directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fel...@apache.org
Subject svn commit: r1208304 [1/2] - in /directory/documentation/apacheds-manuals/trunk: ./ src/advanced-user-guide-confluence/ src/advanced-user-guide-confluence/chapter-1/ src/advanced-user-guide-confluence/chapter-2/ src/advanced-user-guide-confluence/image...
Date Wed, 30 Nov 2011 06:57:08 GMT
Author: felixk
Date: Wed Nov 30 06:56:52 2011
New Revision: 1208304

URL: http://svn.apache.org/viewvc?rev=1208304&view=rev
Log:
Move wiki pages to svn (DIRSERVER-1678)

Move "Advanced User's Guide" (https://cwiki.apache.org/confluence/display/DIRxSRVx20/ApacheDS+v2.0+Advanced+User%27s+Guide)

Added:
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/APs-tree.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.17.54_PM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.18.49_PM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.19.44_PM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.57.50_PM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.59.28_PM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_8.45.09_PM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.01.43_AM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.03.21_AM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.12.16_AM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.13.47_AM.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/check.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/error.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/header-green_20091029.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/important.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb_on.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/smile.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/subentry.png   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/warning.gif   (with props)
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/preface.confluence
    directory/documentation/apacheds-manuals/trunk/src/main/assembly/advanced-user-guide-confluence.xml   (with props)
    directory/documentation/apacheds-manuals/trunk/src/main/assembly/basic-user-guide-confluence.xml   (with props)
Modified:
    directory/documentation/apacheds-manuals/trunk/pom.xml

Modified: directory/documentation/apacheds-manuals/trunk/pom.xml
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/pom.xml?rev=1208304&r1=1208303&r2=1208304&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/pom.xml (original)
+++ directory/documentation/apacheds-manuals/trunk/pom.xml Wed Nov 30 06:56:52 2011
@@ -147,6 +147,44 @@ under the License.
               <goal>run</goal>
             </goals>
           </execution>
+          <execution>
+            <id>convert-advanced-confluence</id>
+            <phase>pre-site</phase>
+            <configuration>
+              <target>
+                <!-- choose all files listed in book.txt -->
+                <loadfile srcfile="${basedir}/src/advanced-user-guide-confluence/book.txt" property="inputfiles">
+                  <filterchain>
+                    <tokenfilter>
+                      <replacestring from="\n" to=","/>
+                    </tokenfilter>
+                  </filterchain>
+                </loadfile>
+                <!-- concat all files listed in book.txt to a single file -->
+                <concat destfile="${project.build.directory}/generated-sources/advanced-user-guide-confluence/book.confluence" append="false" fixlastline="yes">
+                  <filelist dir="${basedir}/src/advanced-user-guide-confluence" files="${inputfiles}"/>
+                </concat>
+                <!-- load eclispe mylyn wikitext ant task -->
+                <path id="wikitext.classpath">
+                  <fileset dir="${basedir}/lib">
+                    <include name="org.eclipse.mylyn.wikitext.*core*.jar"/>
+                  </fileset>
+                </path>
+                <taskdef classpathref="wikitext.classpath"
+                        resource="org/eclipse/mylyn/wikitext/core/util/anttask/tasks.properties" />
+                <!-- convert single confluence wiki file to docbook -->
+                <wikitext-to-docbook markupLanguage="Confluence" doctype=""
+                  bookTitle="ApacheDS Advanced User Guide v${project.version}">
+                  <fileset dir="${project.build.directory}/generated-sources/advanced-user-guide-confluence">
+                    <include name="book.confluence"/>
+                  </fileset>
+                </wikitext-to-docbook>
+              </target>
+            </configuration>
+            <goals>
+              <goal>run</goal>
+            </goals>
+          </execution>
         </executions>
         
       </plugin>
@@ -166,11 +204,11 @@ under the License.
                 <type>zip</type>
               </artifactItem>
             </artifactItems>
-            <includes>**\/*.gif</includes>
+            <includes>**\/*.gif,**\/*.png</includes>
             <outputDirectory>${project.build.directory}/docbook-xsl</outputDirectory>
           </configuration>
           <goals>
-          <goal>unpack</goal>
+            <goal>unpack</goal>
           </goals>
           </execution>
         </executions>
@@ -201,6 +239,7 @@ under the License.
           <chunkedOutput>true</chunkedOutput>
           <includes>book.xml</includes>
           <draftMode>yes</draftMode>
+          <draftWatermarkImage>${project.build.directory}/docbook-xsl/docbook/images/draft.png</draftWatermarkImage>
           <xincludeSupported>true</xincludeSupported>
           <paperType>A4</paperType>
           <fop1Extensions>1</fop1Extensions>
@@ -221,18 +260,18 @@ under the License.
               <targetDirectory>${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html</targetDirectory>
               <postProcess>
                 <!-- Copy the images -->
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/images">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/book/images">
                   <fileset dir="${basedir}/src/basic-user-guide-confluence/images" />
                 </copy>
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/images">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/book/images">
                   <fileset dir="${project.build.directory}/docbook-xsl/docbook/images" />
                 </copy>
                 <!-- Copy the css -->
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/book">
                   <fileset dir="${basedir}/src/main/resources/css" />
                 </copy>
                 <!-- Copy the data -->
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/data">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/html/book/data">
                   <fileset dir="${basedir}/src/basic-user-guide-confluence/data" />
                 </copy>
               </postProcess>
@@ -266,18 +305,18 @@ under the License.
               <targetDirectory>${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html</targetDirectory>
               <postProcess>
                 <!-- Copy the images -->
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/images">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/book/images">
                   <fileset dir="${basedir}/src/basic-user-guide/images" />
                 </copy>
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/images">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/book/images">
                   <fileset dir="${project.build.directory}/docbook-xsl/docbook/images" />
                 </copy>
                 <!-- Copy the css -->
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/book">
                   <fileset dir="${basedir}/src/main/resources/css" />
                 </copy>
                 <!-- Copy the data -->
-                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/data">
+                <copy todir="${project.build.directory}/docbook/manuals/basic-user-guide-${project.version}/html/book/data">
                   <fileset dir="${basedir}/src/basic-user-guide/data" />
                 </copy>
               </postProcess>
@@ -311,18 +350,18 @@ under the License.
               <targetDirectory>${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html</targetDirectory>
               <postProcess>
                 <!-- Copy the images -->
-                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/images">
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/book/images">
                   <fileset dir="${basedir}/src/advanced-user-guide/images" />
                 </copy>
-                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/images">
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/book/images">
                   <fileset dir="${project.build.directory}/docbook-xsl/docbook/images" />
                 </copy>
                 <!-- Copy the css -->
-                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html">
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/book">
                   <fileset dir="${basedir}/src/main/resources/css" />
                 </copy>
                 <!-- Copy the data -->
-                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/data">
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/html/book/data">
                   <fileset dir="${basedir}/src/advanced-user-guide/data" />
                 </copy>
               </postProcess>
@@ -345,6 +384,51 @@ under the License.
           </execution>
 
           <execution>
+            <id>gen-html-advanced-confluence</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>generate-html</goal>
+            </goals>
+            <configuration>
+              <!-- per execution configuration -->
+              <sourceDirectory>${project.build.directory}/generated-sources/advanced-user-guide-confluence</sourceDirectory>
+              <targetDirectory>${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/html</targetDirectory>
+              <postProcess>
+                <!-- Copy the images -->
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/html/book/images">
+                  <fileset dir="${basedir}/src/advanced-user-guide-confluence/images" />
+                </copy>
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/html/book/images">
+                  <fileset dir="${project.build.directory}/docbook-xsl/docbook/images" />
+                </copy>
+                <!-- Copy the css -->
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/html/book">
+                  <fileset dir="${basedir}/src/main/resources/css" />
+                </copy>
+                <!-- Copy the data -->
+                <copy todir="${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/html/book/data">
+                  <fileset dir="${basedir}/src/basic-user-guide-confluence/data" />
+                </copy>
+              </postProcess>
+            </configuration>
+          </execution>
+
+          <execution>
+            <id>gen-pdf-advanced-confluence</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>generate-pdf</goal>
+            </goals>
+            <configuration>
+              <!-- per execution configuration -->
+              <sourceDirectory>${project.build.directory}/generated-sources/advanced-user-guide-confluence</sourceDirectory>
+              <targetDirectory>${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/pdf</targetDirectory>
+              <imgSrcPath>${basedir}/src/advanced-user-guide-confluence/</imgSrcPath>
+              <admonGraphicsPath>${project.build.directory}/docbook-xsl/docbook/images/</admonGraphicsPath>
+            </configuration>
+          </execution>
+
+          <execution>
             <id>gen-html-api</id>
             <phase>pre-site</phase>
             <goals>
@@ -410,6 +494,21 @@ under the License.
           </execution>
 
           <execution>
+            <id>gen-basic-confluence-zip</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <finalName>apacheds-${project.version}</finalName>
+              <descriptors>
+                <descriptor>${basedir}/src/main/assembly/basic-user-guide-confluence.xml</descriptor>
+              </descriptors>
+              <outputDirectory>${project.build.directory}/docbook/manuals/basic-user-guide-confluence-${project.version}/zip</outputDirectory>
+            </configuration>
+          </execution>
+
+          <execution>
             <id>gen-advanced-zip</id>
             <phase>pre-site</phase>
             <goals>
@@ -423,6 +522,21 @@ under the License.
               <outputDirectory>${project.build.directory}/docbook/manuals/advanced-user-guide-${project.version}/zip</outputDirectory>
             </configuration>
           </execution>
+
+          <execution>
+            <id>gen-advanced-confluence-zip</id>
+            <phase>pre-site</phase>
+            <goals>
+              <goal>single</goal>
+            </goals>
+            <configuration>
+              <finalName>apacheds-${project.version}</finalName>
+              <descriptors>
+                <descriptor>${basedir}/src/main/assembly/advanced-user-guide-confluence.xml</descriptor>
+              </descriptors>
+              <outputDirectory>${project.build.directory}/docbook/manuals/advanced-user-guide-confluence-${project.version}/zip</outputDirectory>
+            </configuration>
+          </execution>
         </executions>
       </plugin>
 

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,5 @@
+h1. Introduction
+
+ADS Administrative Model is based on the X.500 Administrative Model. It's all based on the notion of Administrative Areas, defined by Administrative Points and the associated subentries.
+
+A good starting point to get on page with those concepts would be to read http://sec.cs.kent.ac.uk/x500book/Chapter.2/Chapter2.htm, and more specifically paragraph 2.11 and following.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,4 @@
+{scrollbar}
+
+h3. [2. Authentication & Authorization]
+

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt Wed Nov 30 06:56:52 2011
@@ -0,0 +1,28 @@
+preface.confluence
+1-0-introduction.confluence
+chapter-1/1-1-administrative-points.confluence
+chapter-1/1-2-operations-on-administrativepoints.confluence
+2-0-authentication-and-authorization.confluence
+chapter-2/2-5-10-aci-grammar.confluence
+chapter-2/2-5-11-links-and-references.confluence
+chapter-2/2-5-1-introduction.confluence
+chapter-2/2-5-2-definitions.confluence
+chapter-2/2-5-3-enabling-access-control.confluence
+chapter-2/2-5-4-0-aci-types.confluence
+chapter-2/2-5-4-1-entry-aci.confluence
+chapter-2/2-5-4-2-prescriptive-aci.confluence
+chapter-2/2-5-4-3-subentry-aci.confluence
+chapter-2/2-5-5-0-aci-elements.confluence
+chapter-2/2-5-5-1-user-classes.confluence
+chapter-2/2-5-5-2-protected-items.confluence
+chapter-2/2-5-5-3-permissions.confluence
+chapter-2/2-5-5-4-subtrees.confluence
+chapter-2/2-5-6-0-the-acdf-engine.confluence
+chapter-2/2-5-6-1-how-it-works.confluence
+chapter-2/2-5-6-2-selections.confluence
+chapter-2/2-5-6-3-constraints.confluence
+chapter-2/2-5-6-4-priority.confluence
+chapter-2/2-5-7-0-using-aci-trail.confluence
+chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
+chapter-2/2-5-8-acis-administration.confluence
+chapter-2/2-5-9-migration-from-other-ldap-servers.confluence

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,102 @@
+h1. Introduction
+
+An *Administrative Point* is an entry which is defining a starting point from which some of the four existing administrative roles will span. It's important to understand than an Administrative Point (or *AP*) comes hand in hand with the associated *Subentries*, otherwise it's useless.
+
+Any entry can be defined as an *AP*.
+
+In the following schema, we have depicted a DIT with three *AP*s, the big one being an *AAP*, the blue one is a *SAP* and the green one is an *IAP*. They all define an area on which they are active and the dashed lines for the *IAP* are used to express the fact that an entry within the *IAP* area still depends on the higher *AAP*.
+
+
+!images/APs-tree.png|border=1!
+
+
+Directly under an *AP*, we will find some *Subentries* defining the scopes on which they are active. These scopes (one per subentry) are called *SubtreeSpecification*, and define the entries that can be handled by the role the Subentry is defined for.
+
+The schema shows the relation between the *AP* and one *SubEntry* :
+
+
+!images/subentry.png|border=1!
+
+
+h2. Administrative Point
+We will describe the types of Administrative Points we are managing and the way they impact their associated Administrative Areas (*AA*)
+
+We have three different kind of *AP* :
+* Autonomous AP ( *AAP*)
+* Specific AP (*SAP*)
+* Inner AP (*IAP*)
+
+Those three different *AP*s are related with each other in this way :
+* *AAPs* manage an *AA* as if all the possible type of *SAP* where declared for this area
+* *SAPs* manage an *AA* with respect to one specific kind of role (Access Control, Collective Attributes, SubSchema or Trigger Execution )
+* IAPs manage an *AA* inside another *AP*
+* An *AAP* or a *SAP* start at some point in the tree, and all the entries below this *AAP*/*SAP* aren't related to any other *AAP*. That also means that if an *AAP*/*SAP* is created below an existing AP, then all the entries it covers are unlinked from the previous AP (except that for *SAP*, we just logically keep a link to the higher AP for all the other aspects but the one covered by the new *SAP*)
+* An *IAP* _must_ be included into another *AP*, being it an *AAP*, *SAP* or *IAP*. It controls a specific aspect too, as for the *SAP*, but it will be combined with any of the above *AP*.
+
+h2. Roles
+*AP* are managing some administrative aspect, defined by a role :
+* ACI : Manage the access control
+* CollectiveAttribute : Manage the collective attributes
+* SubSchema (not handled atm)
+* TriggrExecution : Manage the execution of stored procedures
+
+h1. Subentry
+
+Once we have defined an *AP*, we can add some *subentries* which contain the description of the administrative actions, including :
+* The area this *subentry* covers, defined by a *SubtreeSpecification*, named *subtree*.
+
+
+The *SubtreeSpecification* can be complex. Its grammar is given below :
+
+{code}
+<subtreeSpecification> ::= '{' <sps-e> <subtreeSpecificationComponent-e> '}'
+
+<subtreeSpecificationComponent-e> ::= <subtreeSpecificationComponent> <sps-e> <subtreeSpecificationComponent-list> | e
+
+<subtreeSpecificationComponent-list> ::= ',' <sps-e> <subtreeSpecificationComponent> <sps-e> <subtreeSpecificationComponent-list> | e
+
+<subtreeSpecificationComponent> ::=
+'base' <sps> DN
+| 'specificExclusions' <sps> '{' <sps-e> <specificExclusion-e> '}'
+| 'minimum' <sps> INTEGER
+| 'maximum' <sps> INTEGER
+| 'specificationFilter' <sps> <refinement-filter>
+
+<specificExclusion-e> ::= <specificExclusion> <sps-e> <specificExclusion-list> | e
+
+<specificExclusion-list> ::= ',' <sps-e> <specificExclusion> <sps-e> <specificExclusion-list> | e
+
+<specificExclusion> ::= 'chopBefore' <sps-e> ':' <sps-e> DN | 'chopAfter' <sps-e> ':' <sps-e> DN
+
+<refinement-filter> ::= <refinement> | FILTER
+
+<refinement> ::=
+'item' <sps-e> ':' <sps-e> <oid>
+| 'and' <sps-e> ':' <sps-e> '{' <sps-e> <refinement-e> '}'
+| 'or' <sps-e> ':' <sps-e> '{' <sps-e> <refinement-e> '}'
+| 'not' <sps-e> ':' <sps-e> <refinement>
+
+<refinement-e> ::= <refinement> <sps-e> <refinement-list> | e
+
+<refinement-list> ::= ',' <sps-e> <refinement> <sps-e> <refinement-list> | e
+
+<oid> ::= DESCR | NUMERICOID
+
+<sps> ::= ' ' <sps-e>
+
+<sps-e> ::= ' ' <sps-e> | e
+{code}
+
+Some exemple of such subtrees :
+
+{code}
+{} : select all the entries below the AdministrativePoint entry
+{code}
+
+{code}
+{ base "ou=users" } : select all the entries below the ou=users branch starting from the AdministrativePoint entry
+{code}
+
+{code}
+{ specificExclusions { chopBefore:"ou=groups" } } : exclude all the entries below the "ou=groups" branch
+{code}

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,108 @@
+h1. Operations
+There are six kind of operations we can have on an AdministrativePoint :
+- creating a new AP
+- removing an existing AP
+- modifying an existing AP by adding or removing a role
+- renaming an AP
+- moving an AP
+- renaming or moving an AP
+
+Renaming an AP has no impact on the administrative model, as we don't point (internally) on the entry's DN, but on its UUID, so the last three operations can be gathered into one single Move operation.
+
+Also note that any modification made on an entry's AdminsitrativeRole may have an impact on all it's descendants and ascendants (this is true for the Modify and Move operation)
+
+h2. Adding an AP entry
+This seems to be a simple operation, however many checks have to be done in order to not break the existing Administrative model.
+
+First of all, we have to check that the added entry contains the AdministrativeRole attributeType, and that this role is not empty. As we don't have any semantic control for this AT (the attached syntax is just expecting the values to be Strings), we have to do those checks in the AdminInterceptor.
+
+Here are the checks we must provide :
+* the AdministrativeRole AT must have values
+* those values must be roles (ie one of the 4 possible specific area roles, or one of the 3 inner area roles, or the autonomous area role)
+* there should not be duplicated
+* we can't have an AAP with any other role
+* we can't have an IAP and an SAP for the same role
+
+Once those basic checks done, we also have to check that the roles hierarchy will remain consistent after the addition, ie :
+* if an IAP is added, it must have a parent AAP or at least a parent SAP for the same role
+
+If all those checks are ok, we can add the entry into the base, and update the AP cache
+
+h2. Deleting an AP entry
+This operation is way simpler, as we can't delete an entry if it has some children, so there is no need to check that the administrative model is consistent.
+
+We just have to remove the entry and update the AP cache
+
+h2. Modifying an AP entry
+This is way more complex. We can have five kind of modification here :
+* addition of roles
+* deletion of roles
+* replacement of roles
+* creation of a new AdministrativeRole attribute
+* removing of an existing AdministrativeRole attribute
+
+The three first modifications can imply more than one role. We have to deal with each of those modifications one by one.
+
+h3. Addition of roles
+For this modification, we will have to check for each of the roles the very same elements than for the Add operation above :
+* if the entry does not have an AdministrativeRole AT, we have to create it
+* we must have at least one value
+* the role must be syntaxicaly correct
+* it should not already exist into the attribute
+* we can't add it if we already have an AAP role
+* we can't add it if it's an IAP and a SAP with the same role exists
+* if it's an IAP, it must have a parent AAP or SAP with the same role
+
+If all of those checks are ok, we can update the AP cache, which must be cloned, otherwise we may have to rollback the operation if any of the following modification fails.
+
+h3. Removing of roles
+First, if there is no value for this modification, then that means we must delete the Attribute. This case will be analyzed later.
+For each of the role to remove, we have to apply those checks :
+* the role must be syntaxicaly correct
+* it must already exist into the attribute
+* we can't remove an AAP or a SAP if there is a direct IAP in one of its direct descendant (ie, if we have a SAP or an AAP while descending into the tree, we can stop checking the branch)
+
+Now, if there are no values, we have to get the existing roles and apply he same checks
+
+If everything is fine, we can remove the roles from the attribute.
+
+h3. Replacing roles
+This kind of modifications are not currently supported
+
+h2. Moving an AP
+As we move the entry, we may induce some inconsistencies in the AP tree.
+
+The problem we might have is that if we move an entry having an IAP in a place where this role has no parent AAP or parent SAP with the same role, then the AdministrativeModel tree will be inconsistent. We have to check this.
+
+h1. Impact on the existing entries
+
+When we add or remove a role in a server, it may have a huge impact on the existing entries, as soon as those roles are associated with some subtreeSpecification which defines a set of contained entries. If we remove such a role, all the entries pertaining to the associated area have to be updated.
+
+It's the same thing if we add a SAP or a AAP, as all the children entries which were depending on a higher AP will be modified either.
+
+In any case, we don't even need to define a SubtreeSpecification, as soon as an AAP or SAP is created, it excludes all the children entries from any other higher AP areas.
+
+h2. Adding a Role
+Whatever the way we used to add a role (add an entry, modify an existing one), there are one thing we have to do depending on the kind of role we added. Of course, we stop modifying entries when another lower SAP or AAP is defined.
+
+h3. Adding an AAP
+All the children which were pointing to any higher IAP, SAP or AAP will be dereferenced. If a subtree specification is added under the newly added AAP, then all the associated entries will be updated.
+
+h3. Adding a SAP
+All the children which were pointing to any higher IAP or SAP with the same type of role, or an AAP, will be dereferenced (of course, only for the added type of role, the other references will remain). If a subtree specification is added under the newly added SAP, then all the associated entries will be updated.
+
+h3. Adding an IAP
+All the children which were pointing to any higher IAP with the same type of role will be dereferenced, and will now point to this newly added IAP.
+All the children which were pointing on a SAP with the same role, or an AAP, will be modified to also point on the newly added IAP.
+
+h2. Removing a role
+Depending on the kind of role we removed, we will have to update the entries accordingly.
+
+h3. Removing an AAP
+All the entries referencing the removed AAP will be updated, and will now reference the inherited AAP, SAP and IAP (if any). If there is some higher IAP, we will also reference it.
+
+h3. Removing a SAP
+All the entries referencing the removed SAP will be updated, and will now reference either the parent AAP or the parent SAP with the same role, if any. We will also reference an IAP with the same role if we have some higher in the hierarchy.
+
+h3. Removing an IAP
+All the entries referencing the removed IAP will be updated. There is nothing else to do.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,108 @@
+h1. Operations
+There are six kind of operations we can have on an AdministrativePoint :
+- creating a new AP
+- removing an existing AP
+- modifying an existing AP by adding or removing a role
+- renaming an AP
+- moving an AP
+- renaming or moving an AP
+
+Renaming an AP has no impact on the administrative model, as we don't point (internally) on the entry's DN, but on its UUID, so the last three operations can be gathered into one single Move operation.
+
+Also note that any modification made on an entry's AdminsitrativeRole may have an impact on all it's descendants and ascendants (this is true for the Modify and Move operation)
+
+h2. Adding an AP entry
+This seems to be a simple operation, however many checks have to be done in order to not break the existing Administrative model.
+
+First of all, we have to check that the added entry contains the AdministrativeRole attributeType, and that this role is not empty. As we don't have any semantic control for this AT (the attached syntax is just expecting the values to be Strings), we have to do those checks in the AdminInterceptor.
+
+Here are the checks we must provide :
+* the AdministrativeRole AT must have values
+* those values must be roles (ie one of the 4 possible specific area roles, or one of the 3 inner area roles, or the autonomous area role)
+* there should not be duplicated
+* we can't have an AAP with any other role
+* we can't have an IAP and an SAP for the same role
+
+Once those basic checks done, we also have to check that the roles hierarchy will remain consistent after the addition, ie :
+* if an IAP is added, it must have a parent AAP or at least a parent SAP for the same role
+
+If all those checks are ok, we can add the entry into the base, and update the AP cache
+
+h2. Deleting an AP entry
+This operation is way simpler, as we can't delete an entry if it has some children, so there is no need to check that the administrative model is consistent.
+
+We just have to remove the entry and update the AP cache
+
+h2. Modifying an AP entry
+This is way more complex. We can have five kind of modification here :
+* addition of roles
+* deletion of roles
+* replacement of roles
+* creation of a new AdministrativeRole attribute
+* removing of an existing AdministrativeRole attribute
+
+The three first modifications can imply more than one role. We have to deal with each of those modifications one by one.
+
+h3. Addition of roles
+For this modification, we will have to check for each of the roles the very same elements than for the Add operation above :
+* if the entry does not have an AdministrativeRole AT, we have to create it
+* we must have at least one value
+* the role must be syntaxicaly correct
+* it should not already exist into the attribute
+* we can't add it if we already have an AAP role
+* we can't add it if it's an IAP and a SAP with the same role exists
+* if it's an IAP, it must have a parent AAP or SAP with the same role
+
+If all of those checks are ok, we can update the AP cache, which must be cloned, otherwise we may have to rollback the operation if any of the following modification fails.
+
+h3. Removing of roles
+First, if there is no value for this modification, then that means we must delete the Attribute. This case will be analyzed later.
+For each of the role to remove, we have to apply those checks :
+* the role must be syntaxicaly correct
+* it must already exist into the attribute
+* we can't remove an AAP or a SAP if there is a direct IAP in one of its direct descendant (ie, if we have a SAP or an AAP while descending into the tree, we can stop checking the branch)
+
+Now, if there are no values, we have to get the existing roles and apply he same checks
+
+If everything is fine, we can remove the roles from the attribute.
+
+h3. Replacing roles
+This kind of modifications are not currently supported
+
+h2. Moving an AP
+As we move the entry, we may induce some inconsistencies in the AP tree.
+
+The problem we might have is that if we move an entry having an IAP in a place where this role has no parent AAP or parent SAP with the same role, then the AdministrativeModel tree will be inconsistent. We have to check this.
+
+h1. Impact on the existing entries
+
+When we add or remove a role in a server, it may have a huge impact on the existing entries, as soon as those roles are associated with some subtreeSpecification which defines a set of contained entries. If we remove such a role, all the entries pertaining to the associated area have to be updated.
+
+It's the same thing if we add a SAP or a AAP, as all the children entries which were depending on a higher AP will be modified either.
+
+In any case, we don't even need to define a SubtreeSpecification, as soon as an AAP or SAP is created, it excludes all the children entries from any other higher AP areas.
+
+h2. Adding a Role
+Whatever the way we used to add a role (add an entry, modify an existing one), there are one thing we have to do depending on the kind of role we added. Of course, we stop modifying entries when another lower SAP or AAP is defined.
+
+h3. Adding an AAP
+All the children which were pointing to any higher IAP, SAP or AAP will be dereferenced. If a subtree specification is added under the newly added AAP, then all the associated entries will be updated.
+
+h3. Adding a SAP
+All the children which were pointing to any higher IAP or SAP with the same type of role, or an AAP, will be dereferenced (of course, only for the added type of role, the other references will remain). If a subtree specification is added under the newly added SAP, then all the associated entries will be updated.
+
+h3. Adding an IAP
+All the children which were pointing to any higher IAP with the same type of role will be dereferenced, and will now point to this newly added IAP.
+All the children which were pointing on a SAP with the same role, or an AAP, will be modified to also point on the newly added IAP.
+
+h2. Removing a role
+Depending on the kind of role we removed, we will have to update the entries accordingly.
+
+h3. Removing an AAP
+All the entries referencing the removed AAP will be updated, and will now reference the inherited AAP, SAP and IAP (if any). If there is some higher IAP, we will also reference it.
+
+h3. Removing a SAP
+All the entries referencing the removed SAP will be updated, and will now reference either the parent AAP or the parent SAP with the same role, if any. We will also reference an IAP with the same role if we have some higher in the hierarchy.
+
+h3. Removing an IAP
+All the entries referencing the removed IAP will be updated. There is nothing else to do.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,231 @@
+The ACI attributes store data following a specific structure, which is define by this grammar :
+
+{code:title=ACI grammar|linenumbers=true|lang=xml}
+<wrapperEntryPoint> ::= <SP*> '{' <SP*> <mainACIItemComponent> <SP*> <mainACIItemComponents> '}' <SP*> EOF
+
+<mainACIItemComponents> ::= ',' <SP*> <mainACIItemComponent> <SP*> <mainACIItemComponents> | e
+
+** Note : we have to allow only one of each option
+<mainACIItemComponent> ::=
+"identificationTag" <SP+> SAFEUTF8STRING
+| "precedence" <SP+> INTEGER
+| "authenticationLevel" <SP+> <authenticationLevel>
+| "itemOrUserFirst" <SP+> <itemOrUserFirst>
+
+<authenticationLevel> ::= "none" | "simple" | "strong"
+
+<itemOrUserFirst> ::=
+"itemFirst" <SP*> ':' <SP*> '{' <SP*> <itemType> <SP*> '}'
+|
+"userFirst" <SP*> ':' <SP*> '{' <SP*> <userType> <SP*> '}'
+
+<itemType> ::=
+"protectedItems" <SP*> '{' <SP*> <protectedItem?> '}' <SP*>
+',' <SP*> '{' <SP*> <anyItemPermission> <SP*> <anyItemPermission*> '}'
+|
+"itemPermissions" <SP+> '{' <SP*> <itemPermissions?> '}' <SP*>
+',' <SP*> "protectedItems" <SP*> '{' <SP*> <protectedItem?> '}'
+
+<userType> ::=
+"userClasses" <SP+> '{' <SP*> <userClass?> '}' <SP*> ','
+<SP*> '{' <SP*> <anyUserPermission> <SP*> <anyUserPermission*> '}'
+|
+"userPermissions" <SP+> '{' <SP*> <userPermissions?> '}' <SP*> ','
+<SP*> "userClasses" <SP+> '{' <SP*> <userClass?> '}'
+
+<protectedItem?> ::= <protectedItem> <SP*> <protectedItem*> | e
+
+<protectedItem*> ::= ',' <SP*> <protectedItem> <SP*> <protectedItem*> | e
+
+<protectedItem> ::=
+"entry"
+| "allUserAttributeTypes"
+| "attributeType" <SP+> '{' <SP*> <oid> <SP*> <oids> '}'
+| "allAttributeValues" <SP+> '{' <SP*> <oid> <SP*> <oids> '}'
+| "allUserAttributeTypesAndValues"
+| ATTRIBUTE_VALUE_CANDIDATE
+| "selfValue" <SP+> '{' <SP*> <oid> <SP*> <oids> '}'
+| RANGE_OF_VALUES_CANDIDATE
+| "maxValueCount" <SP+> '{' <SP*> '{' <SP*> <valueCountType> <SP*> '}' <SP*> <maxValueCount*> '}'
+| "maxImmSub" <SP+> INTEGER
+| "restrictedBy" <SP+> '{' <SP*> '{' <SP*> <typeValueIn> <SP*> '}' <SP*> <restrictedValue*> '}'
+| "classes" <SP+> <refinement>
+
+<maxValueCount*> ::= ',' <SP*> '{' <SP*> <valueCountType> <SP*> '}' <SP*> <maxValueCount*> | e
+
+<valueCountType> ::=
+"type" <SP+> <oid> <SP*> ',' <SP*> "maxCount" <SP+> INTEGER
+|
+"maxCount" <SP+> INTEGER <SP*> ',' <SP*> "type" <SP+> <oid>
+
+<restrictedValue*> ::= ',' <SP*> '{' <SP*> <typeValueIn> <SP*> '}' <SP*> <restrictedValue*> | e
+
+<typeValueIn> ::=
+"type" <SP+> <oid> <SP*> ',' <SP*> "valuesIn" <SP+> <oid>
+|
+"valuesIn" <SP+> <oid> <SP*> ',' <SP*> "type" <SP+> <oid>
+
+<oids> ::= ',' <SP*> <oid> <SP*> <oids> | e
+
+<itemPermissions?> ::= '{' <SP*> <anyItemPermission> <SP*> <anyItemPermission*> '}' <SP*> <itemPermissions*> | e
+
+<itemPermissions*> ::=
+',' <SP*> '{' <SP*> <anyItemPermission> <SP*> <anyItemPermission*> '}' <SP*> <itemPermissions*> | e
+
+<anyItemPermission*> ::= ',' <SP*> <anyItemPermission> <SP*> <anyItemPermission*> | e
+
+<anyItemPermission> :
+"precedence" <SP+> <INTEGER>
+| "userClasses" <SP+> '{' <SP*> <userClass?> '}'
+| "grantsAndDenials" <SP+> '{' <SP*> <grantAndDenial?> '}'
+
+<grantAndDenial?> ::= <grantAndDenial> <SP*> <grantAndDenial*> | e
+
+<grantAndDenial*> ::= ',' <SP*> <grantAndDenial> <SP*> <grantAndDenial*>
+
+<grantAndDenial> :
+"grantAdd"
+| "denyAdd"
+| "grantDiscloseOnError"
+| "denyDiscloseOnError"
+| "grantRead"
+| "denyRead"
+| "grantRemove"
+| "denyRemove"
+| "grantBrowse"
+| "denyBrowse"
+| "grantExport"
+| "denyExport"
+| "grantImport"
+| "denyImport"
+| "grantModify"
+| "denyModify"
+| "grantRename"
+| "denyRename"
+| "grantReturnDN"
+| "denyReturnDN"
+| "grantCompare"
+| "denyCompare"
+| "grantFilterMatch"
+| "denyFilterMatch"
+| "grantInvoke"
+| "denyInvoke"
+
+<userClass?> ::= <userClass> <SP*> <userClass*> | e
+
+<userClass*> ::= ',' <SP*> <userClass> <SP*> <userClass*> | e
+
+<userClass> :
+"allUsers"
+| "thisEntry"
+| "parentOfEntry"
+| "name" <SP+> '{' <SP*> <distinguishedName> <SP*> <name*> '}'
+| "userGroup" <SP+> '{' <SP*> <distinguishedName> <SP*> <userGroup*> '}'
+| "subtree" <SP+> '{' <SP*> '{' <SP*> <subtreeSpecificationComponent?> '}' <SP*> <subTree*> '}'
+
+<name*> ::= ',' <SP*> <distinguishedName> <SP*> <name*> | e
+
+<userGroup*> ::= ',' <SP*> <distinguishedName> <SP*> <userGroup*> | e
+
+<subTree*> ::= ',' <SP*> '{' <SP*> <subtreeSpecificationComponent?> '}' <SP*> <subTree*> | e
+
+<userPermissions?> ::= '{' <SP*> <anyUserPermission> <SP*> <anyUserPermission*> '}' <SP*> <userPermissions*> | e
+
+<userPermissions*> ::=
+',' <SP*> '{' <SP*> <anyUserPermission> <SP*> <anyUserPermission*> '}' <SP*> <userPermissions*> | e
+
+<anyUserPermission*> ::= ',' <SP*> <anyUserPermission> <SP*> <anyUserPermission*> | e
+
+<anyUserPermission> :
+"precedence" <SP+> <INTEGER>
+| "protectedItems" <SP*> '{' <SP*> <protectedItem?> '}'
+| "grantsAndDenials" <SP+> '{' <SP*> <grantAndDenial?> '}'
+
+<subtreeSpecificationComponent?> ::= <subtreeSpecificationComponent> <SP*> <subtreeSpecificationComponent*> | e
+<subtreeSpecificationComponent*> ::= ',' <SP*> <subtreeSpecificationComponent> <SP*> <subtreeSpecificationComponent*> | e
+
+<subtreeSpecificationComponent> :
+"base" <SP+> <distinguishedName>
+| "specificExclusions" <SP+> '{' <SP*> <specificExclusion?> '}'
+| "minimum" <SP+> INTEGER
+| "maximum" <SP+> INTEGER
+
+<specificExclusion?> ::= <specificExclusion> <SP*> <specificExclusion*> | e
+
+<specificExclusion*> ::= ',' <SP*> <specificExclusion> <SP*> <specificExclusion*> | e
+
+<specificExclusion> ::=
+"chopBefore" <SP*> ':' <SP*> <distinguishedName>
+|
+"chopAfter" <SP*> ':' <SP*> <distinguishedName>
+
+<refinement> ::=
+"item" <SP*> ':' <SP*> <oid>
+|
+"and" <SP*> ':' <SP*> '{' <refinements?> '}'
+|
+"or" <SP*> ':' <SP*> '{' <refinements?> '}'
+|
+"not" <SP*> ':' <SP*> '{' <refinements?> '}'
+
+<refinements?> ::= <SP*> <refinements?> <SP*> <refinement*> | e
+
+<refinement*> ::= ',' <SP*> <refinement> <SP*> <refinement*> | e
+
+<distinguishedName> ::= SAFEUTF8STRING
+
+<oid> ::= DESCR | NUMERICOID
+
+SAFEUTF8CHAR :
+'\u0001'..'\u0021' |
+'\u0023'..'\u007F' |
+'\u00c0'..'\u00d6' |
+'\u00d8'..'\u00f6' |
+'\u00f8'..'\u00ff' |
+'\u0100'..'\u1fff' |
+'\u3040'..'\u318f' |
+'\u3300'..'\u337f' |
+'\u3400'..'\u3d2d' |
+'\u4e00'..'\u9fff' |
+'\uf900'..'\ufaff' ;
+
+<SP+> ::= <SP> <SP*>
+<SP*> ::= <SP> <SP*> | e
+<SP> ::= ' ' | '\t' | '\n' | '\r' ;
+
+
+ALPHA : 'A'..'Z' | 'a'..'z' ;
+
+<INTEGER> ::= <DIGIT> | <LDIGIT> <DIGIT> <DIGIT*>
+<DIGIT> ::= '0' | <LDIGIT> ;
+<LDIGIT> ::= '1'..'9' ;
+<DIGIT*> ::= <DIGIT> <DIGIT*> | e
+
+HYPHEN : '-' ;
+
+NUMERICOID : INTEGER ( DOT INTEGER )+ ;
+
+DOT : '.' ;
+
+INTEGER_OR_NUMERICOID
+:
+( INTEGER DOT ) => NUMERICOID
+|
+INTEGER
+
+SAFEUTF8STRING : '"'! ( SAFEUTF8CHAR )* '"'! ;
+
+DESCR
+:
+( "attributeValue" ( SP! )+ '{' ) =>
+"attributeValue"! ( SP! )+ '{'! ( options : . )* '}'!
+| ( "rangeOfValues" ( SP! )+ '(' ) =>
+"rangeOfValues"! ( SP! )+ FILTER
+| ALPHA ( ALPHA | DIGIT | HYPHEN )*
+;
+
+FILTER : '(' ( ( '&' (SP)* (FILTER)+ ) | ( '|' (SP)* (FILTER)+ ) | ( '!' (SP)* FILTER ) | FILTER_VALUE ) ')' (SP)* ;
+
+FILTER_VALUE : (options: ~( ')' | '(' | '&' | '|' | '!' ) ( ~(')') )* ) ;
+
+{code}

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,3 @@
+The *Apache Directory Server* authorization system is based on the *X.500* specifications. Those documents are available on [X.500 freely available specifications|http://www.x500standard.com/index.php?n=Ig.LatestAvail], and more specifically [X.501|http://www.itu.int/rec/T-REC-X.501-200811-I!Cor2/dologin.asp?lang=e&id=T-REC-X.501-200811-I!Cor2!PDF-E&type=items].
+
+Some more 'user friendly' documentation about Access Control can be found in *Chadwick*'s book, available at [X.500 book|http://sec.cs.kent.ac.uk/x500book/], chapter 8.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,11 @@
+*ACI* :
+bq. Access Control Information. The set of all the information which might be relevant to an access control decision for a given subject.
+
+*ACDF* :
+bq. Access Control Decision Function. It is the function used to decide whether a particular subject has a particular access right by virtue of applicable ACI items.
+
+*protected item* :
+bq. A protected item is the element of directory information being accessed. The protected items are entries, attributes, attribute values and distinguished names. Access to each protected item can be separately controlled through ACI.
+
+*subject* :
+bq. The entity acting on the server. It can be a person, a program, ... It aggregates the identity and the security related attributes (passwords, ceritifcates...) for this entity.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1 @@
+Three different types of ACI exist. All types use the same specification syntax for an ACIITem. These types differ in their placement and manner of use within the directory.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,6 @@
+Entry ACI are access controls added to entries to protect that entry specifically. Meaning the protected entry is the entry where the ACI resides. When performing an operation on an entry, ApacheDS checks for the presence of the multivalued operational attribute, *entryACI*. The values of the entryACI attribute contain ACIItems.
+
+{note}
+
+There is one exception to the rule of consulting entryACI attributes within ApacheDS: add operations do not consult the entryACI within the entry being added. This is a security precaution. (??? Check this sentence) If allowed users can arbitrarily add entries where they wanted by putting entryACI into the new entry being added. This could compromise the DSA.
+{note}

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,11 @@
+Prescriptive ACI are access controls that are applied to a collection of entries, not just to a single entry. Collections of entries are defined by the subtreeSpecifications of subentries. Hence prescriptive ACI are added to subentries as attributes and are applied by ApacheDS to the entries selected by the subentry's subtreeSpecification. ApacheDS uses the *prescriptiveACI* multivalued operational attribute within subentries to contain ACIItems that apply to the entry collection.
+
+Prescriptive ACI can save much effort when trying to control access to a collection of resources. Prescriptive ACI can even be specified to apply access controls to entries that do not yet exist within the DIT. They are a very powerful mechanism and for this reason they are the preferred mechanism for managing access to protected resources. ApacheDS is optimized specifically for managing access to collections of entries rather than point entries themselves.
+
+Users should try to avoid entry ACIs whenever possible, and use prescriptive ACIs instead. Entry ACIs are more for managing exceptional cases and should not be used excessively.
+
+{info:title=How it works!}
+For every type of LDAP operation, ApacheDS checks to see if any access control subentries include the protected entry in their collection. The set of subentries which include the protected entry are discovered very rapidly by the subentry subsystem. The subentry subsystem caches subtreeSpecifications for all subentries within the server so inclusion checks are fast.
+
+For each access control subentry in the set, ApacheDS checks within a prescriptive ACI cache for ACI tuples. ApacheDS also caches prescriptive ACI information in a special form called ACI tuples. This is done so ACIItem parsing and conversion to an optimal representations for evaluation is not required at access time. This way access based on prescriptive ACIs is determined very rapidly.
+{info}

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,6 @@
+Access to subentries also needs to be controlled. Subentries are special in ApacheDS. Although they subordinate to an administrative entry (entry of an Administrative Point), they are technically considered to be in the same context as their administrative entry. ApacheDS considers the perscriptive ACI applied to the administrative entry, to also apply to its subentries.
+
+This however is not the most intuitive mechanism to use for explicitly controlling access to subentries. A more explicit mechanism is used to specify ACIs specifically for protecting subentries. ApacheDS uses the multivalued operational attribute, *subentryACI*, within administrative entries to control access to immediately subordinate subentries.
+
+Protection policies for ACIs themselves can be managed within the entry of an administrative point.
+

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,9 @@
+The *protected items* are elements being accessed, and thus controlled by ACIs. Many parts of the DIT can be protected :
+* Entry : a entry as a whole.
+* allUserAttributeTypes : the User's AttributeType, excluding the associated values
+* allUserAttributeTypesAndValues : the User's AttributeType, including the associated values
+* allAttributeValues : All the AttributeType values
+* attributeType : A specific AttributeType
+* attributeValue : A set of attribute values
+* selfValue : The values associated with the requestor RDN's AttributeTypes
+

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,147 @@
+In this trail, we will show how we will allow all authenticated users to browse and read all the entries.
+
+By default, if the access control subsystem is enabled, no one but the administrator can browse the DIT. This is obviously not convenient ...
+
+h1. Partition and Access Control Area Setup
+
+For this example we presume you have setup a partition at the namingContext *dc=example,dc=com* and have turned on access controls. Now you want to grant browse and read access to entries and their attributes.
+
+Before you can add a *subentry* with the *prescriptiveACI* you'll need to create an *administrative area*. For now we'll make the root of the partition the *Adminstrative Point* (*AP*). Every entry including this entry and those underneath will be part of the autonomous administrative area for managing access controls. To do this we must add the *administrativeRole* operational attribute to the *AP* entry.
+
+h2. AdministrationPoint setup
+
+In our case, the *dc=example,dc=com* context entry has to contain the *administrativeRole* attribute, with the *accessControlSpecificArea* value.
+
+Let's first connect to the server using the *admin* user, and select the *dc=example,dc=com* entry :
+
+!images/Screen_shot_2010-07-04_at_8.45.09_PM.png|border=1!
+
+
+We will now add the *directoryOperation* attribute *administrativeRole* to this entry :
+
+!images/Screen_shot_2010-07-04_at_10.17.54_PM.png|border=1!
+
+and we select the *accessControlSpecificArea* value :
+
+!images/Screen_shot_2010-07-04_at_10.18.49_PM.png|border=1!
+
+Here is the resulting entry :
+
+!images/Screen_shot_2010-07-04_at_10.19.44_PM.png|border=1!
+
+h2. Subentry addition
+
+Now, we have to create a *subentry* in which we will add the *prescriptiveACI* granting access to all the users.
+
+Let's define the ACI first.
+
+h3. ACIItem Description
+
+Here's the ACIItem we will add :
+
+{code}
+{
+identificationTag "enableSearchForAllUsers",
+precedence 14,
+authenticationLevel simple,
+itemOrUserFirst userFirst:
+{
+userClasses { allUsers },
+userPermissions
+{
+{
+protectedItems {entry, allUserAttributeTypesAndValues},
+grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+}
+}
+}
+}
+{code}
+
+There are several parameters to this simple ACIItem. Here's a breif exaplanation of each field and it's meaning or significance.
+
+|| Fields || Description ||
+| identificationTag | Identifies the ACIItem within an entry. |
+| precedence | Determine which ACI to apply with conflicting ACIItems. |
+| authenticationLevel | User's level of trust with values of none, simple, strong |
+| itemOrUserFirst | Determines order of item permissions or user permissions. |
+| userClasses | The set of users the permissions apply to. |
+| userPermissions | Permissions on protected items |
+
+In our case, we want to grant all the users :
+
+{code:firstline=7}
+userClasses { allUsers }
+{code}
+
+to be granted a read access :
+
+{code:firstline=12}
+grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+{code}
+
+for the Entry and all the values :
+
+{code:firstline=11}
+protectedItems {entry, allUserAttributeTypesAndValues},
+{code}
+
+The granted permissions are used to allow the user to browse the tree (*grantBrowse*), read the entries (*grantRead*) and return the DN for aliases (*grantReturnDN*).
+
+h2. PrescriptiveACI addition
+
+Now that we have defined the *ACIItem*, we have to add it into a *subentry* associated with the *administration point*. This is just an entry under the *administration Point*, here, we will call it *cn=enableSearchForAllUsers, dc=example,dc=com*.
+
+The entry is described below in a LDIF format :
+
+{code}
+dn: cn=enableSearchForAllUsers,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: {}
+prescriptiveACI:
+{
+identificationTag "enableSearchForAllUsers",
+precedence 14,
+authenticationLevel simple,
+itemOrUserFirst userFirst:
+{
+userClasses { allUsers },
+userPermissions
+{
+{
+protectedItems {entry, allUserAttributeTypesAndValues}
+grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+}
+}
+}
+}
+{code}
+
+It's also easy to create such an entry with *Apache Directory Studio*. First, right click on the context entry, and select 'new Entry' :
+
+!images/Screen_shot_2010-07-04_at_11.57.50_PM.png|border=1!
+
+Then create a new entry from scratch, and select the 'subentry' and 'accessControlSubentry' ObjectClasses :
+
+!images/Screen_shot_2010-07-04_at_11.59.28_PM.png|border=1!
+
+Create the RDN for this new entry :
+
+!images/Screen_shot_2010-07-05_at_12.01.43_AM.png|border=1!
+
+Pass the subtree editor, we don't need to define anything here, and go to the Attributes definition :
+
+!images/Screen_shot_2010-07-05_at_12.03.21_AM.png|border=1!
+
+The next step is to add the *rescriptiveACI* value, using the dedicated editor :
+
+!images/Screen_shot_2010-07-05_at_12.12.16_AM.png|border=1!
+
+When the selection has been done, we have to add the permissions :
+
+!images/Screen_shot_2010-07-05_at_12.13.47_AM.png|border=1!
+
+
+Once done, all the entries under *dc=example,dc=com* are ruled by this ACI

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence?rev=1208304&view=auto
==============================================================================
    (empty)

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/APs-tree.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/APs-tree.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/APs-tree.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.17.54_PM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.17.54_PM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.17.54_PM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.18.49_PM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.18.49_PM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.18.49_PM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.19.44_PM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.19.44_PM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_10.19.44_PM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.57.50_PM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.57.50_PM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.57.50_PM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.59.28_PM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.59.28_PM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_11.59.28_PM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_8.45.09_PM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_8.45.09_PM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-04_at_8.45.09_PM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.01.43_AM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.01.43_AM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.01.43_AM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.03.21_AM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.03.21_AM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.03.21_AM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.12.16_AM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.12.16_AM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.12.16_AM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.13.47_AM.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.13.47_AM.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/Screen_shot_2010-07-05_at_12.13.47_AM.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/check.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/check.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/check.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/error.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/error.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/error.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/header-green_20091029.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/header-green_20091029.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/header-green_20091029.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/important.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/important.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/important.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb_on.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb_on.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/lightbulb_on.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/smile.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/smile.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/smile.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/subentry.png
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/subentry.png?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/subentry.png
------------------------------------------------------------------------------
    svn:mime-type = image/png

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/warning.gif
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/warning.gif?rev=1208304&view=auto
==============================================================================
Binary file - no diff available.

Propchange: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/images/warning.gif
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/preface.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/preface.confluence?rev=1208304&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/preface.confluence (added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/preface.confluence Wed Nov 30 06:56:52 2011
@@ -0,0 +1,31 @@
+
+h1. Preface
+
+Copyright © 2003-2011 The Apache Software Foundation
+
+{noformat}
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements.  See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership.  The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License.  You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied.  See the License for the
+specific language governing permissions and limitations
+under the License.
+{noformat}
+
+
+{note:title=Work in progress}
+Unfortunately the Advanced User's Guide for ApacheDS 2.0 is not finished yet.
+{note} 
+
+
+



Mime
View raw message