directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r957126 [2/18] - in /websites/staging/directory/trunk/content: ./ apacheds/ apacheds/advanced-ug/ apacheds/basic-ug/ apacheds/configuration/ apacheds/kerberos-ug/ api/ api/download/ api/groovy-api/ api/user-guide/ escimo/ fortress/ fortress...
Date Sun, 05 Jul 2015 22:34:38 GMT
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html Sun Jul  5 22:34:35 2015
@@ -169,9 +169,20 @@
     </div>
 
 
-<h1 id="21-configuration-description">2.1 - Configuration Description</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="21-configuration-description">2.1 - Configuration Description<a class="headerlink" href="#21-configuration-description" title="Permanent link">&para;</a></h1>
 <p>It's a good practice to not modify the configuration LDIF file by hand, instead use the Studio Configuration plugin to modify the server configuration.</p>
-<h1 id="overall-structure">Overall structure</h1>
+<h1 id="overall-structure">Overall structure<a class="headerlink" href="#overall-structure" title="Permanent link">&para;</a></h1>
 <p>The configuration is stored in a hierarchical order, where sub-elements are related to their parent. For instance, the <em>Transports</em> are associated to the corresponding <em>Server</em> that uses them. Each server may contain one or more transports.</p>
 <p>The following hierarchy describe the different kind of elements that one can configure, and their relationship :</p>
 <ul>
@@ -235,7 +246,7 @@
 Note that bold attributes are mandatory in the following tables.
 </DIV>
 
-<h1 id="directory-service">Directory Service</h1>
+<h1 id="directory-service">Directory Service<a class="headerlink" href="#directory-service" title="Permanent link">&para;</a></h1>
 <p>This is the heart of the entire system : the place where we store the data. Most of the servers are depending on this component. You may have more than one server(e.g LDAP, Kerberos, ChangePassword etc), but only one <em>DirectoryService</em>. </p>
 <p>Configuration options:</p>
 <table>
@@ -310,7 +321,7 @@ Note that bold attributes are mandatory
 </tr>
 </tbody>
 </table>
-<h2 id="change-log">Change Log</h2>
+<h2 id="change-log">Change Log<a class="headerlink" href="#change-log" title="Permanent link">&para;</a></h2>
 <p>The <em>ChangeLog</em> is an optional system that logs every change made on the server, and also records the revert operation, allowing the system to rollback the changes if needed. This is extremely useful when running tests.</p>
 <p>Note that at the moment, changelog has in-memory support only.</p>
 <p>It's disabled by default.</p>
@@ -351,7 +362,7 @@ Note that bold attributes are mandatory
 </tr>
 </tbody>
 </table>
-<h2 id="journal">Journal</h2>
+<h2 id="journal">Journal<a class="headerlink" href="#journal" title="Permanent link">&para;</a></h2>
 <p>The <em>Journal</em> logs every modification on the file system. It's intended to be used if the <em>DirectoryService</em> crashes, as we can re-apply the journal starting from a date in the past where we know that the underlying database is correct.</p>
 <p>Configuration options:</p>
 <table>
@@ -402,7 +413,7 @@ Note that bold attributes are mandatory
 </tr>
 </tbody>
 </table>
-<h2 id="interceptors">Interceptors</h2>
+<h2 id="interceptors">Interceptors<a class="headerlink" href="#interceptors" title="Permanent link">&para;</a></h2>
 <p>The default <em>Interceptors</em> are generally not configurable. You don't want to change their order, or remove anyone from the default interceptors unless you are very familiar with the
 internals of ApacheDS and/or including a custom interceptor.</p>
 <p>However, at least one default <em>Interceptor</em> can be configured : the <em>authenticationInterceptor</em>. </p>
@@ -449,9 +460,9 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h3 id="authentication-interceptor">Authentication Interceptor</h3>
+<h3 id="authentication-interceptor">Authentication Interceptor<a class="headerlink" href="#authentication-interceptor" title="Permanent link">&para;</a></h3>
 <p>This <em>Interceptor</em> is in charge of managing the users authentication. It is associated with <em><a href="#authenticators">Authenticators</a></em>, and with <em><a href="#password-policies">Password Policies</a></em>.</p>
-<h4 id="authenticators">Authenticators</h4>
+<h4 id="authenticators">Authenticators<a class="headerlink" href="#authenticators" title="Permanent link">&para;</a></h4>
 <p>We may have various <em>Authenticator</em> declared for a given server. The default server has three different <em>Authenticators</em>, which are :</p>
 <ul>
 <li>anonymousAuthenticator : used for anonymous requests</li>
@@ -495,7 +506,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h3 id="password-policies">Password Policies</h3>
+<h3 id="password-policies">Password Policies<a class="headerlink" href="#password-policies" title="Permanent link">&para;</a></h3>
 <p>There are many possible configurable options for the <em>PasswordPolicy</em> system. Here is a list of all the options. See the <a href="http://tools.ietf.org/id/draft-behera-ldap-password-policy-10.txt">password policy draft</a> for an indept explanation of the respective attributes :</p>
 <table>
 <thead>
@@ -641,10 +652,10 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h2 id="partitions">Partitions</h2>
+<h2 id="partitions">Partitions<a class="headerlink" href="#partitions" title="Permanent link">&para;</a></h2>
 <p>The <em>Partition</em> is where the server stores your data. There are many parts that need to be configured in order to obtain the best performances out of the server. It's also the part of the configuration you are more likely to modify, adding new <em>Partitions</em> or adding new <em>Indexes</em>.</p>
 <p>You may have more than one <em>Partition</em> in your <em>DirectoryService</em>. There are at least three default <em>Partition_s, _ou=system</em>, <em>ou=config</em> and <em>ou=schema</em> <em>Partition</em>. ou=system is a <em>JDBM</em> <em>Partition</em> and the two others are <em>LDIF</em> partitions.</p>
-<h3 id="jdbm-partition">JDBM Partition</h3>
+<h3 id="jdbm-partition">JDBM Partition<a class="headerlink" href="#jdbm-partition" title="Permanent link">&para;</a></h3>
 <p>A <em>JDBM Partition</em> has the following configurable options :</p>
 <table>
 <thead>
@@ -695,7 +706,7 @@ internals of ApacheDS and/or including a
 </tbody>
 </table>
 <p>Once the above elements have been added, the <em>Partition</em> is available. You still have to create some mandatory indexes though.</p>
-<h4 id="indexes">Indexes</h4>
+<h4 id="indexes">Indexes<a class="headerlink" href="#indexes" title="Permanent link">&para;</a></h4>
 <p>Each <em>Partition</em> have indexes, some are mandatory, and others are user provided. Here are the mandatory indexes :</p>
 <table>
 <thead>
@@ -739,7 +750,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h5 id="indexed-attribute">Indexed Attribute</h5>
+<h5 id="indexed-attribute">Indexed Attribute<a class="headerlink" href="#indexed-attribute" title="Permanent link">&para;</a></h5>
 <p>Indexed attributes have a type, depending on the <em>Partition</em> type they are associated with. Currently, we have only one type, <em>JdbmIndex</em>. They have specific configurable elements.</p>
 <p>Each index attribute has four basic elements that can be configured :</p>
 <table>
@@ -815,7 +826,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h1 id="servers">Servers</h1>
+<h1 id="servers">Servers<a class="headerlink" href="#servers" title="Permanent link">&para;</a></h1>
 <p>As we can see, we can start more than one server (a.k.a service). We have :</p>
 <ul>
 <li>a LDAP server</li>
@@ -865,7 +876,7 @@ internals of ApacheDS and/or including a
 </tbody>
 </table>
 <p>A server can define more than one transports : for instance, the Kerberos server uses UDP and TCP transports.</p>
-<h2 id="transports">Transports</h2>
+<h2 id="transports">Transports<a class="headerlink" href="#transports" title="Permanent link">&para;</a></h2>
 <p>Here are the parameters for the Transport structure :</p>
 <table>
 <thead>
@@ -927,7 +938,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h2 id="ldap-server">Ldap Server</h2>
+<h2 id="ldap-server">Ldap Server<a class="headerlink" href="#ldap-server" title="Permanent link">&para;</a></h2>
 <p>Let's start with the main server : the LDAP server. </p>
 <p>The list of attributes that can be modified is exposed in the following table. </p>
 <table>
@@ -1021,7 +1032,7 @@ internals of ApacheDS and/or including a
 </tbody>
 </table>
 <p>(*) org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler</p>
-<h3 id="repl-consumers">Repl Consumers</h3>
+<h3 id="repl-consumers">Repl Consumers<a class="headerlink" href="#repl-consumers" title="Permanent link">&para;</a></h3>
 <p>This part of the configuration deals with the replication. It provides all the information for a server to become a consumer. A server can have many different consumers set. </p>
 <p>All the consumers are stored under the <em>ou=replConsumers</em> entry, under the respective server entry.</p>
 <p>Here are the configurable elements :</p>
@@ -1151,7 +1162,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h3 id="extended-op-handlers">Extended Op Handlers</h3>
+<h3 id="extended-op-handlers">Extended Op Handlers<a class="headerlink" href="#extended-op-handlers" title="Permanent link">&para;</a></h3>
 <p>An LDAP server can handle <em>ExtendedOperations</em>, assuming it has the code to do so. In <strong>ApacheDS</strong>, we do that by associating a <em>Java</em> class with each <em>ExtendedOperation</em>. We may provide more <em>ExtendedOperations</em> in the future. The list of supported <em>ExtendedOperations</em> is given below :</p>
 <ul>
 <li>CertGenerationRequest : Generate a certificate on demand</li>
@@ -1196,7 +1207,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h3 id="sasl-mechanisms">SASL Mechanisms</h3>
+<h3 id="sasl-mechanisms">SASL Mechanisms<a class="headerlink" href="#sasl-mechanisms" title="Permanent link">&para;</a></h3>
 <p>We have various SASL mechanisms, which can be configured. the list of supported SASL mechanisms is :</p>
 <ul>
 <li>CRAM-MD5</li>
@@ -1249,7 +1260,7 @@ internals of ApacheDS and/or including a
 </tr>
 </tbody>
 </table>
-<h2 id="kerberos-server">Kerberos Server</h2>
+<h2 id="kerberos-server">Kerberos Server<a class="headerlink" href="#kerberos-server" title="Permanent link">&para;</a></h2>
 <p>The <em>KerberosServer</em> configuration is an important part of the configuration. It depends on a <em>DirectoryService</em> too, as most of the informations managed by a <em>KerberosServer</em> are store there.</p>
 <p>The list of attributes that can be modified is exposed in the following table. </p>
 <table>
@@ -1355,7 +1366,7 @@ internals of ApacheDS and/or including a
 </tbody>
 </table>
 <p>Of course, a <em>Transport</em> has to be defined under the <em>KerberosServer</em> entry (see <a href="#transports">Transports</a>).</p>
-<h2 id="http-server">Http Server</h2>
+<h2 id="http-server">Http Server<a class="headerlink" href="#http-server" title="Permanent link">&para;</a></h2>
 <p>We have a Http Server embedded, which is used to manage some parts of the server. One can inject a web application, which has direct access to the embedded LdapServer, for instance. It can be useful for sending LDAP requests using DSML, for instance.</p>
 <p>There is one single element that can be configured :</p>
 <table>
@@ -1389,7 +1400,7 @@ internals of ApacheDS and/or including a
 </tbody>
 </table>
 <p>An <em>HttpServer</em> without webApps is pretty useless, we now have to configure the underlying web applications</p>
-<h3 id="http-web-apps">Http Web Apps</h3>
+<h3 id="http-web-apps">Http Web Apps<a class="headerlink" href="#http-web-apps" title="Permanent link">&para;</a></h3>
 <p>Each <em>WebApp</em> configuration must be added under the <em>ou=webapps</em> entry. Here are the configurable elements :</p>
 <table>
 <thead>
@@ -1444,9 +1455,9 @@ ads-httpAppCtxPath: /home/app1
 </pre></div>
 
 
-<h2 id="change-password-server">Change Password Server</h2>
+<h2 id="change-password-server">Change Password Server<a class="headerlink" href="#change-password-server" title="Permanent link">&para;</a></h2>
 <p>To be added...</p>
-<h1 id="bean-graph">Bean graph</h1>
+<h1 id="bean-graph">Bean graph<a class="headerlink" href="#bean-graph" title="Permanent link">&para;</a></h1>
 <p>The following picture represent the structure of the container used to store the configuration inside the server. The yellow beans are abstract beans, extended by specific beans.</p>
 <p>The bold links mean we can have more than one instance of a bean.</p>
 <p><img alt="ApacheDS configuration beans" src="images/configBeans.png" /></p>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2-instance-layout.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2-instance-layout.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2-instance-layout.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="22-instance-layout">2.2 - Instance Layout</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="22-instance-layout">2.2 - Instance Layout<a class="headerlink" href="#22-instance-layout" title="Permanent link">&para;</a></h1>
 <p>Note that the installation will differ with the target OS. We currently support :</p>
 <ul>
 <li><img alt="debian" src="images/debian.png" /><a href="2.2.1-debian-instance-layout.html">2.2.1 - Debian instance Layout</a></li>
@@ -186,7 +197,7 @@
 <li>the replication data (if setup)</li>
 <li>the run files</li>
 </ul>
-<h2 id="created-directories">Created directories</h2>
+<h2 id="created-directories">Created directories<a class="headerlink" href="#created-directories" title="Permanent link">&para;</a></h2>
 <p>The following directories are created on your disk :</p>
 <PRE>
 installation directory/

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.1-debian-instance-layout.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.1-debian-instance-layout.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.1-debian-instance-layout.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="221-debian-instance-layout">2.2.1 - <img alt="debian" src="images/debian.png" /> Debian Instance Layout</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="221-debian-instance-layout">2.2.1 - <img alt="debian" src="images/debian.png" /> Debian Instance Layout<a class="headerlink" href="#221-debian-instance-layout" title="Permanent link">&para;</a></h1>
 <p>When you run the installer ( <em>sudo dpkg -i apacheds-&lt;version&gt;-&lt;arch&gt;.deb</em> ) on your debian system, it will install the server on your disk, using this layout :</p>
 <div class="codehilite"><pre> <span class="o">/</span>
  <span class="o">|</span>
@@ -254,7 +265,7 @@
 </pre></div>
 
 
-<h2 id="defining-an-instance">Defining an instance</h2>
+<h2 id="defining-an-instance">Defining an instance<a class="headerlink" href="#defining-an-instance" title="Permanent link">&para;</a></h2>
 <p>The default installation comes with a default instance (aka <em>'default'</em>). It's possible to define more instances, it's just enough to copy the directory <em>/var/lib/apacheds-&lt;version&gt;/&lt;instances&gt;/default</em> and give it the name of the new instance. Then, be sure to remove everything under the <em>run/</em>, <em>partitions/</em>, <em>log/</em>, <em>syncrepl-data</em> and <em>cache/</em> directories to create a blank new instance. Here, we have created a blank <em>test</em> instance :</p>
 <div class="codehilite"><pre> <span class="o">/</span>
  <span class="o">|</span>
@@ -286,7 +297,7 @@
 
 <p>The next step is to be sure that the config.ldif file is modified to not conflict with any other instance of the server : it's just a mater to change the port used by the server.</p>
 <p>When the newly created instance will be created, the partitions will be created.</p>
-<h2 id="starting-the-server">Starting the server</h2>
+<h2 id="starting-the-server">Starting the server<a class="headerlink" href="#starting-the-server" title="Permanent link">&para;</a></h2>
 <p>As we can have more than one instance, we have more than one instance in <em>/var/lib/apacheds&lt;version&gt;/&lt;instances&gt;</em> that can be installed. Each one of these instance can be started using the <em>/etc/init.d/apacheds</em> daemon, passing the instance as a parameter :</p>
 <div class="codehilite"><pre>$ <span class="n">sudo</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;</span> <span class="n">start</span> <span class="p">[</span><span class="o">&lt;</span><span class="n">instance</span><span class="o">&gt;</span><span class="p">]</span>
 </pre></div>
@@ -294,14 +305,14 @@
 
 <p>The default instance name is 'default'.</p>
 <p>All the data for a given instance are stored into this <em>/var/lib/apacheds-&lt;version&gt;/instances/&lt;instance-name&gt;</em> directory.</p>
-<h2 id="stopping-the-server">Stopping the server</h2>
+<h2 id="stopping-the-server">Stopping the server<a class="headerlink" href="#stopping-the-server" title="Permanent link">&para;</a></h2>
 <p>Stopping the server is done using the same command, with a different parameter :</p>
 <div class="codehilite"><pre>$ <span class="n">sudo</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">init</span><span class="p">.</span><span class="n">d</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;</span> <span class="n">stop</span> <span class="p">[</span><span class="o">&lt;</span><span class="n">instance</span><span class="o">&gt;</span><span class="p">]</span>
 </pre></div>
 
 
 <p>Again, you must provide the instance name if it's not the default one</p>
-<h2 id="logs">Logs</h2>
+<h2 id="logs">Logs<a class="headerlink" href="#logs" title="Permanent link">&para;</a></h2>
 <p>You can check what's going on in the <em>apacheds-&lt;version&gt;instances/&lt;instance-name&gt;/log/apacheds.log</em> file, which is created using the configuration set in <em>apacheds-&lt;version&gt;instances/&lt;instance-name&gt;/conf/log4j.properties</em>.</p>
 <p>Typically, when you start the server, you will get such log :</p>
 <div class="codehilite"><pre>$ <span class="n">more</span> <span class="n">apacheds</span><span class="p">.</span><span class="nb">log</span>
@@ -325,7 +336,7 @@
 </pre></div>
 
 
-<h3 id="log-configuration">Log configuration</h3>
+<h3 id="log-configuration">Log configuration<a class="headerlink" href="#log-configuration" title="Permanent link">&para;</a></h3>
 <p>You can configure the log level and content by changing the content of the <em>/var/lib/apacheds-&lt;version&gt;/&lt;instance&gt;/&lt;conf&gt;/log4j.properties</em> file.</p>
 <p>The default configuration is given below :</p>
 <div class="codehilite"><pre>log4j.rootCategory=WARN, R, stdout
@@ -367,7 +378,7 @@ log4j.logger.org.apache.mina=FATAL
 </pre></div>
 
 
-<h3 id="jvm-setting">JVM setting</h3>
+<h3 id="jvm-setting">JVM setting<a class="headerlink" href="#jvm-setting" title="Permanent link">&para;</a></h3>
 <p>Were you to change the memory you want to use for a given instance, you will have to modify the <em>/var/lib/apacheds-&lt;version&gt;/&lt;instances&gt;/&lt;conf&gt;/wrapper-instance.conf</em> file. Here are the parameter you can configure in this file :</p>
 <div class="codehilite"><pre><span class="c">##</span>
 <span class="c">## In this file you can override parameters specified in the default</span>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.2-rpm-instance-layout.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.2-rpm-instance-layout.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.2-rpm-instance-layout.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="222-rpm-instance-layout">2.2.2 - <img alt="RPM" src="images/rpm.png" /> RPM Instance Layout</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="222-rpm-instance-layout">2.2.2 - <img alt="RPM" src="images/rpm.png" /> RPM Instance Layout<a class="headerlink" href="#222-rpm-instance-layout" title="Permanent link">&para;</a></h1>
 <p>When you run the installer on your RPM based system, it will install the server on your disk, using this layout :</p>
 <div class="codehilite"><pre> <span class="o">/</span>
  <span class="o">|</span>
@@ -259,9 +270,9 @@
 
 <p>The default instance name is 'default'.</p>
 <p>All the data for a given instance are stored into this <em>/var/lib/apacheds-<version><em> directory.</p>
-<h2 id="configuring-each-instance">Configuring each instance</h2>
+<h2 id="configuring-each-instance">Configuring each instance<a class="headerlink" href="#configuring-each-instance" title="Permanent link">&para;</a></h2>
 <p>You can configure a specific settings. This is done by modifying the configuration files in <em>/var/lib/apacheds-<version>/<instance></em>.</p>
-<h3 id="jvm-setting">JVM setting</h3>
+<h3 id="jvm-setting">JVM setting<a class="headerlink" href="#jvm-setting" title="Permanent link">&para;</a></h3>
 <p>Were you to change the memory you want to use for a given instance, you will have to modify the <em>/var/lib/apacheds-<version>/<instance>/<conf>/wrapper-instance.conf</em> file. Here are the parameter you can configure in this file :</p>
 <div class="codehilite"><pre><span class="c">##</span>
 <span class="c">## In this file you can override parameters specified in the default</span>
@@ -285,7 +296,7 @@
 
 
 <p>You mainly want to change the memory used by the JVM.</p>
-<h3 id="log-configuration">Log configuration</h3>
+<h3 id="log-configuration">Log configuration<a class="headerlink" href="#log-configuration" title="Permanent link">&para;</a></h3>
 <p>You can configure the log level and content by changing the content of the <em>/var/lib/apacheds-<version>/<instance>/<conf>/log4j.properties</em> file.</p>
 <p>The default configuration is given below :</p>
 <div class="codehilite"><pre>log4j.rootCategory=WARN, R, stdout

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.3-macosx-instance-layout.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.3-macosx-instance-layout.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.3-macosx-instance-layout.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="223-macosx-instance-layout">2.2.3 - <img alt="MacOSX" src="images/mac.png" /> MacOSX Instance Layout</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="223-macosx-instance-layout">2.2.3 - <img alt="MacOSX" src="images/mac.png" /> MacOSX Instance Layout<a class="headerlink" href="#223-macosx-instance-layout" title="Permanent link">&para;</a></h1>
 <p>The Mac OS X installer creates the following layout on yout disk :</p>
 <div class="codehilite"><pre> <span class="o">/</span>
  <span class="o">|</span>
@@ -236,7 +247,7 @@
 </pre></div>
 
 
-<h2 id="defining-an-instance">Defining an instance</h2>
+<h2 id="defining-an-instance">Defining an instance<a class="headerlink" href="#defining-an-instance" title="Permanent link">&para;</a></h2>
 <p>The default installation comes with a default instance (aka <em>'default'</em>). It's possible to define more instances, you will have to copy the directory <em>/usr/local/apacheds-&lt;version&gt;/&lt;instances&gt;/default</em> and give it the name of the new instance. Then, be sure to remove everything under the <em>run/</em>, <em>partitions/</em>, <em>log/</em>, <em>syncrepl-data</em> and <em>cache/</em> directories to create a blank new instance. Here, we have created a blank <em>test</em> instance :</p>
 <div class="codehilite"><pre> <span class="o">/</span>
  <span class="o">|</span>
@@ -329,7 +340,7 @@
 
 
 <p>When the newly created instance will be created, the partitions will be created.</p>
-<h2 id="starting-the-server">Starting the server</h2>
+<h2 id="starting-the-server">Starting the server<a class="headerlink" href="#starting-the-server" title="Permanent link">&para;</a></h2>
 <p>As we can have more than one instance, we have more than one instance in <em>/usr/local/apacheds&lt;version&gt;/&lt;instances&gt;</em> that can be installed. Each one of these instance can be started using the <em>launchctl</em> command applied on each loaded instance (which has a different name). Here, we will start the server which instances is the one we just defined, ie 'test' :</p>
 <div class="codehilite"><pre>$ <span class="n">sudo</span> <span class="n">launchctl</span> <span class="n">start</span> <span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">test</span>
 </pre></div>
@@ -341,14 +352,14 @@
 
 
 <p>All the data for a given instance are stored into this <em>/usr/local/apacheds-&lt;version&gt;/instances/&lt;instance-name&gt;</em> directory.</p>
-<h2 id="stopping-the-server">Stopping the server</h2>
+<h2 id="stopping-the-server">Stopping the server<a class="headerlink" href="#stopping-the-server" title="Permanent link">&para;</a></h2>
 <p>Stopping the server is done using the same command, with a different parameter :</p>
 <div class="codehilite"><pre>$ <span class="n">sudo</span> <span class="n">launchctl</span> <span class="n">stop</span> <span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">test</span>
 </pre></div>
 
 
 <p>Again, you must provide the instance name</p>
-<h2 id="logs">Logs</h2>
+<h2 id="logs">Logs<a class="headerlink" href="#logs" title="Permanent link">&para;</a></h2>
 <p>You can check what's going on in the <em>apacheds-&lt;version&gt;instances/&lt;instance-name&gt;/log/wrapper.log</em> file, and <em>apacheds-&lt;version&gt;instances/&lt;instance-name&gt;/log/apacheds.log</em> file which is created using the configuration set in <em>apacheds-&lt;version&gt;instances/&lt;instance-name&gt;/conf/log4j.properties</em>.</p>
 <p>Typically, when you start the server, you will get such log :</p>
 <div class="codehilite"><pre>$ <span class="n">more</span> <span class="n">wrapper</span><span class="p">.</span><span class="nb">log</span>
@@ -367,7 +378,7 @@
 </pre></div>
 
 
-<h3 id="log-configuration">Log configuration</h3>
+<h3 id="log-configuration">Log configuration<a class="headerlink" href="#log-configuration" title="Permanent link">&para;</a></h3>
 <p>You can configure the log level and content by changing the content of the <em>/var/lib/apacheds-&lt;version&gt;/&lt;instance&gt;/&lt;conf&gt;/log4j.properties</em> file.</p>
 <p>The default configuration is given below :</p>
 <div class="codehilite"><pre>log4j.rootCategory=WARN, R, stdout
@@ -409,7 +420,7 @@ log4j.logger.org.apache.mina=FATAL
 </pre></div>
 
 
-<h3 id="jvm-setting">JVM setting</h3>
+<h3 id="jvm-setting">JVM setting<a class="headerlink" href="#jvm-setting" title="Permanent link">&para;</a></h3>
 <p>Were you to change the memory you want to use for a given instance, you will have to modify the <em>/usr/local/apacheds-&lt;version&gt;/&lt;instances&gt;/&lt;conf&gt;/wrapper-instance.conf</em> file. Here are the parameter you can configure in this file :</p>
 <div class="codehilite"><pre><span class="c">##</span>
 <span class="c">## In this file you can override parameters specified in the default</span>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.4-windows-instance-layout.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.4-windows-instance-layout.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.4-windows-instance-layout.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="224-windows-instance-layout">2.2.4 - <img alt="Windows" src="images/windows.png" /> Windows Instance Layout</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="224-windows-instance-layout">2.2.4 - <img alt="Windows" src="images/windows.png" /> Windows Instance Layout<a class="headerlink" href="#224-windows-instance-layout" title="Permanent link">&para;</a></h1>
 <p>TODO...</p>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.5-generic-instance-layout.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.5-generic-instance-layout.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2.5-generic-instance-layout.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="225-generic-instance-layout">2.2.5 - Generic Instance Layout</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="225-generic-instance-layout">2.2.5 - Generic Instance Layout<a class="headerlink" href="#225-generic-instance-layout" title="Permanent link">&para;</a></h1>
 <p>This installer just contain everything needed to start <em>ApacheDS</em> but it will not create a daemon not a Windows Service. Would one like to start <em>ApacheDS</em>, it will have to start the <em>apacheds.sh</em> or <em>apacheds.bat</bat> script shell.</p>
 <p>The installer is just a raeball that needs to be oepend and deflated at the selected position  :</p>
 <div class="codehilite"><pre><span class="n">tar</span> <span class="n">xzpf</span> <span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;</span><span class="p">.</span><span class="n">tar</span><span class="p">.</span><span class="n">gz</span>
@@ -225,7 +236,7 @@
 </pre></div>
 
 
-<h2 id="starting-the-server">Starting the server</h2>
+<h2 id="starting-the-server">Starting the server<a class="headerlink" href="#starting-the-server" title="Permanent link">&para;</a></h2>
 <p>Starting the server is as simple as starting the script :</p>
 <div class="codehilite"><pre>$ <span class="o">./</span><span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;/</span><span class="n">bin</span><span class="o">/</span><span class="n">apacheds</span><span class="p">.</span><span class="n">sh</span> <span class="n">start</span>
 <span class="n">Using</span> <span class="n">ADS_HOME</span><span class="p">:</span>    <span class="p">..</span><span class="o">./</span><span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;</span>
@@ -236,7 +247,7 @@ $
 </pre></div>
 
 
-<h2 id="stopping-the-server">Stopping the server</h2>
+<h2 id="stopping-the-server">Stopping the server<a class="headerlink" href="#stopping-the-server" title="Permanent link">&para;</a></h2>
 <p>The server is now started. To stop it, you have to execute this command :</p>
 <div class="codehilite"><pre>$ <span class="o">./</span><span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;/</span><span class="n">bin</span><span class="o">/</span><span class="n">apacheds</span><span class="p">.</span><span class="n">sh</span> <span class="n">stop</span>
 <span class="n">Using</span> <span class="n">ADS_HOME</span><span class="p">:</span>    <span class="p">..</span><span class="o">./</span><span class="n">apacheds</span><span class="o">-&lt;</span><span class="n">version</span><span class="o">&gt;</span>
@@ -247,9 +258,9 @@ $
 </pre></div>
 
 
-<h2 id="selection-a-different-instance">Selection a different instance</h2>
+<h2 id="selection-a-different-instance">Selection a different instance<a class="headerlink" href="#selection-a-different-instance" title="Permanent link">&para;</a></h2>
 <p>You can start many instances of the server, assuming you have duplicated the content of teh <em>instances/default</em> directory, and modified the <em>instances/default/conf/config.ldif</em> file (cahnge the transports so that there is no collision between servers)</p>
-<h2 id="logs">Logs</h2>
+<h2 id="logs">Logs<a class="headerlink" href="#logs" title="Permanent link">&para;</a></h2>
 <p>You can check what's going on in the <em>apacheds-<version>/instances/<instance-name>/log/apacheds.log</em> file, which is created using the configuration set in <em>apacheds-<version>/instances/<instance-name>/conf/log4j.properties</em>.</p>
 <p>Typically, when you start the server, you will get such log :</p>
 <div class="codehilite"><pre>$ <span class="n">more</span> <span class="n">apacheds</span><span class="p">.</span><span class="nb">log</span>
@@ -273,7 +284,7 @@ $
 </pre></div>
 
 
-<h3 id="log-configuration">Log configuration</h3>
+<h3 id="log-configuration">Log configuration<a class="headerlink" href="#log-configuration" title="Permanent link">&para;</a></h3>
 <p>You can configure the log level and content by changing the content of the <em>/var/lib/apacheds-&lt;version&gt;/&lt;instance&gt;/&lt;conf&gt;/log4j.properties</em> file.</p>
 <p>The default configuration is given below :</p>
 <div class="codehilite"><pre>log4j.rootCategory=WARN, R, stdout

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html Sun Jul  5 22:34:35 2015
@@ -169,21 +169,32 @@
     </div>
 
 
-<h2 id="chapter-content">Chapter content</h2>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h2 id="chapter-content">Chapter content<a class="headerlink" href="#chapter-content" title="Permanent link">&para;</a></h2>
 <ul>
 <li><a href="3.1-administrative-points.html">3.1 - Administrative Points</a></li>
 <li><a href="3.2-operations-on-an-administrativepoint.html">3.2 - Operations on an Administrative Point</a></li>
 </ul>
-<h1 id="3-administrative-model">3 - Administrative Model</h1>
+<h1 id="3-administrative-model">3 - Administrative Model<a class="headerlink" href="#3-administrative-model" title="Permanent link">&para;</a></h1>
 <p>The <strong>Administrative Model</strong> is a really critical notion that needs to be understood, because it drives many of ApacheDS roles.</p>
 <p>It's directly inherited by the <strong>X.500</strong> Administrative model (in fact, we do implement the full <strong>X.500</strong> specification related to <strong>AAs</strong>).</p>
-<h2 id="what-is-the-administrative-model">What is the Administrative Model ?</h2>
+<h2 id="what-is-the-administrative-model">What is the Administrative Model ?<a class="headerlink" href="#what-is-the-administrative-model" title="Permanent link">&para;</a></h2>
 <p>The idea is to define the <strong>DIT</strong> as some areas which are administered.
 Each area can be defined, and covers a set of entries, and each area can manage one ore more roles we want to manage.
 Those roles can be related to authorization, schema, etc... Each of these areas can overlap, but in any case, if two areas are overlapping,
 then one area totally includes the other one.</p>
 <p>The Administrative Model is everything we need to implement in order to be able to manage roles on some defined areas.</p>
-<h2 id="areas">Areas</h2>
+<h2 id="areas">Areas<a class="headerlink" href="#areas" title="Permanent link">&para;</a></h2>
 <p>An Area describes a part of the <strong>DIT</strong> which will start from a specific entry, and spans across a part of the subtree starting at the base entry. An area is administered by an <strong>AP</strong> (Administrative Point) which holds all the needed information about the area and the roles.</p>
 <p>We have three kind of areas :</p>
 <ul>
@@ -194,7 +205,7 @@ then one area totally includes the other
 <p><strong>AAAs</strong> cover all the roles as if we had declared one <strong>SAA</strong> for each existing role. They overload any area in which they can be encapsulated, hiding them.</p>
 <p><strong>SAAs</strong> cover one specific role, and overload any encapsulating area with the same role.</p>
 <p><strong>IAAs</strong> cover one specific role, but don't not overload any encapsulating area with the same role.</p>
-<h2 id="administration-point">Administration Point</h2>
+<h2 id="administration-point">Administration Point<a class="headerlink" href="#administration-point" title="Permanent link">&para;</a></h2>
 <p>An <strong>Administration Point</strong> is the point in the <strong>DIT</strong> where an area starts. It defines the roles, and the scope that applies to this area.</p>
 <p>Once we know which area we need to define, and the associated roles, it's mandatory to store those information in the <strong>DIT</strong>. This is done by adding <strong>subentries</strong>, which just are entries storing all the administrative configuration.</p>
 <p>An Administrative Point is stored as a <strong>subentry</strong> (which is just a plain LDAP entry) just below the base of the defined area.</p>
@@ -207,7 +218,7 @@ then one area totally includes the other
     We also use the term "subtree" to define areas. This is due to the fact that we define a subtree specification in the administration point to express the set of selected entries.
 </DIV>
 
-<h2 id="roles">Roles</h2>
+<h2 id="roles">Roles<a class="headerlink" href="#roles" title="Permanent link">&para;</a></h2>
 <p>The roles are the various aspects which are managed by the administration points. Currently, we manage five different roles in ApacheDS :</p>
 <ul>
 <li>Authorization : manage the access to entries</li>
@@ -216,7 +227,7 @@ then one area totally includes the other
 <li>Collective Attributes : manage attributes that are valid ofr a set of entries</li>
 <li>Replication : manage the replication of a set</li>
 </ul>
-<h1 id="apacheds-20-coverage">ApacheDS 2.0 coverage</h1>
+<h1 id="apacheds-20-coverage">ApacheDS 2.0 coverage<a class="headerlink" href="#apacheds-20-coverage" title="Permanent link">&para;</a></h1>
 <p>Currently, in Apache 2.0, we don't implement all this model. What is supported is :</p>
 <ul>
 <li>AAA and SAA : We don't currently support IAA</li>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="31-administrative-points">3.1. Administrative points</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="31-administrative-points">3.1. Administrative points<a class="headerlink" href="#31-administrative-points" title="Permanent link">&para;</a></h1>
 <p>An <em>Administrative Point</em> is an entry which is defining a starting point
 from which some of the four existing administrative roles will span. It's
 important to understand than an Administrative Point (or <em>AP</em>) comes hand
@@ -187,7 +198,7 @@ on which they are active. These scopes (
 role the Subentry is defined for.</p>
 <p>The schema shows the relation between the <em>AP</em> and one <em>SubEntry</em> :</p>
 <p><img alt="subentry" src="images/subentry.png" /></p>
-<h2 id="administrative-point">Administrative Point</h2>
+<h2 id="administrative-point">Administrative Point<a class="headerlink" href="#administrative-point" title="Permanent link">&para;</a></h2>
 <p>We will describe the types of Administrative Points we are managing and the
 way they impact their associated Administrative Areas (<em>AA</em>)</p>
 <p>We have three different kind of <em>AP</em>  :</p>
@@ -213,7 +224,7 @@ but the one covered by the new <em>SAP</
 or <em>IAP</em>. It controls a specific aspect too, as for the <em>SAP</em>, but it will
 be combined with any of the above <em>AP</em>.</li>
 </ul>
-<h2 id="roles">Roles</h2>
+<h2 id="roles">Roles<a class="headerlink" href="#roles" title="Permanent link">&para;</a></h2>
 <p><em>AP</em> are managing some administrative aspect, defined by a role :</p>
 <ul>
 <li>ACI : Manage the access control</li>
@@ -221,7 +232,7 @@ be combined with any of the above <em>AP
 <li>SubSchema (not handled atm) </li>
 <li>TriggrExecution : Manage the execution of stored procedures</li>
 </ul>
-<h1 id="subentry">Subentry</h1>
+<h1 id="subentry">Subentry<a class="headerlink" href="#subentry" title="Permanent link">&para;</a></h1>
 <p>Once we have defined an <em>AP</em>, we can add some <em>subentries</em> which contain
 the description of the administrative actions, including :</p>
 <ul>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3.2-operations-on-an-administrativepoint.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="32-operations-on-an-administrative-point">3.2 Operations on an Administrative Point</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="32-operations-on-an-administrative-point">3.2 Operations on an Administrative Point<a class="headerlink" href="#32-operations-on-an-administrative-point" title="Permanent link">&para;</a></h1>
 <p>There are six kind of operations we can have on an AdministrativePoint :</p>
 <ul>
 <li>creating a new AP</li>
@@ -185,7 +196,7 @@ operations can be gathered into one sing
 <p>Also note that any modification made on an entry's AdminsitrativeRole may
 have an impact on all it's descendants and ascendants (this is true for the
 Modify and Move operation)</p>
-<h2 id="adding-an-ap-entry">Adding an AP entry</h2>
+<h2 id="adding-an-ap-entry">Adding an AP entry<a class="headerlink" href="#adding-an-ap-entry" title="Permanent link">&para;</a></h2>
 <p>This seems to be a simple operation, however many checks have to be done in
 order to not break the existing Administrative model. </p>
 <p>First of all, we have to check that the added entry contains the
@@ -206,12 +217,12 @@ hierarchy will remain consistent after t
 for the same role</p>
 <p>If all those checks are ok, we can add the entry into the base, and update
 the AP cache</p>
-<h2 id="deleting-an-ap-entry">Deleting an AP entry</h2>
+<h2 id="deleting-an-ap-entry">Deleting an AP entry<a class="headerlink" href="#deleting-an-ap-entry" title="Permanent link">&para;</a></h2>
 <p>This operation is way simpler, as we can't delete an entry if it has some
 children, so there is no need to check that the administrative model is
 consistent.</p>
 <p>We just have to remove the entry and update the AP cache</p>
-<h2 id="modifying-an-ap-entry">Modifying an AP entry</h2>
+<h2 id="modifying-an-ap-entry">Modifying an AP entry<a class="headerlink" href="#modifying-an-ap-entry" title="Permanent link">&para;</a></h2>
 <p>This is way more complex. We can have five kind of modification here :
 <em> addition of roles
 </em> deletion of roles
@@ -220,7 +231,7 @@ consistent.</p>
 * removing of an existing AdministrativeRole attribute</p>
 <p>The three first modifications can imply more than one role. We have to deal
 with each of those modifications one by one.</p>
-<h3 id="addition-of-roles">Addition of roles</h3>
+<h3 id="addition-of-roles">Addition of roles<a class="headerlink" href="#addition-of-roles" title="Permanent link">&para;</a></h3>
 <p>For this modification, we will have to check for each of the roles the very
 same elements than for the Add operation above :</p>
 <ul>
@@ -235,7 +246,7 @@ same elements than for the Add operation
 <p>If all of those checks are ok, we can update the AP cache, which must be
 cloned, otherwise we may have to rollback the operation if any of the
 following modification fails.</p>
-<h3 id="removing-of-roles">Removing of roles</h3>
+<h3 id="removing-of-roles">Removing of roles<a class="headerlink" href="#removing-of-roles" title="Permanent link">&para;</a></h3>
 <p>First, if there is no value for this modification, then that means we must
 delete the Attribute. This case will be analyzed later.
 For each of the roles to remove, we have to apply those checks :
@@ -247,15 +258,15 @@ tree, we can stop checking the branch)</
 <p>Now, if there are no values, we have to get the existing roles and apply he
 same checks</p>
 <p>If everything is fine, we can remove the roles from the attribute.</p>
-<h3 id="replacing-roles">Replacing roles</h3>
+<h3 id="replacing-roles">Replacing roles<a class="headerlink" href="#replacing-roles" title="Permanent link">&para;</a></h3>
 <p>This kind of modifications are not currently supported</p>
-<h2 id="moving-an-ap">Moving an AP</h2>
+<h2 id="moving-an-ap">Moving an AP<a class="headerlink" href="#moving-an-ap" title="Permanent link">&para;</a></h2>
 <p>As we move the entry, we may induce some inconsistencies in the AP tree. </p>
 <p>The problem we might have is that if we move an entry having an IAP in a
 place where this role has no parent AAP or parent SAP with the same role,
 then the AdministrativeModel tree will be inconsistent. We have to check
 this.</p>
-<h1 id="impact-on-the-existing-entries">Impact on the existing entries</h1>
+<h1 id="impact-on-the-existing-entries">Impact on the existing entries<a class="headerlink" href="#impact-on-the-existing-entries" title="Permanent link">&para;</a></h1>
 <p>When we add or remove a role in a server, it may have a huge impact on the
 existing entries, as soon as those roles are associated with some
 subtreeSpecification which defines a set of contained entries. If we remove
@@ -266,39 +277,39 @@ which were depending on a higher AP will
 <p>In any case, we don't even need to define a SubtreeSpecification, as soon
 as an AAP or SAP is created, it excludes all the children entries from any
 other higher AP areas.</p>
-<h2 id="adding-a-role">Adding a Role</h2>
+<h2 id="adding-a-role">Adding a Role<a class="headerlink" href="#adding-a-role" title="Permanent link">&para;</a></h2>
 <p>Whatever the way we used to add a role (add an entry, modify an existing
 one), there are one thing we have to do depending on the kind of role we
 added. Of course, we stop modifying entries when another lower SAP or AAP
 is defined.</p>
-<h3 id="adding-an-aap">Adding an AAP</h3>
+<h3 id="adding-an-aap">Adding an AAP<a class="headerlink" href="#adding-an-aap" title="Permanent link">&para;</a></h3>
 <p>All the children which were pointing to any higher IAP, SAP or AAP will be
 dereferenced. If a subtree specification is added under the newly added
 AAP, then all the associated entries will be updated.</p>
-<h3 id="adding-a-sap">Adding a SAP</h3>
+<h3 id="adding-a-sap">Adding a SAP<a class="headerlink" href="#adding-a-sap" title="Permanent link">&para;</a></h3>
 <p>All the children which were pointing to any higher IAP or SAP with the same
 type of role, or an AAP, will be dereferenced (of course, only for the
 added type of role, the other references will remain). If a subtree
 specification is added under the newly added SAP, then all the associated
 entries will be updated.</p>
-<h3 id="adding-an-iap">Adding an IAP</h3>
+<h3 id="adding-an-iap">Adding an IAP<a class="headerlink" href="#adding-an-iap" title="Permanent link">&para;</a></h3>
 <p>All the children which were pointing to any higher IAP with the same type
 of role will be dereferenced, and will now point to this newly added IAP.
 All the children which were pointing on a SAP with the same role, or an
 AAP, will be modified to also point on the newly added IAP.</p>
-<h2 id="removing-a-role">Removing a role</h2>
+<h2 id="removing-a-role">Removing a role<a class="headerlink" href="#removing-a-role" title="Permanent link">&para;</a></h2>
 <p>Depending on the kind of role we removed, we will have to update the
 entries accordingly.</p>
-<h3 id="removing-an-aap">Removing an AAP</h3>
+<h3 id="removing-an-aap">Removing an AAP<a class="headerlink" href="#removing-an-aap" title="Permanent link">&para;</a></h3>
 <p>All the entries referencing the removed AAP will be updated, and will now
 reference the inherited AAP, SAP and IAP (if any). If there is some higher
 IAP, we will also reference it.</p>
-<h3 id="removing-a-sap">Removing a SAP</h3>
+<h3 id="removing-a-sap">Removing a SAP<a class="headerlink" href="#removing-a-sap" title="Permanent link">&para;</a></h3>
 <p>All the entries referencing the removed SAP will be updated, and will now
 reference either the parent AAP or the parent SAP with the same role, if
 any. We will also reference an IAP with the same role if we have some
 higher in the hierarchy.</p>
-<h3 id="removing-an-iap">Removing an IAP</h3>
+<h3 id="removing-an-iap">Removing an IAP<a class="headerlink" href="#removing-an-iap" title="Permanent link">&para;</a></h3>
 <p>All the entries referencing the removed IAP will be updated. There is
 nothing else to do.</p>
 

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4-authentication-and-authorization.html Sun Jul  5 22:34:35 2015
@@ -169,8 +169,19 @@
     </div>
 
 
-<h1 id="4-authentication-and-authorization">4 - Authentication and Authorization</h1>
-<h2 id="chapter-content">Chapter content</h2>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4-authentication-and-authorization">4 - Authentication and Authorization<a class="headerlink" href="#4-authentication-and-authorization" title="Permanent link">&para;</a></h1>
+<h2 id="chapter-content">Chapter content<a class="headerlink" href="#chapter-content" title="Permanent link">&para;</a></h2>
 <ul>
 <li><a href="4.1-authentication.html">4.1 - Authentication</a><ul>
 <li><a href="4.1.1-simple-authn.html">4.1.1 - Simple authentication</a><ul>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1-authentication.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1-authentication.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1-authentication.html Sun Jul  5 22:34:35 2015
@@ -169,8 +169,19 @@
     </div>
 
 
-<h1 id="41-authentication">4.1. Authentication</h1>
-<h2 id="chapter-content">Chapter content</h2>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="41-authentication">4.1. Authentication<a class="headerlink" href="#41-authentication" title="Permanent link">&para;</a></h1>
+<h2 id="chapter-content">Chapter content<a class="headerlink" href="#chapter-content" title="Permanent link">&para;</a></h2>
 <ul>
 <li><a href="4.1.1-simple-authn.html">4.1.1 - Simple authentication</a><ul>
 <li><a href="4.1.1.1-anonymous-authn.html">4.1.1.1 - Anonymous Authentication</a></li>
@@ -196,7 +207,7 @@
 </em> SASL</p>
 <p>We will describe those two kind of authentication, and will also describe how this can be leveraged by some specific authentication mechanisms, like Kerberos or based on certificates.</p>
 <p>Last, not least, the <strong>Anonymous</strong> authentication will be explain in a separate chapter, even if it's a part of the Simple authentication mechanism.</p>
-<h2 id="authentication-and-ldap-session">Authentication and LDAP Session</h2>
+<h2 id="authentication-and-ldap-session">Authentication and LDAP Session<a class="headerlink" href="#authentication-and-ldap-session" title="Permanent link">&para;</a></h2>
 <p>An authentication will result in the creation of a LDAP session, which will exist as long as the authenticated user does not physically disconnect from the server. </p>
 <p>A Session can have his status changed all alog its life : we can switch from an Authenticated state to an Anonymous state, and back to a SASL authenticated state. The session is created the first time the user connects on the server, and its status changes when the user authenticates.</p>
 

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1-simple-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1-simple-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1-simple-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="411-simple-authentication">4.1.1 - Simple Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="411-simple-authentication">4.1.1 - Simple Authentication<a class="headerlink" href="#411-simple-authentication" title="Permanent link">&para;</a></h1>
 <p>This authentication mode uses a <strong>Simple Bind Request</strong>. It's just about sending a name and a password to the server, which will either create a session for the given credentials, or reject the request.</p>
 <p>As we said, we have to pass a name and a password. This leads to three different combinations of <strong>Simple Bind</strong> :</p>
 <ul>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.1-anonymous-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.1-anonymous-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.1-anonymous-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="4111-anonymous-authentication">4.1.1.1 - Anonymous Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4111-anonymous-authentication">4.1.1.1 - Anonymous Authentication<a class="headerlink" href="#4111-anonymous-authentication" title="Permanent link">&para;</a></h1>
 <p>When we don't provide a name or password while proceeding to a Bind, we enter into an Anonymous mode. This is a mode that the server must allow, otherwise the user won't be authenticated.</p>
 <p>It worth noticing that one can do a search on a server without first authenticating : the search will be done with an anonymous status (in other words, an Anonymous session will be created in this case).</p>
 

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html Sun Jul  5 22:34:35 2015
@@ -169,15 +169,26 @@
     </div>
 
 
-<h1 id="4112-namepassword-authentication">4.1.1.2 - Name/Password Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4112-namepassword-authentication">4.1.1.2 - Name/Password Authentication<a class="headerlink" href="#4112-namepassword-authentication" title="Permanent link">&para;</a></h1>
 <p>This is the most common authentication system, though not the safest. The user provides his name and a password. Both are passed as clear text to the server, which checks that the user exists, and that its password is correct.</p>
-<h2 id="users-name-retrieval">User's name retrieval</h2>
+<h2 id="users-name-retrieval">User's name retrieval<a class="headerlink" href="#users-name-retrieval" title="Permanent link">&para;</a></h2>
 <p>The first thing the server does is to check that the user's name exists in the server. The provided name is always a full <strong>DN</strong>.</p>
 <p>Here is an example of simple authentication using Studio, where we authenticate the <strong>uid=admin,ou=system</strong> user :</p>
 <p><img alt="Name/Password authentication" src="images/simple-name-password-authn.png" /></p>
 <p>The password is not visible here, but this is just for security reasons.</p>
 <p>This request is sent to the server, which will check that the <strong>uid=admin,ou=system</strong> exists in its backend. If it doesn't, the authentication will fail.</p>
-<h2 id="password-check">Password check</h2>
+<h2 id="password-check">Password check<a class="headerlink" href="#password-check" title="Permanent link">&para;</a></h2>
 <p>That's not enough : once the user is retrieved, we have to check the provided password against the stored password. </p>
 <p>The entry associated with the user should contain a <strong>userPassword</strong> AttributeType, otherwise the request will be rejected. Here is an example of such an entry :</p>
 <div class="codehilite"><pre>version: 1
@@ -201,7 +212,7 @@ userPassword:: c2VjcmV0
 
 
 <p>Not exactly safe...</p>
-<h3 id="password-storage">Password storage</h3>
+<h3 id="password-storage">Password storage<a class="headerlink" href="#password-storage" title="Permanent link">&para;</a></h3>
 <p>As we have just seen, the password is stored in plain text in the server. This is not exactly safe ! As soon as someone gets access to your server, all the passwords are compromised. This is certainly not the way we want to protect our users !</p>
 <p>Hopefully, you can hash those passwords, instead of storing them as provided. </p>
 <DIV class="note" markdown="1">
@@ -269,7 +280,7 @@ A hashed password is not a password we c
 </tr>
 </tbody>
 </table>
-<h3 id="how-it-works">How it works ?</h3>
+<h3 id="how-it-works">How it works ?<a class="headerlink" href="#how-it-works" title="Permanent link">&para;</a></h3>
 <p>So the server receives a Name/Password authentication request. The password is <em>in clear text</em> up to this point. Once the user is found in the server, and if it has a <strong>userPassword</strong> attributeType, the server extracts each values contained in this AttributeType (we may have more than one password per user) and check the provided password against those values.</p>
 <p>This is not as simple as it seems : as we may have hashed the values on the server, we first have to detect the selected hash method, and then hash the provided password, which result is compared to the stored hashed value.</p>
 <p>Hopefully, the hash method is stored within the hashed password in the server :</p>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.3-unauthenticated-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="4113-unauthenticated-authentication">4.1.1.3 - Unauthenticated Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4113-unauthenticated-authentication">4.1.1.3 - Unauthenticated Authentication<a class="headerlink" href="#4113-unauthenticated-authentication" title="Permanent link">&para;</a></h1>
 <p>The <strong>Unauthenticated Authentication</strong> mechanism is a bit specific. First of all, none all the <strong>LDAP</strong> servers support such a mechanism. In fact, the default behavior is for server to return a <strong>unwillingToPerform</strong> result code when someone tries to bind using a null password.</p>
 <p>We won't go any deeper into this 'feature', those interested in the rational behind it and the associated drawbacks can read the following links :</p>
 <p><a href="http://tools.ietf.org/html/rfc4513#section-5.1.2">RFC 4513, Unauthenticated Authentication Mechanism of Simple Bind</a>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html Sun Jul  5 22:34:35 2015
@@ -169,8 +169,19 @@
     </div>
 
 
-<h1 id="412-sasl-authentication">4.1.2 - SASL Authentication</h1>
-<h2 id="chapter-content">Chapter content</h2>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="412-sasl-authentication">4.1.2 - SASL Authentication<a class="headerlink" href="#412-sasl-authentication" title="Permanent link">&para;</a></h1>
+<h2 id="chapter-content">Chapter content<a class="headerlink" href="#chapter-content" title="Permanent link">&para;</a></h2>
 <ul>
 <li><a href="4.1.2.1-sasl-plain-text-authn.html">4.1.2.1 - SASL PLAIN text Authentication</a></li>
 <li><a href="4.1.2.2-sasl-cram-md5-authn.html">4.1.2.2 - SASL CRAM-MD5 Authentication</a></li>
@@ -179,7 +190,7 @@
 <li><a href="4.1.2.5-sasl-external-authn.html">4.1.2.5 - SASL EXTERNAL Authentication</a></li>
 <li><a href="4.1.2.6-sasl-ntlm-authn.html">4.1.2.6 - SASL NTLM Authentication</a></li>
 </ul>
-<h2 id="introduction">Introduction</h2>
+<h2 id="introduction">Introduction<a class="headerlink" href="#introduction" title="Permanent link">&para;</a></h2>
 <p><strong>SASL</strong> authentication is based on a standard described in <a href="http://www.ietf.org/rfc/rfc4422.txt">RFC 4422</a>. <strong>SASL</strong> means <strong>S</strong>imple <strong>A</strong>uthentication and <strong>S</strong>ecurity <strong>L</strong>ayer.</p>
 <p>It extends the Simple authentication, by allowing the LDAP server to authenticate the user by various mechanisms.</p>
 <p>The <strong>SASL* Authentication is used when a simple user/password authentication is not enough. Many other systems exist, and may take many parameters to authenticate a user. With </strong>SASL**, a challenge/response system is used to get the needed information from the client, up to the point the authentication is either successful or fails.</p>
@@ -204,11 +215,11 @@
 <p><img alt="ApacheDS supported SASL mechanisms" src="images/supported-sasl-mechanisms.png" /></p>
 <p>Configuring this list can also be done using <strong>Studio ApacheDS Configuration</strong> plugin :</p>
 <p><img alt="ApacheDS SASL mechanisms configuration" src="images/sasl-mechanisms-config.png" /></p>
-<h2 id="usage-and-security">Usage and security</h2>
+<h2 id="usage-and-security">Usage and security<a class="headerlink" href="#usage-and-security" title="Permanent link">&para;</a></h2>
 <p>Most of the existing <strong>SASL</strong> mechanisms are just either useless (<strong>PLAIN</strong>, <strong>ANONYMOUS</strong>) or too weak to be used in a secured environment (<strong>DIGEST-MD5</strong> or <strong>CRAM-MD5</strong>).</p>
 <p>A new <strong>SASL</strong> mechanism has been designed to replace the last two mechanisms : <strong>SCRAM</strong> (<a href="http://www.ietf.org/rfc/rfc5802.txt">RFC 5802</a>).</p>
 <p>In any case, if you are using one of those mechanisms, be sure to activate <strong>TLS</strong>.</p>
-<h2 id="specifications">Specifications</h2>
+<h2 id="specifications">Specifications<a class="headerlink" href="#specifications" title="Permanent link">&para;</a></h2>
 <p>The SASL specifications are defined by an <a href="http://datatracker.ietf.org/wg/sasl/">IETF Working Group</a> which has published the following proposed standards :</p>
 <div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4013<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4013</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">SASLprep</span><span class="p">:</span> <span class="n">Stringprep</span> <span class="n">Profile</span> <span class="k">for</span> <span class="n">User</span> <span class="n">Names</span> <span class="n">and</span> <span class="n">Passwords</span> 
 <span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4422<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4422</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="4121-sasl-plain-authentication">4.1.2.1 SASL PLAIN Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4121-sasl-plain-authentication">4.1.2.1 SASL PLAIN Authentication<a class="headerlink" href="#4121-sasl-plain-authentication" title="Permanent link">&para;</a></h1>
 <p>The <strong>SASL PLAIN</strong> authentication is most certainly useless, as one can already authenticate using the <strong>Simple Bind</strong>. However, it's still possible to issue a <strong>SASL PLAIN</strong> authentication on <em>ApacheDS</em>.</p>
 <p>The difference with a <strong>Simple Bind</strong> is that the user's name is not  <strong>DN</strong>, but a meaningful value that is stored into one of the user's entry Attributes.</p>
 <p>When the server receives a <strong>SASL PLAIN</strong> bind request, it will look for the first entry which <strong>uid</strong> is equal to the provided value, starting from the server <strong>searchBaseDN</strong> position in the DIT.</p>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html Sun Jul  5 22:34:35 2015
@@ -169,14 +169,25 @@
     </div>
 
 
-<h1 id="4122-sasl-cram-md5-authentication">4.1.2.2 - SASL CRAM-MD5 Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4122-sasl-cram-md5-authentication">4.1.2.2 - SASL CRAM-MD5 Authentication<a class="headerlink" href="#4122-sasl-cram-md5-authentication" title="Permanent link">&para;</a></h1>
 <p>The <strong>CRAM-MD5</strong> <strong>SASL</strong> mechanism is defined by <a href="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</a>.</p>
 <p>We will have an exchange between the client, which will send an empty <em>Bind request</em> (i.e., the username and credentials won't be sent the first time), and the server will return a challenge.</p>
 <DIV class="warning" markdown="1">
 It's not recommended to use this mechanism.
 </DIV>
 
-<h2 id="usage">Usage</h2>
+<h2 id="usage">Usage<a class="headerlink" href="#usage" title="Permanent link">&para;</a></h2>
 <p>The client first send a <em>BindRequest</em> with no credentials:</p>
 <div class="codehilite"><pre>MessageType : BIND_REQUEST
 Message ID : 1

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html Sun Jul  5 22:34:35 2015
@@ -169,13 +169,24 @@
     </div>
 
 
-<h1 id="4123-sasl-digest-md5-authentication">4.1.2.3 - SASL DIGEST-MD5 Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4123-sasl-digest-md5-authentication">4.1.2.3 - SASL DIGEST-MD5 Authentication<a class="headerlink" href="#4123-sasl-digest-md5-authentication" title="Permanent link">&para;</a></h1>
 <p>The <strong>DIGEST-MD5</strong> <strong>SASL</strong> mechanism is defined by <a href="http://www.ietf.org/rfc/rfc2829.txt">RFC 2829</a>, which has been moved to an <em>historic</em> status by <a href="http://www.ietf.org/rfc/rfc6631.txt">RFC 6331</a>, due to its intrinsic weaknesses.</p>
 <DIV class="warning" markdown="1">
 It's not recommended to use this mechanism.
 </DIV>
 
-<h2 id="usage">Usage</h2>
+<h2 id="usage">Usage<a class="headerlink" href="#usage" title="Permanent link">&para;</a></h2>
 <p>As for <strong>CRAM-MD5</strong> mechanism, there is an exchange between the server and the client. First, the client sends a <em>BindRequest</em> with no credentials :</p>
 <div class="codehilite"><pre>MessageType : BIND_REQUEST
 Message ID : 1
@@ -234,7 +245,7 @@ qop = auth
 </pre></div>
 
 
-<h2 id="server-configuration">Server configuration</h2>
+<h2 id="server-configuration">Server configuration<a class="headerlink" href="#server-configuration" title="Permanent link">&para;</a></h2>
 <p>There are a few parameters we need to configure on the server to allow this mechanism to work. First, we need to define the <em>searchBaseDn</em>, which describes where will the server look for entries having the <strong>UID</strong> attributeType. This is a part of the <em>ldapServer</em> configuration :</p>
 <p><img alt="ApacheDS SASL searchBaseDn Configuration" src="images/sasl-digest-md5-config.png" /></p>
 <p>This parameter (<em>ads_searchBaseDn</em> attributeType) can be found on the following entry :</p>

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="4124-sasl-gssapi-authentication">4.1.2.4 - SASL GSSAPI Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4124-sasl-gssapi-authentication">4.1.2.4 - SASL GSSAPI Authentication<a class="headerlink" href="#4124-sasl-gssapi-authentication" title="Permanent link">&para;</a></h1>
 <p>This authentication mechanism is specified in the following RFCs :</p>
 <div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4752<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">tools</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">rfc4752</span><span class="p">)</span>
 </pre></div>
@@ -177,9 +188,9 @@
 
 <p>It's more specifically used for Kerberos V5 authentication. As <strong>Apache Directory Server</strong> is also a <em>Kerberos Server</em>, it comes as a natural extension of the server.</p>
 <p>It requires some configuration though. </p>
-<h2 id="configuration">Configuration</h2>
+<h2 id="configuration">Configuration<a class="headerlink" href="#configuration" title="Permanent link">&para;</a></h2>
 <p>The idea is for the <strong>LDAP</strong> server to delegate the authentication  to the <strong>Kerberos</strong> Server.</p>
-<h2 id="usage">Usage</h2>
+<h2 id="usage">Usage<a class="headerlink" href="#usage" title="Permanent link">&para;</a></h2>
 <p>MessageType : BIND_REQUEST
 Message ID : 1
     BindRequest

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="4125-sasl-external-authentication">4.1.2.5 - SASL EXTERNAL Authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="4125-sasl-external-authentication">4.1.2.5 - SASL EXTERNAL Authentication<a class="headerlink" href="#4125-sasl-external-authentication" title="Permanent link">&para;</a></h1>
 
 
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.html Sun Jul  5 22:34:35 2015
@@ -169,6 +169,17 @@
     </div>
 
 
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
 <p>Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
@@ -185,7 +196,7 @@
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.</p>
-<h1 id="4126-sasl-ntlm-authentication">4.1.2.6 - SASL NTLM Authentication</h1>
+<h1 id="4126-sasl-ntlm-authentication">4.1.2.6 - SASL NTLM Authentication<a class="headerlink" href="#4126-sasl-ntlm-authentication" title="Permanent link">&para;</a></h1>
 
 
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.3-kerberos-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.3-kerberos-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.3-kerberos-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="413-kerberos-authentication">4.1.3 - Kerberos authentication</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="413-kerberos-authentication">4.1.3 - Kerberos authentication<a class="headerlink" href="#413-kerberos-authentication" title="Permanent link">&para;</a></h1>
 
 
     <div class="nav">

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.4-certificate-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.4-certificate-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.4-certificate-authn.html Sun Jul  5 22:34:35 2015
@@ -169,7 +169,18 @@
     </div>
 
 
-<h1 id="414-client-authentication-through-certificates">4.1.4 - Client authentication through certificates</h1>
+<style type="text/css">
+/* The following code is added by mdx_elementid.py
+   It was originally lifted from http://subversion.apache.org/style/site.css */
+/*
+ * Hide class="elementid-permalink", except when an enclosing heading
+ * has the :hover property.
+ */
+.headerlink, .elementid-permalink {
+  visibility: hidden;
+}
+h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
+<h1 id="414-client-authentication-through-certificates">4.1.4 - Client authentication through certificates<a class="headerlink" href="#414-client-authentication-through-certificates" title="Permanent link">&para;</a></h1>
 
 
     <div class="nav">



Mime
View raw message