directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fel...@apache.org
Subject svn commit: r1211309 - in /directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence: ./ chapter-1/ chapter-2/
Date Wed, 07 Dec 2011 06:24:10 GMT
Author: felixk
Date: Wed Dec  7 06:24:09 2011
New Revision: 1211309

URL: http://svn.apache.org/viewvc?rev=1211309&view=rev
Log:
Fix numbering of titles/navigation (DIRSERVER-1678)

Move "Advanced User's Guide" (https://cwiki.apache.org/confluence/display/DIRxSRVx20/ApacheDS+v2.0+Advanced+User%27s+Guide)

Added:
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-0-authorization.confluence
Modified:
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
Wed Dec  7 06:24:09 2011
@@ -1,4 +1,2 @@
-{scrollbar}
-
-h3. [2. Authentication & Authorization]
+h1. Authentication & Authorization
 

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
Wed Dec  7 06:24:09 2011
@@ -3,8 +3,7 @@ preface.confluence
 chapter-1/1-1-administrative-points.confluence
 chapter-1/1-2-operations-on-administrativepoints.confluence
 2-0-authentication-and-authorization.confluence
-chapter-2/2-5-10-aci-grammar.confluence
-chapter-2/2-5-11-links-and-references.confluence
+chapter-2/2-5-0-authorization.confluence
 chapter-2/2-5-1-introduction.confluence
 chapter-2/2-5-2-definitions.confluence
 chapter-2/2-5-3-enabling-access-control.confluence
@@ -26,3 +25,5 @@ chapter-2/2-5-7-0-using-aci-trail.conflu
 chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
 chapter-2/2-5-8-acis-administration.confluence
 chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
+chapter-2/2-5-10-aci-grammar.confluence
+chapter-2/2-5-11-links-and-references.confluence

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
Wed Dec  7 06:24:09 2011
@@ -1,4 +1,4 @@
-h1. Introduction
+h2. Introduction
 
 An *Administrative Point* is an entry which is defining a starting point from which some
of the four existing administrative roles will span. It's important to understand than an
Administrative Point (or *AP*) comes hand in hand with the associated *Subentries*, otherwise
it's useless.
 
@@ -18,7 +18,7 @@ The schema shows the relation between th
 !images/subentry.png|border=1!
 
 
-h2. Administrative Point
+h3. Administrative Point
 We will describe the types of Administrative Points we are managing and the way they impact
their associated Administrative Areas (*AA*)
 
 We have three different kind of *AP* :
@@ -33,14 +33,14 @@ Those three different *AP*s are related 
 * An *AAP* or a *SAP* start at some point in the tree, and all the entries below this *AAP*/*SAP*
aren't related to any other *AAP*. That also means that if an *AAP*/*SAP* is created below
an existing AP, then all the entries it covers are unlinked from the previous AP (except that
for *SAP*, we just logically keep a link to the higher AP for all the other aspects but the
one covered by the new *SAP*)
 * An *IAP* _must_ be included into another *AP*, being it an *AAP*, *SAP* or *IAP*. It controls
a specific aspect too, as for the *SAP*, but it will be combined with any of the above *AP*.
 
-h2. Roles
+h3. Roles
 *AP* are managing some administrative aspect, defined by a role :
 * ACI : Manage the access control
 * CollectiveAttribute : Manage the collective attributes
 * SubSchema (not handled atm)
 * TriggrExecution : Manage the execution of stored procedures
 
-h1. Subentry
+h2. Subentry
 
 Once we have defined an *AP*, we can add some *subentries* which contain the description
of the administrative actions, including :
 * The area this *subentry* covers, defined by a *SubtreeSpecification*, named *subtree*.

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
Wed Dec  7 06:24:09 2011
@@ -1,4 +1,4 @@
-h1. Operations
+h2. Operations
 There are six kind of operations we can have on an AdministrativePoint :
 - creating a new AP
 - removing an existing AP
@@ -11,7 +11,7 @@ Renaming an AP has no impact on the admi
 
 Also note that any modification made on an entry's AdminsitrativeRole may have an impact
on all it's descendants and ascendants (this is true for the Modify and Move operation)
 
-h2. Adding an AP entry
+h3. Adding an AP entry
 This seems to be a simple operation, however many checks have to be done in order to not
break the existing Administrative model.
 
 First of all, we have to check that the added entry contains the AdministrativeRole attributeType,
and that this role is not empty. As we don't have any semantic control for this AT (the attached
syntax is just expecting the values to be Strings), we have to do those checks in the AdminInterceptor.
@@ -28,12 +28,12 @@ Once those basic checks done, we also ha
 
 If all those checks are ok, we can add the entry into the base, and update the AP cache
 
-h2. Deleting an AP entry
+h3. Deleting an AP entry
 This operation is way simpler, as we can't delete an entry if it has some children, so there
is no need to check that the administrative model is consistent.
 
 We just have to remove the entry and update the AP cache
 
-h2. Modifying an AP entry
+h3. Modifying an AP entry
 This is way more complex. We can have five kind of modification here :
 * addition of roles
 * deletion of roles
@@ -43,7 +43,7 @@ This is way more complex. We can have fi
 
 The three first modifications can imply more than one role. We have to deal with each of
those modifications one by one.
 
-h3. Addition of roles
+h4. Addition of roles
 For this modification, we will have to check for each of the roles the very same elements
than for the Add operation above :
 * if the entry does not have an AdministrativeRole AT, we have to create it
 * we must have at least one value
@@ -55,7 +55,7 @@ For this modification, we will have to c
 
 If all of those checks are ok, we can update the AP cache, which must be cloned, otherwise
we may have to rollback the operation if any of the following modification fails.
 
-h3. Removing of roles
+h4. Removing of roles
 First, if there is no value for this modification, then that means we must delete the Attribute.
This case will be analyzed later.
 For each of the role to remove, we have to apply those checks :
 * the role must be syntaxicaly correct
@@ -66,15 +66,15 @@ Now, if there are no values, we have to 
 
 If everything is fine, we can remove the roles from the attribute.
 
-h3. Replacing roles
+h4. Replacing roles
 This kind of modifications are not currently supported
 
-h2. Moving an AP
+h3. Moving an AP
 As we move the entry, we may induce some inconsistencies in the AP tree.
 
 The problem we might have is that if we move an entry having an IAP in a place where this
role has no parent AAP or parent SAP with the same role, then the AdministrativeModel tree
will be inconsistent. We have to check this.
 
-h1. Impact on the existing entries
+h2. Impact on the existing entries
 
 When we add or remove a role in a server, it may have a huge impact on the existing entries,
as soon as those roles are associated with some subtreeSpecification which defines a set of
contained entries. If we remove such a role, all the entries pertaining to the associated
area have to be updated.
 
@@ -82,27 +82,27 @@ It's the same thing if we add a SAP or a
 
 In any case, we don't even need to define a SubtreeSpecification, as soon as an AAP or SAP
is created, it excludes all the children entries from any other higher AP areas.
 
-h2. Adding a Role
+h3. Adding a Role
 Whatever the way we used to add a role (add an entry, modify an existing one), there are
one thing we have to do depending on the kind of role we added. Of course, we stop modifying
entries when another lower SAP or AAP is defined.
 
-h3. Adding an AAP
+h4. Adding an AAP
 All the children which were pointing to any higher IAP, SAP or AAP will be dereferenced.
If a subtree specification is added under the newly added AAP, then all the associated entries
will be updated.
 
-h3. Adding a SAP
+h4. Adding a SAP
 All the children which were pointing to any higher IAP or SAP with the same type of role,
or an AAP, will be dereferenced (of course, only for the added type of role, the other references
will remain). If a subtree specification is added under the newly added SAP, then all the
associated entries will be updated.
 
-h3. Adding an IAP
+h4. Adding an IAP
 All the children which were pointing to any higher IAP with the same type of role will be
dereferenced, and will now point to this newly added IAP.
 All the children which were pointing on a SAP with the same role, or an AAP, will be modified
to also point on the newly added IAP.
 
-h2. Removing a role
+h3. Removing a role
 Depending on the kind of role we removed, we will have to update the entries accordingly.
 
-h3. Removing an AAP
+h4. Removing an AAP
 All the entries referencing the removed AAP will be updated, and will now reference the inherited
AAP, SAP and IAP (if any). If there is some higher IAP, we will also reference it.
 
-h3. Removing a SAP
+h4. Removing a SAP
 All the entries referencing the removed SAP will be updated, and will now reference either
the parent AAP or the parent SAP with the same role, if any. We will also reference an IAP
with the same role if we have some higher in the hierarchy.
 
-h3. Removing an IAP
+h4. Removing an IAP
 All the entries referencing the removed IAP will be updated. There is nothing else to do.

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-0-authorization.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-0-authorization.confluence?rev=1211309&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-0-authorization.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-0-authorization.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h2. Authorization

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
Wed Dec  7 06:24:09 2011
@@ -1,4 +1,4 @@
-h1. Operations
+h3. Operations
 There are six kind of operations we can have on an AdministrativePoint :
 - creating a new AP
 - removing an existing AP
@@ -11,7 +11,7 @@ Renaming an AP has no impact on the admi
 
 Also note that any modification made on an entry's AdminsitrativeRole may have an impact
on all it's descendants and ascendants (this is true for the Modify and Move operation)
 
-h2. Adding an AP entry
+h4. Adding an AP entry
 This seems to be a simple operation, however many checks have to be done in order to not
break the existing Administrative model.
 
 First of all, we have to check that the added entry contains the AdministrativeRole attributeType,
and that this role is not empty. As we don't have any semantic control for this AT (the attached
syntax is just expecting the values to be Strings), we have to do those checks in the AdminInterceptor.
@@ -28,12 +28,12 @@ Once those basic checks done, we also ha
 
 If all those checks are ok, we can add the entry into the base, and update the AP cache
 
-h2. Deleting an AP entry
+h4. Deleting an AP entry
 This operation is way simpler, as we can't delete an entry if it has some children, so there
is no need to check that the administrative model is consistent.
 
 We just have to remove the entry and update the AP cache
 
-h2. Modifying an AP entry
+h4. Modifying an AP entry
 This is way more complex. We can have five kind of modification here :
 * addition of roles
 * deletion of roles
@@ -43,7 +43,7 @@ This is way more complex. We can have fi
 
 The three first modifications can imply more than one role. We have to deal with each of
those modifications one by one.
 
-h3. Addition of roles
+h5. Addition of roles
 For this modification, we will have to check for each of the roles the very same elements
than for the Add operation above :
 * if the entry does not have an AdministrativeRole AT, we have to create it
 * we must have at least one value
@@ -55,7 +55,7 @@ For this modification, we will have to c
 
 If all of those checks are ok, we can update the AP cache, which must be cloned, otherwise
we may have to rollback the operation if any of the following modification fails.
 
-h3. Removing of roles
+h5. Removing of roles
 First, if there is no value for this modification, then that means we must delete the Attribute.
This case will be analyzed later.
 For each of the role to remove, we have to apply those checks :
 * the role must be syntaxicaly correct
@@ -66,15 +66,15 @@ Now, if there are no values, we have to 
 
 If everything is fine, we can remove the roles from the attribute.
 
-h3. Replacing roles
+h5. Replacing roles
 This kind of modifications are not currently supported
 
-h2. Moving an AP
+h4. Moving an AP
 As we move the entry, we may induce some inconsistencies in the AP tree.
 
 The problem we might have is that if we move an entry having an IAP in a place where this
role has no parent AAP or parent SAP with the same role, then the AdministrativeModel tree
will be inconsistent. We have to check this.
 
-h1. Impact on the existing entries
+h3. Impact on the existing entries
 
 When we add or remove a role in a server, it may have a huge impact on the existing entries,
as soon as those roles are associated with some subtreeSpecification which defines a set of
contained entries. If we remove such a role, all the entries pertaining to the associated
area have to be updated.
 
@@ -82,27 +82,27 @@ It's the same thing if we add a SAP or a
 
 In any case, we don't even need to define a SubtreeSpecification, as soon as an AAP or SAP
is created, it excludes all the children entries from any other higher AP areas.
 
-h2. Adding a Role
+h4. Adding a Role
 Whatever the way we used to add a role (add an entry, modify an existing one), there are
one thing we have to do depending on the kind of role we added. Of course, we stop modifying
entries when another lower SAP or AAP is defined.
 
-h3. Adding an AAP
+h5. Adding an AAP
 All the children which were pointing to any higher IAP, SAP or AAP will be dereferenced.
If a subtree specification is added under the newly added AAP, then all the associated entries
will be updated.
 
-h3. Adding a SAP
+h5. Adding a SAP
 All the children which were pointing to any higher IAP or SAP with the same type of role,
or an AAP, will be dereferenced (of course, only for the added type of role, the other references
will remain). If a subtree specification is added under the newly added SAP, then all the
associated entries will be updated.
 
-h3. Adding an IAP
+h5. Adding an IAP
 All the children which were pointing to any higher IAP with the same type of role will be
dereferenced, and will now point to this newly added IAP.
 All the children which were pointing on a SAP with the same role, or an AAP, will be modified
to also point on the newly added IAP.
 
-h2. Removing a role
+h4. Removing a role
 Depending on the kind of role we removed, we will have to update the entries accordingly.
 
-h3. Removing an AAP
+h5. Removing an AAP
 All the entries referencing the removed AAP will be updated, and will now reference the inherited
AAP, SAP and IAP (if any). If there is some higher IAP, we will also reference it.
 
-h3. Removing a SAP
+h5. Removing a SAP
 All the entries referencing the removed SAP will be updated, and will now reference either
the parent AAP or the parent SAP with the same role, if any. We will also reference an IAP
with the same role if we have some higher in the hierarchy.
 
-h3. Removing an IAP
+h5. Removing an IAP
 All the entries referencing the removed IAP will be updated. There is nothing else to do.

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,4 @@
+h3. ACI Grammar
 The ACI attributes store data following a specific structure, which is define by this grammar
:
 
 {code:title=ACI grammar|linenumbers=true|lang=xml}

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,5 @@
+h3. Links and references
+
 The *Apache Directory Server* authorization system is based on the *X.500* specifications.
Those documents are available on [X.500 freely available specifications|http://www.x500standard.com/index.php?n=Ig.LatestAvail],
and more specifically [X.501|http://www.itu.int/rec/T-REC-X.501-200811-I!Cor2/dologin.asp?lang=e&id=T-REC-X.501-200811-I!Cor2!PDF-E&type=items].
 
 Some more 'user friendly' documentation about Access Control can be found in *Chadwick*'s
book, available at [X.500 book|http://sec.cs.kent.ac.uk/x500book/], chapter 8.

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,5 @@
+h3. Definitions
+
 *ACI* :
 bq. Access Control Information. The set of all the information which might be relevant to
an access control decision for a given subject.
 

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h3. Enabling Access Control

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
Wed Dec  7 06:24:09 2011
@@ -1 +1,3 @@
+h3. ACI types
+
 Three different types of ACI exist. All types use the same specification syntax for an ACIITem.
These types differ in their placement and manner of use within the directory.

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-1-entry-aci.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,5 @@
+h4. EntryACI
+
 Entry ACI are access controls added to entries to protect that entry specifically. Meaning
the protected entry is the entry where the ACI resides. When performing an operation on an
entry, ApacheDS checks for the presence of the multivalued operational attribute, *entryACI*.
The values of the entryACI attribute contain ACIItems.
 
 {note}

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-2-prescriptive-aci.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,5 @@
+h4. PrescriptiveACPI
+
 Prescriptive ACI are access controls that are applied to a collection of entries, not just
to a single entry. Collections of entries are defined by the subtreeSpecifications of subentries.
Hence prescriptive ACI are added to subentries as attributes and are applied by ApacheDS to
the entries selected by the subentry's subtreeSpecification. ApacheDS uses the *prescriptiveACI*
multivalued operational attribute within subentries to contain ACIItems that apply to the
entry collection.
 
 Prescriptive ACI can save much effort when trying to control access to a collection of resources.
Prescriptive ACI can even be specified to apply access controls to entries that do not yet
exist within the DIT. They are a very powerful mechanism and for this reason they are the
preferred mechanism for managing access to protected resources. ApacheDS is optimized specifically
for managing access to collections of entries rather than point entries themselves.

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-3-subentry-aci.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,5 @@
+h4. SubentryACI
+
 Access to subentries also needs to be controlled. Subentries are special in ApacheDS. Although
they subordinate to an administrative entry (entry of an Administrative Point), they are technically
considered to be in the same context as their administrative entry. ApacheDS considers the
perscriptive ACI applied to the administrative entry, to also apply to its subentries.
 
 This however is not the most intuitive mechanism to use for explicitly controlling access
to subentries. A more explicit mechanism is used to specify ACIs specifically for protecting
subentries. ApacheDS uses the multivalued operational attribute, *subentryACI*, within administrative
entries to control access to immediately subordinate subentries.

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h3. ACI elements

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-1-user-classes.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. UserClasses

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-2-protected-items.confluence
Wed Dec  7 06:24:09 2011
@@ -1,3 +1,5 @@
+h4. ProtectedItems
+
 The *protected items* are elements being accessed, and thus controlled by ACIs. Many parts
of the DIT can be protected :
 * Entry : a entry as a whole.
 * allUserAttributeTypes : the User's AttributeType, excluding the associated values

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-3-permissions.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. Permissions

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-4-subtrees.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. Subtrees

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h3. The ACDF engine

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-1-how-it-works.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. How it works

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-2-selections.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. Selections

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-3-constraints.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. Constraints

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-4-priority.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h4. Priority

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h3. Using ACIs trail

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
Wed Dec  7 06:24:09 2011
@@ -1,14 +1,16 @@
+h4. Enable Authothenticated Users to Browse and Read Entries
+
 In this trail, we will show how we will allow all authenticated users to browse and read
all the entries.
 
 By default, if the access control subsystem is enabled, no one but the administrator can
browse the DIT. This is obviously not convenient ...
 
-h1. Partition and Access Control Area Setup
+h5. Partition and Access Control Area Setup
 
 For this example we presume you have setup a partition at the namingContext *dc=example,dc=com*
and have turned on access controls. Now you want to grant browse and read access to entries
and their attributes.
 
 Before you can add a *subentry* with the *prescriptiveACI* you'll need to create an *administrative
area*. For now we'll make the root of the partition the *Adminstrative Point* (*AP*). Every
entry including this entry and those underneath will be part of the autonomous administrative
area for managing access controls. To do this we must add the *administrativeRole* operational
attribute to the *AP* entry.
 
-h2. AdministrationPoint setup
+h6. AdministrationPoint setup
 
 In our case, the *dc=example,dc=com* context entry has to contain the *administrativeRole*
attribute, with the *accessControlSpecificArea* value.
 
@@ -29,13 +31,13 @@ Here is the resulting entry :
 
 !images/Screen_shot_2010-07-04_at_10.19.44_PM.png|border=1!
 
-h2. Subentry addition
+h6. Subentry addition
 
 Now, we have to create a *subentry* in which we will add the *prescriptiveACI* granting access
to all the users.
 
 Let's define the ACI first.
 
-h3. ACIItem Description
+h6. ACIItem Description
 
 Here's the ACIItem we will add :
 
@@ -88,7 +90,7 @@ protectedItems {entry, allUserAttributeT
 
 The granted permissions are used to allow the user to browse the tree (*grantBrowse*), read
the entries (*grantRead*) and return the DN for aliases (*grantReturnDN*).
 
-h2. PrescriptiveACI addition
+h6. PrescriptiveACI addition
 
 Now that we have defined the *ACIItem*, we have to add it into a *subentry* associated with
the *administration point*. This is just an entry under the *administration Point*, here,
we will call it *cn=enableSearchForAllUsers, dc=example,dc=com*.
 

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h3. ACIs administration

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence?rev=1211309&r1=1211308&r2=1211309&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
Wed Dec  7 06:24:09 2011
@@ -0,0 +1 @@
+h3. Migration from another LDAP server



Mime
View raw message