directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r843046 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/
Date Wed, 19 Dec 2012 03:34:17 GMT
Author: buildbot
Date: Wed Dec 19 03:34:16 2012
New Revision: 843046

Log:
Staging update by buildbot for directory

Added:
    websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html
Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html
    websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html
    websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed Dec 19 03:34:16 2012
@@ -1 +1 @@
-1422981
+1423751

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html Wed
Dec 19 03:34:16 2012
@@ -119,7 +119,7 @@
         </div>
         <div class="nav_next">
         
-            <a href="3-admin-model.html">4 - Administrative Model</a>
+            <a href="3-admin-model.html">3 - Administrative Model</a>
 		
         </div>
         <div class="clearfix"></div>
@@ -703,7 +703,7 @@
         </div>
         <div class="nav_next">
         
-            <a href="3-admin-model.html">4 - Administrative Model</a>
+            <a href="3-admin-model.html">3 - Administrative Model</a>
 		
         </div>
         <div class="clearfix"></div>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html Wed Dec
19 03:34:16 2012
@@ -173,6 +173,7 @@
 <h2 id="chapter-content">Chapter content</h2>
 <ul>
 <li><a href="3.1-administrative-points.html">3.1 - Administrative Points</a></li>
+<li><a href="3.2-operations-on-an-administrativepoint.html">3.2 - Operations
on an Administrative Point</a></li>
 </ul>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html
(original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html
Wed Dec 19 03:34:16 2012
@@ -114,19 +114,18 @@
         </div>
         <div class="nav_up">
         
-            <a href="../3-admin-model.html">Administrative Model</a>
+            <a href="3-admin-model.html">3 - Administrative Model</a>
 		
         </div>
         <div class="nav_next">
         
-            <a href="4-.html">4 -</a>
+            <a href="3.2-operations-on-an-administrativepoint.html">3.2 Operations
on an a Administrative Point</a>
 		
         </div>
         <div class="clearfix"></div>
     </div>
 
 
-<p><a name="3.1.Administrativepoints-Introduction"></a></p>
 <h1 id="introduction">Introduction</h1>
 <p>An <em>Administrative Point</em> is an entry which is defining a starting
point
 from which some of the four existing administrative roles will span. It's
@@ -145,7 +144,6 @@ on which they are active. These scopes (
 role the Subentry is defined for.</p>
 <p>The schema shows the relation between the <em>AP</em> and one <em>SubEntry</em>
:</p>
 <p><img alt="subentry" src="images/subentry.png" /></p>
-<p><a name="3.1.Administrativepoints-AdministrativePoint"></a></p>
 <h2 id="administrative-point">Administrative Point</h2>
 <p>We will describe the types of Administrative Points we are managing and the
 way they impact their associated Administrative Areas (<em>AA</em>)</p>
@@ -168,14 +166,12 @@ but the one covered by the new <em>SAP</
 <em> An </em>IAP<em> <em>must</em> be included into another
</em>AP<em>, being it an </em>AAP<em>, </em>SAP<em>
 or </em>IAP<em>. It controls a specific aspect too, as for the </em>SAP<em>,
but it will
 be combined with any of the above </em>AP*.</p>
-<p><a name="3.1.Administrativepoints-Roles"></a></p>
 <h2 id="roles">Roles</h2>
 <p><em>AP</em> are managing some administrative aspect, defined by a role
:
 <em> ACI : Manage the access control
 </em> CollectiveAttribute : Manage the collective attributes
 <em> SubSchema (not handled atm) 
 </em> TriggrExecution : Manage the execution of stored procedures</p>
-<p><a name="3.1.Administrativepoints-Subentry"></a></p>
 <h1 id="subentry">Subentry</h1>
 <p>Once we have defined an <em>AP</em>, we can add some <em>subentries</em>
which contain
 the description of the administrative actions, including :
@@ -249,12 +245,12 @@ starting from the AdministrativePoint en
         </div>
         <div class="nav_up">
         
-            <a href="../3-admin-model.html">Administrative Model</a>
+            <a href="3-admin-model.html">3 - Administrative Model</a>
 		
         </div>
         <div class="nav_next">
         
-            <a href="4-.html">4 -</a>
+            <a href="3.2-operations-on-an-administrativepoint.html">3.2 Operations
on an a Administrative Point</a>
 		
         </div>
         <div class="clearfix"></div>

Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html
(added)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html
Wed Dec 19 03:34:16 2012
@@ -0,0 +1,287 @@
+<!DOCTYPE html>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+-->
+<html>
+	<head>
+		<title>3.2 Operations on an Administrative Point &mdash; Apache Directory</title>
+		
+        <link href="./../../css/common.css" rel="stylesheet" type="text/css">
+    	<link href="./../../css/green.css" rel="stylesheet" type="text/css">
+    
+	</head>
+	<body>
+	    <div id="container">
+            <div id="header">
+                <div id="subProjectsNavBar">
+                    <a href="./../../">
+                        
+                        Apache Directory Project
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../apacheds">
+                        
+                        <STRONG>ApacheDS</STRONG>
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../studio">
+                        
+                        Apache Directory Studio
+                        
+                    </a>
+                    &nbsp;|&nbsp;
+                    <a href="./../../api">
+                        
+                        Apache LDAP API
+                        
+                    </a>
+                </div><!-- subProjectsNavBar -->
+            </div><!-- header -->
+            <div id="content">
+                <div id="leftColumn">
+                    
+<div id="navigation">
+    
+    <h5>ApacheDS 2.0</h5>
+    <ul>
+        <li><a href="./../../apacheds/">Home</a></li>
+        <li><a href="./../../apacheds/features.html">Features</a></li>
+    </ul>
+    <h5>Downloads</h5>
+    <ul>
+        <li><a href="./../../apacheds/downloads.html">ApacheDS 2.0.0-M8</a>&nbsp;&nbsp;<img
src="./../../images/new_badge.gif" alt="" style="margin- bottom:- 3px;" border="0"></li>
+        <li><a href="./../../apacheds/download-old-versions.html">Older versions</a></li>
+    </ul>
+    <h5>Documentation</h5>
+    <ul>
+        <li><a href="./../../apacheds/basic-users-guide.html">Basic User's Guide
</a></li>
+        <li><a href="./../../apacheds/advanced-users-guide.html">Advanced User's
Guide</a></li>
+        <li><a href="./../../apacheds/developers-guide.html">Developer's Guide</a></li>
+        <li><a href="./../../apacheds/configuration/ads-2.0-configuration.html">Configuration</a></li>
+            <!--li><a href="./../../apacheds/gen-docs/latest">Generated Reports
(e.g. JavaDocs)</a></li-->
+    </ul>
+    
+    
+    <h5>Support</h5>
+    <ul>
+        <li><a href="./../../mailing-lists-and-irc.html">Mailing Lists &amp;
IRC</a></li>
+        <li><a href="./../../sources.html">Sources</a></li>
+        <li><a href="./../../issue-tracking.html">Issue Tracking</a></li>
+        <li><a href="./../../commercial-support.html">Commercial Support</a></li>
+    </ul>
+    <h5>Community</h5>
+    <ul>
+        <li><a href="./../../contribute.html">How to Contribute</a></li>
+        <li><a href="./../../team.html">Team</a></li>
+        <li><a href="./../../original-project-proposal.html">Original Project
Proposal</a></li>
+        <li><a href="./../../special-thanks.html" class="external-link" rel="nofollow">Special
Thanks</a></li>
+    </ul>
+    <h5>About Apache</h5>
+    <ul>
+        <li><a href="http://www.apache.org/">Apache</a></li>
+        <li><a href="http://www.apache.org/licenses/">License</a></li>
+        <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+        <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+        <li><a href="http://www.apache.org/security/">Security</a></li>
+    </ul>
+    
+</div><!-- navigation -->
+
+                </div><!-- leftColumn -->
+                <div id="rightColumn">
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="3.1-administrative-points.html">3.1 - Administrative Points</a>
+		
+        </div>
+        <div class="nav_up">
+        
+            <a href="../3-admin-model.html">Administrative Model</a>
+		
+        </div>
+        <div class="nav_next">
+        
+            <a href="4-.html">4 -</a>
+		
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+<h1 id="operations">Operations</h1>
+<p>There are six kind of operations we can have on an AdministrativePoint :
+- creating a new AP
+- removing an existing AP
+- modifying an existing AP by adding or removing a role
+- renaming an AP
+- moving an AP
+- renaming or moving an AP</p>
+<p>Renaming an AP has no impact on the administrative model, as we don't point
+(internally) on the entry's DN, but on its UUID, so the last three
+operations can be gathered into one single Move operation.</p>
+<p>Also note that any modification made on an entry's AdminsitrativeRole may
+have an impact on all it's descendants and ascendants (this is true for the
+Modify and Move operation)</p>
+<h2 id="adding-an-ap-entry">Adding an AP entry</h2>
+<p>This seems to be a simple operation, however many checks have to be done in
+order to not break the existing Administrative model. </p>
+<p>First of all, we have to check that the added entry contains the
+AdministrativeRole attributeType, and that this role is not empty. As we
+don't have any semantic control for this AT (the attached syntax is just
+expecting the values to be Strings), we have to do those checks in the
+AdminInterceptor.</p>
+<p>Here are the checks we must provide :
+<em> the AdministrativeRole AT must have values
+</em> those values must be roles (ie one of the 4 possible specific area roles,
+or one of the 3 inner area roles, or the autonomous area role)
+<em> there should not be duplicated
+</em> we can't have an AAP with any other role
+* we can't have an IAP and an SAP for the same role</p>
+<p>Once those basic checks done, we also have to check that the roles
+hierarchy will remain consistent after the addition, ie :
+* if an IAP is added, it must have a parent AAP or at least a parent SAP
+for the same role</p>
+<p>If all those checks are ok, we can add the entry into the base, and update
+the AP cache</p>
+<h2 id="deleting-an-ap-entry">Deleting an AP entry</h2>
+<p>This operation is way simpler, as we can't delete an entry if it has some
+children, so there is no need to check that the administrative model is
+consistent.</p>
+<p>We just have to remove the entry and update the AP cache</p>
+<h2 id="modifying-an-ap-entry">Modifying an AP entry</h2>
+<p>This is way more complex. We can have five kind of modification here :
+<em> addition of roles
+</em> deletion of roles
+<em> replacement of roles
+</em> creation of a new AdministrativeRole attribute
+* removing of an existing AdministrativeRole attribute</p>
+<p>The three first modifications can imply more than one role. We have to deal
+with each of those modifications one by one.</p>
+<h3 id="addition-of-roles">Addition of roles</h3>
+<p>For this modification, we will have to check for each of the roles the very
+same elements than for the Add operation above :
+<em> if the entry does not have an AdministrativeRole AT, we have to create it
+</em> we must have at least one value
+<em> the role must be syntaxicaly correct
+</em> it should not already exist into the attribute
+<em> we can't add it if we already have an AAP role
+</em> we can't add it if it's an IAP and a SAP with the same role exists
+* if it's an IAP, it must have a parent AAP or SAP with the same role</p>
+<p>If all of those checks are ok, we can update the AP cache, which must be
+cloned, otherwise we may have to rollback the operation if any of the
+following modification fails.</p>
+<h3 id="removing-of-roles">Removing of roles</h3>
+<p>First, if there is no value for this modification, then that means we must
+delete the Attribute. This case will be analyzed later.
+For each of the role to remove, we have to apply those checks :
+<em> the role must be syntaxicaly correct
+</em> it must already exist into the attribute
+* we can't remove an AAP or a SAP if there is a direct IAP in one of its
+direct descendant (ie, if we have a SAP or an AAP while descending into the
+tree, we can stop checking the branch)</p>
+<p>Now, if there are no values, we have to get the existing roles and apply he
+same checks</p>
+<p>If everything is fine, we can remove the roles from the attribute.</p>
+<h3 id="replacing-roles">Replacing roles</h3>
+<p>This kind of modifications are not currently supported</p>
+<h2 id="moving-an-ap">Moving an AP</h2>
+<p>As we move the entry, we may induce some inconsistencies in the AP tree. </p>
+<p>The problem we might have is that if we move an entry having an IAP in a
+place where this role has no parent AAP or parent SAP with the same role,
+then the AdministrativeModel tree will be inconsistent. We have to check
+this.</p>
+<h1 id="impact-on-the-existing-entries">Impact on the existing entries</h1>
+<p>When we add or remove a role in a server, it may have a huge impact on the
+existing entries, as soon as those roles are associated with some
+subtreeSpecification which defines a set of contained entries. If we remove
+such a role, all the entries pertaining to the associated area have to be
+updated.</p>
+<p>It's the same thing if we add a SAP or a AAP, as all the children entries
+which were depending on a higher AP will be modified either.</p>
+<p>In any case, we don't even need to define a SubtreeSpecification, as soon
+as an AAP or SAP is created, it excludes all the children entries from any
+other higher AP areas.</p>
+<h2 id="adding-a-role">Adding a Role</h2>
+<p>Whatever the way we used to add a role (add an entry, modify an existing
+one), there are one thing we have to do depending on the kind of role we
+added. Of course, we stop modifying entries when another lower SAP or AAP
+is defined.</p>
+<h3 id="adding-an-aap">Adding an AAP</h3>
+<p>All the children which were pointing to any higher IAP, SAP or AAP will be
+dereferenced. If a subtree specification is added under the newly added
+AAP, then all the associated entries will be updated.</p>
+<h3 id="adding-a-sap">Adding a SAP</h3>
+<p>All the children which were pointing to any higher IAP or SAP with the same
+type of role, or an AAP, will be dereferenced (of course, only for the
+added type of role, the other references will remain). If a subtree
+specification is added under the newly added SAP, then all the associated
+entries will be updated.</p>
+<h3 id="adding-an-iap">Adding an IAP</h3>
+<p>All the children which were pointing to any higher IAP with the same type
+of role will be dereferenced, and will now point to this newly added IAP.
+All the children which were pointing on a SAP with the same role, or an
+AAP, will be modified to also point on the newly added IAP.</p>
+<h2 id="removing-a-role">Removing a role</h2>
+<p>Depending on the kind of role we removed, we will have to update the
+entries accordingly.</p>
+<h3 id="removing-an-aap">Removing an AAP</h3>
+<p>All the entries referencing the removed AAP will be updated, and will now
+reference the inherited AAP, SAP and IAP (if any). If there is some higher
+IAP, we will also reference it.</p>
+<h3 id="removing-a-sap">Removing a SAP</h3>
+<p>All the entries referencing the removed SAP will be updated, and will now
+reference either the parent AAP or the parent SAP with the same role, if
+any. We will also reference an IAP with the same role if we have some
+higher in the hierarchy.</p>
+<h3 id="removing-an-iap">Removing an IAP</h3>
+<p>All the entries referencing the removed IAP will be updated. There is
+nothing else to do.</p>
+
+
+    <div class="nav">
+        <div class="nav_prev">
+        
+            <a href="3.1-administrative-points.html">3.1 - Administrative Points</a>
+		
+        </div>
+        <div class="nav_up">
+        
+            <a href="../3-admin-model.html">Administrative Model</a>
+		
+        </div>
+        <div class="nav_next">
+        
+            <a href="4-.html">4 -</a>
+		
+        </div>
+        <div class="clearfix"></div>
+    </div>
+
+
+                </div><!-- rightColumn -->
+                <div id="endContent"></div>
+            </div><!-- content -->
+            <div id="footer">&copy; 2003-2012, <a href="http://www.apache.org">The
Apache Software Foundation</a> - <a href="./../../privacy-policy.html">Privacy
Policy</a><br />
+                Apache Directory, ApacheDS, Apache Directory Server, Apache Directory Studio,
Apache LDAP API, Apache Triplesec, Triplesec, Apache, the Apache feather logo, and the Apache
Directory project logos are trademarks of The Apache Software Foundation.
+            </div>
+        </div><!-- container -->
+    </body>
+</html>
\ No newline at end of file



Mime
View raw message