directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r836617 - in /websites/staging/directory/trunk/content: ./ apacheds/ apacheds/basic-ug/ apacheds/basic-ug/images/
Date Tue, 30 Oct 2012 17:53:19 GMT
Author: buildbot
Date: Tue Oct 30 17:53:18 2012
New Revision: 836617

Staging update by buildbot for directory

  (with props)
 (with props)
 (with props)
    websites/staging/directory/trunk/content/   (props changed)

Propchange: websites/staging/directory/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Tue Oct 30 17:53:18 2012
@@ -1 +1 @@

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html Tue Oct
30 17:53:18 2012
@@ -127,6 +127,7 @@
 <h1 id="1-how-to-begin">1 - How to begin</h1>
 <p>This chapter helps you to set up a server, with the minimal configuration options
being explained. That should be enough to get a running server.</p>
+<p>This user guide is <strong>not</strong> intended to be a <strong>LDAP</strong>
guide : there are some excellent tutorials or books, we won't try to challenge them !</p>
 <h2 id="table-of-content">Table of content</h2>
 <li><a href="1.1-what-apacheds-is.html">1.1 - What Apache Directory Server is</a></li>

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html Tue Oct
30 17:53:18 2012
@@ -132,8 +132,6 @@
 <li><a href="2.1-data-modification.html">2.1 - Data modification</a><ul>
 <li><a href="2.1.1-adding-entries.html">2.1.1 - Adding Entries</a></li>
 <li><a href="2.1.2-deleting-entries.html">2.1.2 - Deleting Entries</a></li>
-<li><a href="2.1.3-modifying-entries.html">2.1.3 - Modifying Entries</a></li>
-<li><a href="2.1.4-moving-entries.html">2.1.4 - Moving Entries</a></li>
 <li><a href="2.2-searching-data.html">2.2 - Searching Data</a><ul>

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html Tue
Oct 30 17:53:18 2012
@@ -126,7 +126,8 @@
 <h1 id="22-searching-data">2.2 - Searching Data</h1>
+<p>Searching is the most frequent operation done on a LDAP server : everything is optimizd
so that the search operation is as fast as possible.</p>
+<p>We will show how to do some simple searches on <em>Apache Directory Server</em>
in the following pages.</p>
 <h2 id="table-of-content">Table of content</h2>
 <li><a href="2.2.1-simple-search.html">2.2.1 - Simple search</a></li>

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html Tue
Oct 30 17:53:18 2012
@@ -126,7 +126,29 @@
 <h1 id="221-simple-search">2.2.1 - Simple search</h1>
+<p>Basically, a search in <strong>LDAP</strong> requires a few parameters
+<em> A server on which we will send the request
+</em> A port for this server
+<em> A base <em>DN</em>, the location where to start the search from</em>
A filter to select the entries to be returned
+<em> The user doing the search
+</em> A password if the user is not already bound
+<em> A scope, defining the depth we should look for
+</em> The list of attributes to return</p>
+<p>There are several other options, which will be exposed in the next chapter.</p>
+<h2 id="doing-a-simple-search-on-the-command-line">Doing a Simple Search on the command
+<p>Here is an exemple of search done on the base we have created :</p>
+<div class="codehilite"><pre><span class="nv">$</span> <span class="nv">ldapsearch</span>
<span class="o">-</span><span class="n">h</span> <span class="n">zanzibar</span>
<span class="o">-</span><span class="n">p</span> <span class="mi">10389</span>
<span class="o">-</span><span class="n">b</span> <span class="s">&quot;o=sevenSeas&quot;</span>
<span class="o">-</span><span class="n">s</span> <span class="k">sub
</span><span class="err">&quot;(</span><span class="nf">cn</span><span
class="err">=</span><span class="nf">James</span> <span class="nf">Hook</span><span
class="err">)&quot;</span> <span class="err">+</span>
+<span class="nf">version</span><span class="err">:</span> <span
+<span class="nf">dn</span><span class="err">:</span> <span class="nf">cn</span><span
class="err">=</span><span class="nf">James</span> <span class="nf">Hook</span><span
class="err">,</span><span class="nf">ou</span><span class="err">=</span><span
class="nf">people</span><span class="err">,</span><span class="nf">o</span><span
class="err">=</span><span class="nf">sevenSeas</span>
+<span class="nf">accessControlSubentries</span><span class="err">:</span>
<span class="nf">cn</span><span class="err">=</span><span class="nf">sevenSeasAuthorizationRequirementsACISubentry</span><span
class="err">,</span><span class="nf">o</span><span class="err">=</span><span
+<span class="nf">creatorsName</span><span class="err">:</span> <span
class="nf">cn</span><span class="err">=</span><span class="nf">Horatio</span>
<span class="nf">Nelson</span><span class="err">,</span><span class="nf">ou</span><span
class="err">=</span><span class="nf">people</span><span class="err">,</span><span
class="nf">o</span><span class="err">=</span><span class="nf">sevenSeas</span>
+<span class="nf">createTimestamp</span><span class="err">:</span>
<span class="err">20061203140109</span><span class="nf">Z</span>
+<p>Here, we see that we are connecting to the <strong>sanzibar</strong>
server, on its <strong>10389</strong> port. As we haven't provided any user, this
is an anonymous search, which should be allowed if the server accept anonymous searches.
+We then have the base <em>DN</em>, <strong>"o=sevenseas"</strong>,
the filter <strong>"(cn=James Hook)"</strong> and the scope : <strong>"sub"</strong>.
The last parameter, <strong>"+"</strong>, asks the server to return all the operational
+<p>The result is just shown as a result of the command (here, we get back one single
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html
Tue Oct 30 17:53:18 2012
@@ -126,7 +126,87 @@
 <h1 id="222-more-search-options">2.2.2 - More search options</h1>
+<p>There are many parameters we haven't explained in the previous chapter. </p>
+<h2 id="boundanonymous-searches">Bound/anonymous searches</h2>
+<p>When you send a SearchRequest to the server, you may be anonymous, or you mave have
been bound before the search is done. Binding on a server creates an <strong>LDAP</strong>
session, which stores the credentials. This is used by the authorization system to filter
the requests and the returned data, depending on the server settings.</p>
+<p>Not all the server allow an anonymous search : <em>Apache Dorectory Server</em>
default to not enabling such anonymous searches (this is for security questions).</p>
+<p>Generally speaking, users do bind before sending a search request.</p>
+<h2 id="filters">Filters</h2>
+<p>The <strong>LDAP</strong> filters can be quite complex. Although they
aren't even close to what <strong>SQL</strong> provide : there is no way you can
do a Join on a LDAP server.</p>
+<p>A filter is a set of nodes connected with operators like <strong>and</strong>,
<strong>or</strong>, <strong>not</strong>...</p>
+<p>Here is the list of possible connectors :</p>
+<div class="table-wrap">
+    <table class="confluenceTable">
+        <tbody>
+            <tr>
+                <th class="confluenceTh"> Connector </th>
+                <th class="confluenceTh"> Description </th>
+                <th class="confluenceTh"> Example </th>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> And </td>
+                <td class="confluenceTd">  All the nodes should be evaluated to true
+                <td class="confluenceTd"> (&(objectClass=person)(cn=acme)) </td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> Or </td>
+                <td class="confluenceTd"> At least one of the node should be evaluated
to true</td>
+                <td class="confluenceTd"> (|(objectClass=person)(cn=acme)) </td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> Not </td>
+                <td class="confluenceTd"> select the entries that does not evaluate
to true for this filter </td>
+                <td class="confluenceTd"> (!(objectClass=person))</td>
+            </tr>
+        </tbody>
+    </table>
+<p>Each node proceeds a check on the attributeType and value provided in the filter.
For instance, the <strong>"(o=sevenseas)"</strong> filter tells the server to
look for all teh entries whcih have an "organization" atribute with a value of <strong>"sevenseas"</strong>.
Here are the various kind of filters you can use :</p>
+<div class="table-wrap">
+    <table class="confluenceTable">
+        <tbody>
+            <tr>
+                <th class="confluenceTh">Filter</th>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> = (Equality)</td>
+            </tr>
+            <tr>
+                <td class="confluenceTd">Substring</td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> &gt;= </td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> &lt;= </td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> =* (Present) </td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> ~= (ApproxMatch)</td>
+            </tr>
+            <tr>
+                <td class="confluenceTd"> extensibleMatch </td>
+            </tr>
+        </tbody>
+    </table>
+<h2 id="scope">Scope</h2>
+<p>A Search can span across the whole <strong>DIT</strong>, or just a subset
of it. In <strong>LDAP</strong>, you can use three different scopes :</p>
+<li>OBJECT : the Object itself, none of its children</li>
+<li>ONELEVEL : all of the base direct children, but not it's children's children not
the base object</li>
+<li>SUBLEVEL : everything</li>
+<h2 id="returned-attributes">Returned attributes</h2>
+<p>A search can also list the attributes to be returned. This can be :
+<em> '</em>' for all the user attributes
+<em> '+' for all the operational attributes
+</em> a list of attributes name
+* 1.1 if we don't want the attributes values to be returned, but we want the entries' DN
that match the filter</p>
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html
Tue Oct 30 17:53:18 2012
@@ -126,7 +126,27 @@
 <h1 id="23-the-schema">2.3 - The Schema</h1>
+<p>All the data stored into a LDAP server are structured following a schema, a bit
like any DBMS. <em>Apache Directory Server</em> does have a dynamic schema : that
means you can modify the schema wihout having to restart the server.</p>
+<p>We won't describe in the basic user guide how to manage the schema, this will be
extensively described in the <em>Advanced user guide</em>, this chapter is just
a short introduction.</p>
+<h2 id="what-is-the-ldap-schema">What is the LDAP schema ?</h2>
+<p>It's a set of elements defining the data structure that can be stored in the server.
It defines the following elements :</p>
+<li>AttributeType : the type of values that can be stored in an attribute</li>
+<li>ObjectClass : the set of AttributeType that can or must be used in an entry</li>
+<li>Syntax : The syntax the values must abide to</li>
+<li>MatchingRule : The rules used to retrieve the data </li>
+<p>There are more schema elements which are not currently used in <em>Apache
Directory Server</em>.</p>
+<p>The following diagram shows all the interactions between each schema element :</p>
+<p><img alt="Schema elements interactions" src="images/schema-objects.png" /></p>
+<h2 id="how-do-we-use-it-in-apacheds">How do we use it in ApacheDS ?</h2>
+<p>The schema is everywhere in the server : each entry is controlled against the schema
when it's added or modified. The schema is a critical part of the server.</p>
+<p>The <em>Apache Directory Server</em> comes with a predefined schema,
which should fit a large part of users need. You may though need to extend it...</p>
+<p>Hopefully, the schema can be extended. This will be explained in the <em>Advanced
User Guide</em>.</p>
+<p>Enough said that you can browse the existing schema using <em>Apache Directory
Studio</em> :</p>
+<p><img alt="Open Schema Browser" src="images/open-schema-browser.png" /></p>
+<p>then you get the Schema browser :</p>
+<p><img alt="Schema Browser" src="images/schema-browser.png" /></p>
     <div class="nav">

Added: websites/staging/directory/trunk/content/apacheds/basic-ug/images/open-schema-browser.png
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/apacheds/basic-ug/images/open-schema-browser.png
    svn:mime-type = image/png

Added: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-browser.png
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-browser.png
    svn:mime-type = image/png

Added: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-objects.png
Binary file - no diff available.

Propchange: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-objects.png
    svn:mime-type = image/png

Modified: websites/staging/directory/trunk/content/apacheds/basic-users-guide.html
--- websites/staging/directory/trunk/content/apacheds/basic-users-guide.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-users-guide.html Tue Oct 30 17:53:18
@@ -132,8 +132,6 @@
 <li><a href="basic-ug/2.1-data-modification.html">2.1 - Data modification</a><ul>
 <li><a href="basic-ug/2.1.1-adding-data.html">2.1.1 - Adding Entries</a></li>
 <li><a href="basic-ug/2.1.2-deleting-data.html">2.1.2 - Deleting Entries</a></li>
-<li><a href="basic-ug/2.1.3-modifying-data.html">2.1.3 - Modifying Entries</a></li>
-<li><a href="basic-ug/2.1.4-moving-data.html">2.1.4 - Moving Entries</a></li>
 <li><a href="basic-ug/2.2-searching-data.html">2.2 - Searching Data</a><ul>

View raw message