Author: buildbot Date: Fri May 17 16:56:50 2013 New Revision: 862279 Log: Staging update by buildbot for directory Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Fri May 17 16:56:50 2013 @@ -1 +1 @@ -1483896 +1483912 Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html (original) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html Fri May 17 16:56:50 2013 @@ -188,15 +188,11 @@ time.

-EnableSearchForAllUsers -Enabling access to browse and read all entries and their attributes by authenticated users. - - DenySubentryAccess (TBW) Protecting access to subentries themselves. -AllowSelfPasswordModify +Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html) Granting users the rights needed to change their own passwords. @@ -207,6 +203,10 @@ time.

GrantModToEntry (TBW) Applying ACI to a single entry. + +Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html) + + Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html (original) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.html Fri May 17 16:56:50 2013 @@ -141,6 +141,7 @@

Chapter content

Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html (added) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html Fri May 17 16:56:50 2013 @@ -0,0 +1,195 @@ + + + + + 4.2.7.2 - Allow Self Password Modify — Apache Directory + + + + + + + + + + + + +
+ +
+
+ + + +
+
+ + + + + +

4.2.7.2 - Allow Self Password Modify

+

We will now configure the system to allow anyone to modify his/her own password :

+
{
+  identificationTag "allowSelfAccessAndModification",
+  precedence 14,
+  authenticationLevel none,
+  itemOrUserFirst userFirst: 
+  {
+    userClasses { thisEntry },
+    userPermissions 
+    { 
+      { protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } },
+      { protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } }
+    } 
+  } 
+}
+
+ + +

Commentary

+

Note that two different user permissions are used to accurately specify self access and self modification of the userPassword attribute within the entry. So with the first userPermission of this ACI a user would be able to read all attributes and values within his/her entry. They also have the ability to modify the entry but this is moot since they cannot add, remove or replace any attributes within their entry. The second user permission completes the picture by granting add and remove permissions to all values of userPassword. This means the user can replace the password.

+

+grantAdd + grantRemove = grantReplace +Modify operations either add, remove or replace attributes and their values in LDAP. X.500 seems to have overlooked the replace capability. Hence there is no such thing as a grantReplace permission. However grantAdd and grantDelete on an attribute and its values are both required for a replace operation to take place. +

+ + + + + +
+
+
+ +
+ + \ No newline at end of file Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html (original) +++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html Fri May 17 16:56:50 2013 @@ -234,7 +234,7 @@

and stop it with :

sudo launchctl stop org.apache.directory.server

Installation on Linux and Solaris

-

The installation for different installers is described on the Apache Directory Server 2.0 Downloads page.

+

The installation for different installers is described on the Apache Directory Server 2.0 Downloads page.