtreespecificationgrammar.xml?rev=329112&view=auto
==============================================================================
--- directory/apacheds/trunk/xdocs/users/subtreespecificationgrammar.xml (added)
+++ directory/apacheds/trunk/xdocs/users/subtreespecificationgrammar.xml Thu Oct 27 22:54:05
2005
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<document>
+  <properties>
+    <author email="elecharny">elecharny</author>
+    <title>SubtreeSpecificationGrammar</title>
+  </properties>
+  <body>
+    <section heading="h1" name="Subtree Specification LL(1) Grammar">
+      <p>
+Here is the LL(1) grammar used to decode a subtreeSpecification as described
+by
+        <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+      </p>
+      <source>&lt;SubtreeSpecification&gt; ::= '{' &lt;spse&gt; &lt;base-e&gt;
&lt;chopSpecification&gt; &lt;spse&gt; &lt;refinement-e&gt; '}'
+
+&lt;base-e&gt; ::= 
+	«base» &lt;sps&gt; &lt;localName&gt; &lt;spse&gt;
',' &lt;spse&gt; | 
+	e
+
+&lt;chopSpecification&gt; ::= «chopSpecification» '{' &lt;spse&gt;
&lt;chopSpecification-in&gt; '}'
+
+&lt;chopSpecification-in&gt; ::= 
+	«specificExclusions» &lt;spse&gt; &lt;chop-set-of-choice&gt;
&lt;spse&gt; &lt;specificExclusions-follower&gt; |
+	«minimum» &lt;sps&gt; &lt;number&gt; &lt;spse&gt;
&lt;minimum-follower&gt; |
+	«maximum» &lt;sps&gt; &lt;number&gt; &lt;spse&gt;
+
+&lt;specificExclusions-follower&gt; ::= 
+	',' &lt;spse&gt; «minimum» &lt;sps&gt; &lt;number&gt;
&lt;spse&gt; &lt;minimum-follower&gt; |
+	',' &lt;spse&gt; «maximum» &lt;sps&gt; &lt;number&gt;
&lt;spse&gt;
+
+&lt;minimum-follower&gt; ::= ',' &lt;spse&gt; «maximum» &lt;sps&gt;
&lt;number&gt; &lt;spse&gt;
+
+&lt;refinement-e&gt; ::= 
+        «specificationFilter» &lt;sps&gt; &lt;refinement&gt;
| 
+        e
+
+&lt;refinement&gt; ::= 
+	«item» &lt;spse&gt; ':' &lt;spse&gt; OID &lt;spse&gt;
|
+	«and» &lt;spse&gt; ':' &lt;spse&gt; &lt;set-of-refinement&gt;
|
+	«or» &lt;spse&gt; ':' &lt;spse&gt; &lt;set-of-refinement&gt;
|
+	«not» &lt;spse&gt; ':' &lt;spse&gt; &lt;refinement&gt;
|
+
+&lt;set-of-refinement&gt; ::= '{' &lt;spse&gt; &lt;refinement&gt;
&lt;refinements&gt; '}' &lt;spse&gt;
+
+&lt;refinements&gt; ::= 
+        ',' &lt;spse&gt; &lt;refinement&gt; | 
+        e
+
+&lt;localName&gt; ::= '"' DN '"'
+</source>
+    </section>
+  </body>
+</document>



Mime
View raw message