directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1021519 - /directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
Date Mon, 11 Oct 2010 21:44:18 GMT
Author: elecharny
Date: Mon Oct 11 21:44:18 2010
New Revision: 1021519

URL: http://svn.apache.org/viewvc?rev=1021519&view=rev
Log:
Added doco about Partitions

Modified:
    directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml

Modified: directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
URL: http://svn.apache.org/viewvc/directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml?rev=1021519&r1=1021518&r2=1021519&view=diff
==============================================================================
--- directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
(original)
+++ directory/apacheds-manuals/trunk/src/basic-user-guide/chapter-configuring-apacheds.xml
Mon Oct 11 21:44:18 2010
@@ -122,7 +122,7 @@
           <para><emphasis role="bold">replicaId</emphasis><subscript>([0..999],
0)</subscript> : <emphasis>The replica unique ID.</emphasis></para>
         </listitem>
         <listitem>
-          <para><emphasis role="bold">systemPartition</emphasis><subscript>(<xref
linked="Partition">partition</xref>)</subscript> : <emphasis>The dedicated
System partition</emphasis></para>
+          <para><emphasis role="bold">systemPartition</emphasis><subscript>(<xref
linkend="Partition configuration"/>)</subscript> : <emphasis>The dedicated
System partition</emphasis></para>
         </listitem>
         <listitem>
           <para><emphasis role="bold">accessControlEnabled</emphasis><subscript>(boolean,
true)</subscript> : <emphasis>Tells if the ACI subsystem is enabled or not.</emphasis></para>
@@ -138,6 +138,9 @@
           the encoded bytes representing the request).</emphasis></para>
         </listitem>
         <listitem>
+          <para><emphasis role="bold">testEntries</emphasis><subscript>(LDIF)</subscript>
: <emphasis>The set of entries to inject at startup</emphasis></para>
+        </listitem>
+        <listitem>
           <para><emphasis role="bold">syncPeriodMillis</emphasis><subscript>(Integer,
15000)</subscript> : <emphasis>Defines the delay between each flush to disk. No
data will be
           written to disk during this perido. If one wants everything to be written immediately,
then this value
           must be set to 0.</emphasis></para>
@@ -150,74 +153,205 @@
         and describe which one of them will be present in the chain. Some of them are absolutely
mandatory,
         some other might be removed from the chain</para>
         <para>The list of Interceptor is given in the following ordered list (the first
Interceptors
-        in this list will be the first one in the chain) :</para>
+        in this list will be the first one in the chain)</para>
+        <important> 
+          <para>
+            These Interceptors must <emphasis role="bold">NOT</emphasis> 
+            be removed from the chain, not moved up or down in the chain !
+          </para>
+        </important>
         <itemizedlist>
           <listitem>
             <para>
-              <emphasis role="bold">NormalizationInterceptor</emphasis><subscript>Mandatory</subscript>
: 
-              <emphasis>Normalizes the incoming requests. This Interceptor must <emphasis
role="bold">NOT</emphasis> 
-              be removed from the chain !</emphasis>
+              <emphasis role="bold">NormalizationInterceptor</emphasis> : 
+              <emphasis>A name normalization service. This service makes sure all relative
and distinguished
+              names are normalized before calls are made against the respective interface
methods on DefaultPartitionNexus.
+              The Filters are also normalized.
+              If the RDN AttributeTypes are not present in the entry for an Add request,
+              they will be added.</emphasis>
             </para>
           </listitem>
           <listitem>
             <para>
-              <emphasis role="bold">AuthenticationInterceptor</emphasis><subscript>Mandatory</subscript>
: 
-              <emphasis>This Interceptor handle the authentication and manage the LdapSession.</emphasis>
+              <emphasis role="bold">AuthenticationInterceptor</emphasis> : 
+              <emphasis>This Interceptor handle the users authentication.</emphasis>
             </para>
           </listitem>
-          <listitem><para><emphasis role="bold">AciAuthorizationInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
-          </listitem>
-          <listitem><para><emphasis role="bold">AdministrativePointInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">ReferralInterceptor</emphasis> : 
+              <emphasis>This interceptor update the Referral cache when some referrals
are
+              added or removed from the DIT</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">ChangeLogInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">AciAuthorizationInterceptor</emphasis> :

+              <emphasis>An ACI based authorization Interceptor. This is where all the
access control
+              checks are done. If a user tries to perform any operations that requires
+                permission he or she doesn't have, a NoPermissionException will be
+                thrown and therefore the current invocation chain will terminate.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">CollectiveAttributeInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">DefaultAuthorizationInterceptor</emphasis>
: 
+              <emphasis>An Interceptor that controls access to the data.
+                If a user tries to perform any operations that requires
+                permission he or she doesn't have, a NoPermissionException will be
+                thrown and therefore the current invocation chain will terminate.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">DefaultAuthorizationInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">AdministrativePointInterceptor</emphasis>
: 
+              <emphasis>An Interceptor to manage the Administrative model.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">DelayInducingInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">ExceptionInterceptor</emphasis> : 
+              <emphasis>An Interceptor that detects any operations that breaks integrity
+                of Partition and terminates the current invocation chain by
+                throwing an Exception. Those operations include when an entry
+                already exists at a DN and is added once again to the same DN.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">EventInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">ChangeLogInterceptor</emphasis> : 
+              <emphasis>An interceptor which intercepts write operations to the directory
and
+                logs them with the server's ChangeLog service.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">ExceptionInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">OperationalAttributeInterceptor</emphasis>
: 
+              <emphasis>An Interceptor that adds or modifies the default attributes
+                of entries. There are six default attributes for now :
+                'creatorsName', 'createTimestamp', 'modifiersName',
+                'modifyTimestamp', 'entryUUID and 'entryCSN'</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">JournalInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">SchemaInterceptor</emphasis> : 
+              <emphasis>An Interceptor that manages and enforces schemas for every
incoming request.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">KeyDerivationInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">SubentryInterceptor</emphasis> : 
+              <emphasis>The Subentry Interceptor service which is responsible for filtering
+                out subentries on search operations and injecting operational attributes</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">OperationalAttributeInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">CollectiveAttributeInterceptor</emphasis>
: 
+              <emphasis>An Interceptor based service dealing with collective attribute
+                management.  This service intercepts read operations on entries to
+                inject collective attribute value pairs into the response based on
+                the entires inclusion within collectiveAttributeSpecificAreas and
+                collectiveAttributeInnerAreas.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">PasswordPolicyInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">EventInterceptor</emphasis> : 
+              <emphasis>An Interceptor based service for notifying DirectoryListeners
of changes to the DIT.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">ReferralInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">TriggerInterceptor</emphasis> : 
+              <emphasis>The Trigger Interceptor based on the Trigger Specification.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">SchemaInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">JournalInterceptor</emphasis> : 
+              <emphasis>An Interceptor which intercepts write operations to the directory
and
+                logs them into a journal.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">SubentryInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+        </itemizedlist>
+        <para>The following interceptors can be added in the chain, if needed. The
best is to place
+        them at the end of the existing chain.</para>
+        <itemizedlist>
+          <listitem>
+            <para>
+              <emphasis role="bold">KeyDerivationInterceptor</emphasis> : 
+              <emphasis>An Interceptor that creates symmetric Kerberos keys for users.
When a
+                'userPassword' is added or modified, the 'userPassword' and 'krb5PrincipalName'
+                are used to derive Kerberos keys.  If the 'userPassword' is the special keyword
+                'randomKey', a random key is generated and used as the Kerberos key.</emphasis>
+            </para>
           </listitem>
-          <listitem><para><emphasis role="bold">TriggerInterceptor</emphasis>
: 
-            <emphasis></emphasis></para>
+          <listitem>
+            <para>
+              <emphasis role="bold">PasswordPolicyInterceptor</emphasis> : 
+              <emphasis>An Interceptor that enforces password policy for users. Add
or modify operations
+                on the 'userPassword' attribute are checked against a password policy. The
password is
+                rejected if it does not pass the password policy checks. The password MUST
be passed to
+                the core as plaintext.</emphasis>
+            </para>
           </listitem>
         </itemizedlist>
       </section>
       <section id="PasswordPolicy configuration">
       </section>
-      <section id="Partitions configuration">
+      <section id="Partitions configuration" xreflabel="Partitions configuration">
+        <title>Partitions configuration</title>
+        <para>The DirectoryService is associated with a set of Partitions, which have
to be configured.</para>
+        <para>Each Partition has its own configuration, and we store the list of configured
partitions
+        into the DirectoryService.</para>
+        <important>
+          <para>There is one distinct Partition which is always present, the <emphasis
role="bold">System</emphasis>
+          partition. It contains many critical configuration parameters.</para>
+        </important>
+        <section id="Partition configuration" xreflavel="Partition configuration">
+          <title>Partition configuration</title>
+          <para>Each Partition has a set of parameters that can be modified.</para>
+          <itemizedlist>
+            <listitem>
+              <para><emphasis role="bold">id</emphasis><subscript>(String)</subscript>
: 
+              <emphasis>The partition unique idntifier .</emphasis></para>
+            </listitem>
+            <listitem>
+              <para><emphasis role="bold">suffix</emphasis><subscript>(DN)</subscript>
: 
+              <emphasis>The partition's suffix. This must be a DN.</emphasis></para>
+            </listitem>
+            <listitem>
+              <para><emphasis role="bold">cacheSize</emphasis><subscript>(Integer,
100)</subscript> : 
+              <emphasis>The number of cached entries for this partition.</emphasis></para>
+            </listitem>
+            <listitem>
+              <para><emphasis role="bold">optimizerEnabled</emphasis><subscript>(boolean,
true)</subscript> : 
+              <emphasis>Tells if the optimizer is enabled or not.</emphasis></para>
+            </listitem>
+            <listitem>
+              <para><emphasis role="bold">syncOnWrite</emphasis><subscript>(boolean,
false)</subscript> : 
+              <emphasis>Tells the server to flush on disk for every write .</emphasis></para>
+            </listitem>
+            <listitem>
+              <para><emphasis role="bold">indexedAttributes</emphasis>
: 
+              <emphasis>The set of indexed attributes for this partition. Each indexed
attribute
+                has its own configuration elements, which are described on <xref linkend="indexedAttributes"/>.</emphasis></para>
+            </listitem>
+          </itemizedlist>
+          <section id="indexedAttributes" xreflabel="Indexed Attributes">
+            <title>Indexed Attributes</title>
+            <para>Here we describe the Index attributes configuration. Each attribute
can be indexed.</para>
+            <para>The following parameters can be configured :</para>
+            <itemizedlist>
+              <listitem>
+              <para><emphasis role="bold"></emphasis><subscript>(,
)</subscript> : 
+              <emphasis>.</emphasis></para>
+              </listitem>
+            </itemizedlist>
+          </section>
+        </section>
       </section>
       <section id="ChangeLog configuration">
       </section>



Mime
View raw message