From commits-return-36681-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Fri May 17 16:57:12 2013 Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D449FD411 for ; Fri, 17 May 2013 16:57:12 +0000 (UTC) Received: (qmail 68715 invoked by uid 500); 17 May 2013 16:57:13 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 68651 invoked by uid 500); 17 May 2013 16:57:13 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 68643 invoked by uid 99); 17 May 2013 16:57:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 May 2013 16:57:13 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 17 May 2013 16:57:11 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5394023889F1 for ; Fri, 17 May 2013 16:56:51 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r862279 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/ apacheds/basic-ug/ Date: Fri, 17 May 2013 16:56:51 -0000 To: commits@directory.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130517165651.5394023889F1@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: buildbot Date: Fri May 17 16:56:50 2013 New Revision: 862279 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Fri May 17 16:56:50 2013 @@ -1 +1 @@ -1483896 +1483912 Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html (original) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html Fri May 17 16:56:50 2013 @@ -188,15 +188,11 @@ time.

-EnableSearchForAllUsers -Enabling access to browse and read all entries and their attributes by authenticated users. - - DenySubentryAccess (TBW) Protecting access to subentries themselves. -AllowSelfPasswordModify +Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html) Granting users the rights needed to change their own passwords. @@ -207,6 +203,10 @@ time.

GrantModToEntry (TBW) Applying ACI to a single entry. + +Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html) + + Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html (original) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html Fri May 17 16:56:50 2013 @@ -141,6 +141,7 @@

Chapter content

Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html (added) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html Fri May 17 16:56:50 2013 @@ -0,0 +1,195 @@ + + + + + 4.2.7.2 - Allow Self Password Modify — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

4.2.7.2 - Allow Self Password Modify

+

We will now configure the system to allow anyone to modify his/her own password :

+
{
+  identificationTag "allowSelfAccessAndModification",
+  precedence 14,
+  authenticationLevel none,
+  itemOrUserFirst userFirst: 
+  {
+    userClasses { thisEntry },
+    userPermissions 
+    { 
+      { protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } },
+      { protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } }
+    } 
+  } 
+}
+
+ + +

Commentary

+

Note that two different user permissions are used to accurately specify self access and self modification of the userPassword attribute within the entry. So with the first userPermission of this ACI a user would be able to read all attributes and values within his/her entry. They also have the ability to modify the entry but this is moot since they cannot add, remove or replace any attributes within their entry. The second user permission completes the picture by granting add and remove permissions to all values of userPassword. This means the user can replace the password.

+

+grantAdd + grantRemove = grantReplace +Modify operations either add, remove or replace attributes and their values in LDAP. X.500 seems to have overlooked the replace capability. Hence there is no such thing as a grantReplace permission. However grantAdd and grantDelete on an attribute and its values are both required for a replace operation to take place. +

+ + + + + +
+
+
+ +
+ + \ No newline at end of file Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html (original) +++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html Fri May 17 16:56:50 2013 @@ -234,7 +234,7 @@

and stop it with :

sudo launchctl stop org.apache.directory.server

Installation on Linux and Solaris

-

The installation for different installers is described on the Apache Directory Server 2.0 Downloads page.

+

The installation for different installers is described on the Apache Directory Server 2.0 Downloads page.