Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@directory.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1405769 - in /directory/site/trunk/content/apacheds:
 advanced-ug/1-architecture.mdtext advanced-ug/1.6-admin-model.mdtext
 advanced-ug/2-server-config.mdtext advanced-ug/3-admin-model.mdtext
 advanced-users-guide.mdtext
Date: Mon, 05 Nov 2012 12:21:08 -0000
To: commits@directory.apache.org
From: elecharny@apache.org
Message-Id: <20121105122109.085BF23888E4@eris.apache.org>

Author: elecharny
Date: Mon Nov  5 12:21:08 2012
New Revision: 1405769

URL: http://svn.apache.org/viewvc?rev=1405769&view=rev
Log:
Added some new pages

Added:
    directory/site/trunk/content/apacheds/advanced-ug/2-server-config.mdtext
    directory/site/trunk/content/apacheds/advanced-ug/3-admin-model.mdtext
Removed:
    directory/site/trunk/content/apacheds/advanced-ug/1.6-admin-model.mdtext
Modified:
    directory/site/trunk/content/apacheds/advanced-ug/1-architecture.mdtext
    directory/site/trunk/content/apacheds/advanced-users-guide.mdtext

Modified: directory/site/trunk/content/apacheds/advanced-ug/1-architecture.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/1-architecture.mdtext?rev=1405769&r1=1405768&r2=1405769&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/1-architecture.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/1-architecture.mdtext Mon Nov  5 12:21:08 2012
@@ -1,8 +1,8 @@
 Title: 1 - Architecture
 NavPrev: 0-community.html
 NavPrevText: 0 - Community
-NavUp: 0-community.html
-NavUpText: 0 - Community
+NavUp: ../advanced-users-guide.html
+NavUpText: Advanced User Guide
 NavNext: 2-server-config.html
 NavNextText: 2 - Server Configuration
 Notice: Licensed to the Apache Software Foundation (ASF) under one
@@ -33,4 +33,3 @@ We will now describe the server architec
 * [1.3 - Interceptors](1.3-interceptors.html)
 * [1.4 - Backend](1.4-backend.html)
 * [1.5 - SchemaManager](1.5-schema-manager.html)
-* [1.6 - Administrative Model](1.6-admin-model.html)

Added: directory/site/trunk/content/apacheds/advanced-ug/2-server-config.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/2-server-config.mdtext?rev=1405769&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/2-server-config.mdtext (added)
+++ directory/site/trunk/content/apacheds/advanced-ug/2-server-config.mdtext Mon Nov  5 12:21:08 2012
@@ -0,0 +1,228 @@
+Title: 2 - Server Configuration
+NavPrev: 1-architecture.html
+NavPrevText: 1 - Architecture
+NavUp: ../advanced-users-guide.html
+NavUpText: Advanced User Guide
+NavNext: 3-admin-model.html
+NavNextText: 4 - Administrative Model
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+# 2 - Server Configuraion
+
+We will now describe the server configuration. Usually, all the configuration is done using Apache Directory Studio, which offers a pretty GUI. One can also configure the server using LDAP request, as the configuration is stored in teh **DIT**. Otherwise, all the configuration modifications won't be applied on a started server : usually, you will have to restart the server in order to get those modifications applied.
+
+## Configurable elements
+
+Here is the list of elements that can be configuraed :
+
+* AdsBean
+	* boolean enabled
+	* String description
+
+* DirectryServiceBean -> AdsBean
+	* String directoryServiceId
+	* int dsReplicaId
+	* boolean dsAccessControlEnabled
+	* boolean dsAllowAnonymousAccess
+	* boolean dsDenormalizeOpAttrsEnabled
+	* int dsMaxPDUSize
+	* boolean dsPasswordHidden
+	* long dsSyncPeriodMillis
+	* String dsTestEntries
+	* ChangeLogBean
+	* JournalBean
+	* List<ServerBean>
+	* List<InterceptorBean>
+	* List<PartitionBean>
+		
+* ChangeLogBean -> AdsBean
+	* String changeLogId
+	* boolean changeLogExposed
+	
+* JournalBean -> AdsBean
+	* String journalId
+	* String journalFileName
+	* String journalWorkingDir
+	* int journalRotation
+	
+* ServerBean -> AdsBean
+	* String serverId
+	* List<TransportBean>
+	
+* TransportBean -> AdsBean
+	* String transportId
+	* String transportAddress
+	* int systemPort
+	* boolean transportEnableSsl
+	* int transportNbThreads
+	* int transportBackLog
+	
+* TcpTransportBean -> AdsBean
+
+* UdpTransportBean -> AdsBean
+	
+* NtpServerBean -> ServerBean
+
+* HttpServerBean -> ServerBean
+	* String httpConfFile
+	* List<HttpWebAppBean>
+		
+* HttpWebAppBean -> AdsBaseBean
+	* String id
+	* String httpAppCtxPath
+	* String httpWarFile
+	
+* DSBasedServerBean -> ServerBean
+	* Dn searchBaseDn
+
+* ChangePasswordServerBean -> DSBasedServerBean
+	* long krbAllowableClockSkew
+	* boolean krbEmptyAddressesAllowed
+	* List<String> krbEncryptionTypes
+	* String krbPrimaryRealm
+	* int chgPwdPolicyCategoryCount
+	* int chgPwdPolicyPasswordLength
+	* int chgPwdPolicyTokenSize
+	* String chgPwdServicePrincipal
+	
+* DhcpServerBean -> DSBasedServerBean
+
+* DnsServerBean -> DSBasedServerBean
+	
+* KdcServerBean -> DSBasedServerBean
+	* long krbAllowableClockSkew
+	* boolean krbEmptyAddressesAllowed
+	* boolean krbForwardableAllowed
+	* boolean krbPAEncTimestampRequired
+	* boolean krbPostdatedAllowed
+	* boolean krbProxiableAllowed
+	* boolean krbRenewableAllowed
+	* long krbMaximumRenewableLifetime
+	* long krbMaximumTicketLifetime
+	* String krbPrimaryRealm
+	* boolean krbBodyChecksumVerified
+	* List<String> krbEncryptionTypes
+	* String krbKdcPrincipal
+	
+* LdapServerBean -> DSBasedServerBean
+	* boolean confidentialityRequired
+	* int maxSizeLimit
+	* int maxTimeLimit
+	* int saslHost
+	* String saslPrincipal
+	* List<String> saslRealms
+	* String keystoreFile
+	* String certificatePassword
+	* String replReqHandler
+	* List<ReplConsumerBean>
+	* List<SaslMechHandlerBean>
+	* List<ExtendedOpHandlerBean>
+	
+* ReplConsumerBean -> AdsBaseBean
+	* String replConsumerId
+	* String searchBaseDn
+	* String replProvHostName
+	* int replProvPort
+	* String replAliasDerefMode
+	* List<String> replAttributes
+	* long replRefreshInterval
+	* boolean replRefreshNPersist
+	* String replSearchScope
+	* String replSearchFilter
+	* int replSearchSizeLimit
+	* int replSearchTimeout
+	* String replUserDn
+	* byte[] replUserPassword
+	* String replCookie
+	* boolean replUseTls
+	* boolean replStrictCertValidation
+	* byte[] replPeerCertificate
+	* String replConsumerImpl
+	
+* SaslMechHandlerBean -> AdsBaseBean
+	* String saslMechName
+	* String saslMechClassName
+	* String ntlmMechProvider
+	
+* ExtendedOpHandlerBean -> AdsBaseBean
+	* String extendedOpId
+	* String extendedOpHandlerClass
+	
+* InterceptorBean -> AdsBean
+	* String interceptorId
+	* String interceptorClassName
+	* int interceptorOrder
+	
+* AuthenticationInterceptorBean -> InterceptorBean
+	* List<AuthenticatorBean>
+	* List<PasswordPolicyBean>
+	
+* AuthenticatorBean -> AdsBean
+	* String authenticatorId
+	
+* AuthenticatorImplBean -> AuthenticatorBean
+	* String authenticatorClass
+	
+* DelegatingAuthenticatorBean -> AuthenticatorBean
+	* String delegateHost
+	* int delegatePort
+	
+* PasswordPolicyBean -> AdsBean
+	* String pwdId
+	* String pwdAttribute
+	* int pwdMinAge
+	* int pwdMaxAge
+	* int pwdInHistory
+	* int pwdCheckQuality
+	* int pwdMinLength
+	* int pwdMaxLength
+	* int pwdExpireWarning
+	* int pwdGraceAuthNLimit
+	* int pwdGraceExpire
+	* boolean pwdLockout
+	* int pwdLockoutDuration
+	* int pwdMaxFailure
+	* int pwdFailureCountInterval
+	* boolean pwdMustChange
+	* boolean pwdAllowUserChange
+	* boolean pwdSafeModify
+	* int pwdMinDelay
+	* int pwdMaxDelay
+	* int pwdMaxIdle
+	
+* PartitionBean -> AdsBean
+	* int  partitionId
+	* Dn partitionSuffix
+	* boolean partitionSyncOnWrite
+	* int  contextEntry
+	* List<IndexBean>
+		
+* JdbmPartitionBean -> PartitionBean
+	* int partitionCacheSize
+	* boolean jdbmPartitionOptimizerEnabled	
+	
+* IndexBean -> AdsBean
+	* int indexAttributeId
+	* boolean indexHasReverse
+	
+* JdbmIndexBean -> IndexBean
+	* int indexCacheSize
+	* int indexNumDupLimit
+	* String indexFileName
+	* String indexWorkingDir
+

Added: directory/site/trunk/content/apacheds/advanced-ug/3-admin-model.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/3-admin-model.mdtext?rev=1405769&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/3-admin-model.mdtext (added)
+++ directory/site/trunk/content/apacheds/advanced-ug/3-admin-model.mdtext Mon Nov  5 12:21:08 2012
@@ -0,0 +1,87 @@
+Title: 3 - Administrative Model
+NavPrev: 2-server-config.html
+NavPrevText: 2 - Server Configuration
+NavUp: ../advanced-users-guide.html
+NavUpText: Advanced User Guide
+NavNext: 4-.html
+NavNextText: 4 - 
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+# 3 - Administrative Model
+
+The **Administrative Model** is a really critical notion that need to be understood, because it drives many of ApacheDS roles.
+
+It's directly inherited by the **X.500** Administrative model (in fact, we do implement the full **X.500** sepcification related to **AAs**).
+
+## What is the Administrative Model ?
+
+The idea is to define the **DIT** as some areas which are administrated. Each area can be defined, and covers a set of entries, and each area can manage one ore more roles we want to manage. Those roles can be related to authorization, schema, etc... Each of this areas can overlap, but in any case, if two areas are overlaping, then one area totally include the other one. 
+
+The Admnistrative Model is everything we need to implement in order to be able to manage roles on some defined areas.
+
+## Areas
+
+An Area describe a part of the **DIT** which will start from a specific entry, and span across a part of the subtree starting at the base entry. An area is administrated by an **AP** (Administrative Point) which holds all the needed information about the area and the roles.
+
+We have three kind of areas :
+
+* AAA : Autonomous Administrative Areas
+* SAA : Specific Administrative Areas
+* IAA : Inner Administrative Areas
+
+**AAAs** cover all the roles as if we have declared one **SAA** for each existing role. They overload any area in which they can be encapsulated, hiding them.
+
+**SAAs** cover one specific role, and overload any encapsulating area with the same role.
+
+**IAAs** cover one specific role, but don't not overload any encapsulating area with the same role.
+
+## Administration Point
+
+An **Administration Point** is the point in the **DIT** where an area starts. It defines the roles, and the scope that applies to this area.
+
+Once we know which area we need to define, and the associated roles, it's mandatory to store those information in the **DIT**. This is done by addinga **subentries**, which just are entries storing all the administrative configuration.
+
+An Administrative Point is stored as a **subentry** (which is just a plain LDAP entry) just below the base of the defined area.
+
+<DIV class="info" markdown="1">
+	A **Subentry** is just a plain normal entry except that it contains administative model informations. They are stored below the entry they are managing, as a child entry.
+</DIV>
+
+<DIV class="note" markdown="1">
+	We also use the term "subtree" to define areas. This is due to the fact that we define a subtree specification in the administration point to express the set of selected entries.
+</DIV>
+
+## Roles
+
+The roles are the various aspects which are managed by the administration points. Currently, we manage five different roles in ApacheDS :
+
+* Authorization : manage the access to entries
+* Schema : define the schema to be used by a subtree
+* Triggers : define the triggers that can be leveraged in a subtree
+* Collective Attributes : manage attributes that are valid ofr a set of entries
+* Replication : manage the replication of a set
+
+# ApacheDS 2.0 coverage
+
+Currently, in Apache 2.0, we don't implement all this model. What is supported is :
+
+* AAA and SAA : We don't currently support IAA
+* We don't have more than one schema
+* Replication is not managed with any administration point
+
+Those missing parts will be implemented in the forthcoming versions.

Modified: directory/site/trunk/content/apacheds/advanced-users-guide.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-users-guide.mdtext?rev=1405769&r1=1405768&r2=1405769&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-users-guide.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-users-guide.mdtext Mon Nov  5 12:21:08 2012
@@ -31,9 +31,12 @@ This guide get you a deep further into A
     * [1.3 - Interceptors]()
 	* [1.4 - Backend]()
 	* [1.5 - SchemaManager]()
-    * [1.6 - The Administrative Model]()
 * [2. Server Configuration]()
 	* [2.1 Introduction]()
+* [3. Administrative Model]()
+	* [3.1 - Administration Point]()
+	* [3.2 - roles]()
+	* [3.3 - subtree]()
 * [3 - Authentication]()
 	* [3.1. SASL Authentication to ApacheDS]()
 	* [3.2. HOWTO do SASL GSSAPI Authentication to ApacheDS]()