directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From fel...@apache.org
Subject svn commit: r1212312 - in /directory/documentation/apacheds-manuals/trunk/src: advanced-user-guide-confluence/ advanced-user-guide-confluence/authentication_and_authorization/ advanced-user-guide-confluence/authentication_and_authorization/authorizatio...
Date Fri, 09 Dec 2011 09:58:47 GMT
Author: felixk
Date: Fri Dec  9 09:58:45 2011
New Revision: 1212312

URL: http://svn.apache.org/viewvc?rev=1212312&view=rev
Log:
Fix naming: remove chapter numbers from file name, use only underscore and not a mix of dashes
and underscores (DIRSERVER-1678)

Added:
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/
      - copied from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-0-authorization.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-5-0-aci-elements.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/permissions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/protected_items.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/subtrees.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/user_classes.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_grammar.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-10-aci-grammar.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-4-0-aci-types.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/entry_aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/prescriptive_aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/subentry_aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/acis_administration.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-8-acis-administration.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/definitions.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-2-definitions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/enabling_access_control.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-3-enabling-access-control.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/introduction.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-1-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/links_and_references.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-11-links-and-references.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/migration_from_other_ldap_servers.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-6-0-the-acdf-engine.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/constraints.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/how_it_works.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/priority.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/selections.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/2-5-7-0-using-aci-trail.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail/enable_authenticated_users_to_browse_and_read_entries.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/introduction/
      - copied from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/introduction.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/introduction/administrative_points.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-1-administrative-points.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/introduction/operations_on_administrativepoints.confluence
      - copied unchanged from r1211801, directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/1-2-operations-on-administrativepoints.confluence
    directory/documentation/apacheds-manuals/trunk/src/basic-user-guide-confluence/managing_data_within_your_directory/
      - copied from r1212247, directory/documentation/apacheds-manuals/trunk/src/basic-user-guide-confluence/managing_data_within_your-directory/
Removed:
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/1-0-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/2-0-authentication-and-authorization.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-0-authorization.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-1-introduction.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-10-aci-grammar.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-11-links-and-references.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-2-definitions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-3-enabling-access-control.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-4-0-aci-types.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-4-1-entry-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-4-2-prescriptive-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-4-3-subentry-aci.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-5-0-aci-elements.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-5-1-user-classes.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-5-2-protected-items.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-5-3-permissions.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-5-4-subtrees.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-6-0-the-acdf-engine.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-6-1-how-it-works.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-6-2-selections.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-6-3-constraints.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-6-4-priority.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-7-0-using-aci-trail.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-8-acis-administration.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/2-5-9-migration-from-other-ldap-servers.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-1/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/chapter-2/
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/introduction/1-1-administrative-points.confluence
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/introduction/1-2-operations-on-administrativepoints.confluence
    directory/documentation/apacheds-manuals/trunk/src/basic-user-guide-confluence/managing_data_within_your-directory/
Modified:
    directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/permissions.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/permissions.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/permissions.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/permissions.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. Permissions

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/protected_items.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/protected_items.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/protected_items.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/protected_items.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1,11 @@
+h4. ProtectedItems
+
+The *protected items* are elements being accessed, and thus controlled by ACIs. Many parts
of the DIT can be protected :
+* Entry : a entry as a whole.
+* allUserAttributeTypes : the User's AttributeType, excluding the associated values
+* allUserAttributeTypesAndValues : the User's AttributeType, including the associated values
+* allAttributeValues : All the AttributeType values
+* attributeType : A specific AttributeType
+* attributeValue : A set of attribute values
+* selfValue : The values associated with the requestor RDN's AttributeTypes
+

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/subtrees.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/subtrees.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/subtrees.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/subtrees.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. Subtrees

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/user_classes.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/user_classes.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/user_classes.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_elements/user_classes.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. UserClasses

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/entry_aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/entry_aci.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/entry_aci.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/entry_aci.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1,8 @@
+h4. EntryACI
+
+Entry ACI are access controls added to entries to protect that entry specifically. Meaning
the protected entry is the entry where the ACI resides. When performing an operation on an
entry, ApacheDS checks for the presence of the multivalued operational attribute, *entryACI*.
The values of the entryACI attribute contain ACIItems.
+
+{note}
+
+There is one exception to the rule of consulting entryACI attributes within ApacheDS: add
operations do not consult the entryACI within the entry being added. This is a security precaution.
(??? Check this sentence) If allowed users can arbitrarily add entries where they wanted by
putting entryACI into the new entry being added. This could compromise the DSA.
+{note}

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/prescriptive_aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/prescriptive_aci.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/prescriptive_aci.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/prescriptive_aci.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1,13 @@
+h4. PrescriptiveACPI
+
+Prescriptive ACI are access controls that are applied to a collection of entries, not just
to a single entry. Collections of entries are defined by the subtreeSpecifications of subentries.
Hence prescriptive ACI are added to subentries as attributes and are applied by ApacheDS to
the entries selected by the subentry's subtreeSpecification. ApacheDS uses the *prescriptiveACI*
multivalued operational attribute within subentries to contain ACIItems that apply to the
entry collection.
+
+Prescriptive ACI can save much effort when trying to control access to a collection of resources.
Prescriptive ACI can even be specified to apply access controls to entries that do not yet
exist within the DIT. They are a very powerful mechanism and for this reason they are the
preferred mechanism for managing access to protected resources. ApacheDS is optimized specifically
for managing access to collections of entries rather than point entries themselves.
+
+Users should try to avoid entry ACIs whenever possible, and use prescriptive ACIs instead.
Entry ACIs are more for managing exceptional cases and should not be used excessively.
+
+{info:title=How it works!}
+For every type of LDAP operation, ApacheDS checks to see if any access control subentries
include the protected entry in their collection. The set of subentries which include the protected
entry are discovered very rapidly by the subentry subsystem. The subentry subsystem caches
subtreeSpecifications for all subentries within the server so inclusion checks are fast.
+
+For each access control subentry in the set, ApacheDS checks within a prescriptive ACI cache
for ACI tuples. ApacheDS also caches prescriptive ACI information in a special form called
ACI tuples. This is done so ACIItem parsing and conversion to an optimal representations for
evaluation is not required at access time. This way access based on prescriptive ACIs is determined
very rapidly.
+{info}

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/subentry_aci.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/subentry_aci.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/subentry_aci.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/aci_types/subentry_aci.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1,8 @@
+h4. SubentryACI
+
+Access to subentries also needs to be controlled. Subentries are special in ApacheDS. Although
they subordinate to an administrative entry (entry of an Administrative Point), they are technically
considered to be in the same context as their administrative entry. ApacheDS considers the
perscriptive ACI applied to the administrative entry, to also apply to its subentries.
+
+This however is not the most intuitive mechanism to use for explicitly controlling access
to subentries. A more explicit mechanism is used to specify ACIs specifically for protecting
subentries. ApacheDS uses the multivalued operational attribute, *subentryACI*, within administrative
entries to control access to immediately subordinate subentries.
+
+Protection policies for ACIs themselves can be managed within the entry of an administrative
point.
+

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/constraints.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/constraints.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/constraints.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/constraints.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. Constraints

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/how_it_works.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/how_it_works.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/how_it_works.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/how_it_works.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. How it works

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/priority.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/priority.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/priority.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/priority.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. Priority

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/selections.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/selections.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/selections.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/the_acdf_engine/selections.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1 @@
+h4. Selections

Added: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail/enable_authenticated_users_to_browse_and_read_entries.confluence
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail/enable_authenticated_users_to_browse_and_read_entries.confluence?rev=1212312&view=auto
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail/enable_authenticated_users_to_browse_and_read_entries.confluence
(added)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/authentication_and_authorization/authorization/using_aci_trail/enable_authenticated_users_to_browse_and_read_entries.confluence
Fri Dec  9 09:58:45 2011
@@ -0,0 +1,149 @@
+h4. Enable Authothenticated Users to Browse and Read Entries
+
+In this trail, we will show how we will allow all authenticated users to browse and read
all the entries.
+
+By default, if the access control subsystem is enabled, no one but the administrator can
browse the DIT. This is obviously not convenient ...
+
+h5. Partition and Access Control Area Setup
+
+For this example we presume you have setup a partition at the namingContext *dc=example,dc=com*
and have turned on access controls. Now you want to grant browse and read access to entries
and their attributes.
+
+Before you can add a *subentry* with the *prescriptiveACI* you'll need to create an *administrative
area*. For now we'll make the root of the partition the *Adminstrative Point* (*AP*). Every
entry including this entry and those underneath will be part of the autonomous administrative
area for managing access controls. To do this we must add the *administrativeRole* operational
attribute to the *AP* entry.
+
+h6. AdministrationPoint setup
+
+In our case, the *dc=example,dc=com* context entry has to contain the *administrativeRole*
attribute, with the *accessControlSpecificArea* value.
+
+Let's first connect to the server using the *admin* user, and select the *dc=example,dc=com*
entry :
+
+!images/Screen_shot_2010-07-04_at_8.45.09_PM.png|border=1!
+
+
+We will now add the *directoryOperation* attribute *administrativeRole* to this entry :
+
+!images/Screen_shot_2010-07-04_at_10.17.54_PM.png|border=1!
+
+and we select the *accessControlSpecificArea* value :
+
+!images/Screen_shot_2010-07-04_at_10.18.49_PM.png|border=1!
+
+Here is the resulting entry :
+
+!images/Screen_shot_2010-07-04_at_10.19.44_PM.png|border=1!
+
+h6. Subentry addition
+
+Now, we have to create a *subentry* in which we will add the *prescriptiveACI* granting access
to all the users.
+
+Let's define the ACI first.
+
+h6. ACIItem Description
+
+Here's the ACIItem we will add :
+
+{code}
+{
+identificationTag "enableSearchForAllUsers",
+precedence 14,
+authenticationLevel simple,
+itemOrUserFirst userFirst:
+{
+userClasses { allUsers },
+userPermissions
+{
+{
+protectedItems {entry, allUserAttributeTypesAndValues},
+grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+}
+}
+}
+}
+{code}
+
+There are several parameters to this simple ACIItem. Here's a breif exaplanation of each
field and it's meaning or significance.
+
+|| Fields || Description ||
+| identificationTag | Identifies the ACIItem within an entry. |
+| precedence | Determine which ACI to apply with conflicting ACIItems. |
+| authenticationLevel | User's level of trust with values of none, simple, strong |
+| itemOrUserFirst | Determines order of item permissions or user permissions. |
+| userClasses | The set of users the permissions apply to. |
+| userPermissions | Permissions on protected items |
+
+In our case, we want to grant all the users :
+
+{code:firstline=7}
+userClasses { allUsers }
+{code}
+
+to be granted a read access :
+
+{code:firstline=12}
+grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+{code}
+
+for the Entry and all the values :
+
+{code:firstline=11}
+protectedItems {entry, allUserAttributeTypesAndValues},
+{code}
+
+The granted permissions are used to allow the user to browse the tree (*grantBrowse*), read
the entries (*grantRead*) and return the DN for aliases (*grantReturnDN*).
+
+h6. PrescriptiveACI addition
+
+Now that we have defined the *ACIItem*, we have to add it into a *subentry* associated with
the *administration point*. This is just an entry under the *administration Point*, here,
we will call it *cn=enableSearchForAllUsers, dc=example,dc=com*.
+
+The entry is described below in a LDIF format :
+
+{code}
+dn: cn=enableSearchForAllUsers,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: {}
+prescriptiveACI:
+{
+identificationTag "enableSearchForAllUsers",
+precedence 14,
+authenticationLevel simple,
+itemOrUserFirst userFirst:
+{
+userClasses { allUsers },
+userPermissions
+{
+{
+protectedItems {entry, allUserAttributeTypesAndValues}
+grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+}
+}
+}
+}
+{code}
+
+It's also easy to create such an entry with *Apache Directory Studio*. First, right click
on the context entry, and select 'new Entry' :
+
+!images/Screen_shot_2010-07-04_at_11.57.50_PM.png|border=1!
+
+Then create a new entry from scratch, and select the 'subentry' and 'accessControlSubentry'
ObjectClasses :
+
+!images/Screen_shot_2010-07-04_at_11.59.28_PM.png|border=1!
+
+Create the RDN for this new entry :
+
+!images/Screen_shot_2010-07-05_at_12.01.43_AM.png|border=1!
+
+Pass the subtree editor, we don't need to define anything here, and go to the Attributes
definition :
+
+!images/Screen_shot_2010-07-05_at_12.03.21_AM.png|border=1!
+
+The next step is to add the *rescriptiveACI* value, using the dedicated editor :
+
+!images/Screen_shot_2010-07-05_at_12.12.16_AM.png|border=1!
+
+When the selection has been done, we have to add the permissions :
+
+!images/Screen_shot_2010-07-05_at_12.13.47_AM.png|border=1!
+
+
+Once done, all the entries under *dc=example,dc=com* are ruled by this ACI

Modified: directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
URL: http://svn.apache.org/viewvc/directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt?rev=1212312&r1=1212311&r2=1212312&view=diff
==============================================================================
--- directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
(original)
+++ directory/documentation/apacheds-manuals/trunk/src/advanced-user-guide-confluence/book.txt
Fri Dec  9 09:58:45 2011
@@ -1,29 +1,29 @@
 preface.confluence
-1-0-introduction.confluence
-chapter-1/1-1-administrative-points.confluence
-chapter-1/1-2-operations-on-administrativepoints.confluence
-2-0-authentication-and-authorization.confluence
-chapter-2/2-5-0-authorization.confluence
-chapter-2/2-5-1-introduction.confluence
-chapter-2/2-5-2-definitions.confluence
-chapter-2/2-5-3-enabling-access-control.confluence
-chapter-2/2-5-4-0-aci-types.confluence
-chapter-2/2-5-4-1-entry-aci.confluence
-chapter-2/2-5-4-2-prescriptive-aci.confluence
-chapter-2/2-5-4-3-subentry-aci.confluence
-chapter-2/2-5-5-0-aci-elements.confluence
-chapter-2/2-5-5-1-user-classes.confluence
-chapter-2/2-5-5-2-protected-items.confluence
-chapter-2/2-5-5-3-permissions.confluence
-chapter-2/2-5-5-4-subtrees.confluence
-chapter-2/2-5-6-0-the-acdf-engine.confluence
-chapter-2/2-5-6-1-how-it-works.confluence
-chapter-2/2-5-6-2-selections.confluence
-chapter-2/2-5-6-3-constraints.confluence
-chapter-2/2-5-6-4-priority.confluence
-chapter-2/2-5-7-0-using-aci-trail.confluence
-chapter-2/2-5-7-1-enable-authenticated-users-to-browse-and-read-entries.confluence
-chapter-2/2-5-8-acis-administration.confluence
-chapter-2/2-5-9-migration-from-other-ldap-servers.confluence
-chapter-2/2-5-10-aci-grammar.confluence
-chapter-2/2-5-11-links-and-references.confluence
+introduction.confluence
+introduction/administrative_points.confluence
+introduction/operations_on_administrativepoints.confluence
+authentication_and_authorization.confluence
+authentication_and_authorization/authorization.confluence
+authentication_and_authorization/authorization/introduction.confluence
+authentication_and_authorization/authorization/definitions.confluence
+authentication_and_authorization/authorization/enabling_access_control.confluence
+authentication_and_authorization/authorization/aci_types.confluence
+authentication_and_authorization/authorization/aci_types/entry_aci.confluence
+authentication_and_authorization/authorization/aci_types/prescriptive_aci.confluence
+authentication_and_authorization/authorization/aci_types/subentry_aci.confluence
+authentication_and_authorization/authorization/aci_elements.confluence
+authentication_and_authorization/authorization/aci_elements/user_classes.confluence
+authentication_and_authorization/authorization/aci_elements/protected_items.confluence
+authentication_and_authorization/authorization/aci_elements/permissions.confluence
+authentication_and_authorization/authorization/aci_elements/subtrees.confluence
+authentication_and_authorization/authorization/the_acdf_engine.confluence
+authentication_and_authorization/authorization/the_acdf_engine/how_it_works.confluence
+authentication_and_authorization/authorization/the_acdf_engine/selections.confluence
+authentication_and_authorization/authorization/the_acdf_engine/constraints.confluence
+authentication_and_authorization/authorization/the_acdf_engine/priority.confluence
+authentication_and_authorization/authorization/using_aci_trail.confluence
+authentication_and_authorization/authorization/using_aci_trail/enable_authenticated_users_to_browse_and_read_entries.confluence
+authentication_and_authorization/authorization/acis_administration.confluence
+authentication_and_authorization/authorization/migration_from_other_ldap_servers.confluence
+authentication_and_authorization/authorization/aci_grammar.confluence
+authentication_and_authorization/authorization/links_and_references.confluence



Mime
View raw message