directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1483912 - in /directory/site/trunk/content/apacheds: advanced-ug/4.2-authorization.mdtext advanced-ug/4.2.7-using-acis-trail.mdtext advanced-ug/4.2.7.2-allow-self-password-modify.mdtext basic-ug/1.3-installing-and-starting.mdtext
Date Fri, 17 May 2013 16:56:45 GMT
Author: elecharny
Date: Fri May 17 16:56:44 2013
New Revision: 1483912

URL: http://svn.apache.org/r1483912
Log:
Added a page, fixed some broken links

Added:
    directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext
Modified:
    directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext
    directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext
    directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext

Modified: directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext?rev=1483912&r1=1483911&r2=1483912&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext Fri May 17
16:56:44 2013
@@ -74,8 +74,8 @@ time.
 
 | Trail | Description |
 |---|---|
-| [EnableSearchForAllUsers](enablesearchforallusers.html) | Enabling access to browse and
read all entries and their attributes by authenticated users. |
-| DenySubentryAccess (TBW) | Protecting access to subentries themselves. |
-| [AllowSelfPasswordModify](allowselfpasswordmodify.html) | Granting users the rights needed
to change their own passwords. |
+| DenySubentryAccess (TBW) | Protecting access to subentries themselves. || Enabling access
to browse and read all entries and their attributes by authenticated users. |
+| Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html) | Granting users the
rights needed to change their own passwords. |
 | GrantAddDelModToGroup (TBW) | Granting add, delete, and modify permissions to a group of
users. |
 | GrantModToEntry (TBW) | Applying ACI to a single entry. |
+| Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html)


Modified: directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext?rev=1483912&r1=1483911&r2=1483912&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext Fri May
17 16:56:44 2013
@@ -27,4 +27,5 @@ Notice: Licensed to the Apache Software 
 ## Chapter content
 
 * [4.2.7.1 - Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html)
+* [4.2.7.2 - Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html)
 

Added: directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext?rev=1483912&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext
(added)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext
Fri May 17 16:56:44 2013
@@ -0,0 +1,52 @@
+Title: 4.2.7.2 - Allow Self Password Modify
+NavPrev: 4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html
+NavPrevText: 4.2.7.1 - Enable Authenticated Users to Browse and Read Entries
+NavUp: 4.2.7-using-acis-trail.html
+NavUpText: 4.2.7 Using ACIs trail
+NavNext: 4.2.7.3-.html
+NavNextText: 4.2.7.3 - 
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+# 4.2.7.2 - Allow Self Password Modify
+
+We will  now configure the system to allow anyone to modify his/her own password :
+
+    :::text
+    {
+      identificationTag "allowSelfAccessAndModification",
+      precedence 14,
+      authenticationLevel none,
+      itemOrUserFirst userFirst: 
+      {
+        userClasses { thisEntry },
+        userPermissions 
+        { 
+          { protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead
} },
+          { protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd,
grantRemove } }
+        } 
+      } 
+    }
+
+## Commentary
+
+Note that two different user permissions are used to accurately specify self access and self
modification of the **userPassword** attribute within the entry.  So with the first userPermission
of this ACI a user would be able to read all attributes and values within his/her entry. 
They also have the ability to modify the entry but this is moot since they cannot add, remove
or replace any attributes within their entry.  The second user permission completes the picture
by granting add and remove permissions to all values of userPassword.  This means the user
can replace the password.
+
+<DIV class="warning" markdown="1">
+**grantAdd + grantRemove = grantReplace**
+Modify operations either add, remove or replace attributes and their values in LDAP.  X.500
seems to have overlooked the replace capability.  Hence there is no such thing as a *grantReplace*
permission.  However grantAdd and grantDelete on an attribute and its values are both required
for a replace operation to take place. 
+</DIV>

Modified: directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext?rev=1483912&r1=1483911&r2=1483912&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext (original)
+++ directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext Fri
May 17 16:56:44 2013
@@ -123,4 +123,4 @@ and stop it with :
 
 ## Installation on Linux and Solaris
 
-The installation for different installers is described on the [Apache Directory Server 2.0
Downloads](http://directory.apache.org/apacheds/2.0/downloads.html) page.
+The installation for different installers is described on the [Apache Directory Server 2.0
Downloads](http://directory.apache.org/apacheds/downloads.html) page.



Mime
View raw message