Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4B308200CE3 for ; Sun, 13 Aug 2017 09:44:24 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 49736164932; Sun, 13 Aug 2017 07:44:24 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 918AD164930 for ; Sun, 13 Aug 2017 09:44:23 +0200 (CEST) Received: (qmail 46221 invoked by uid 500); 13 Aug 2017 07:44:22 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 46212 invoked by uid 99); 13 Aug 2017 07:44:22 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 13 Aug 2017 07:44:22 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 375E03A04A5 for ; Sun, 13 Aug 2017 07:44:22 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1016727 - in /websites/staging/directory/trunk/content: ./ apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html Date: Sun, 13 Aug 2017 07:44:22 -0000 To: commits@directory.apache.org From: buildbot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20170813074422.375E03A04A5@svn01-us-west.apache.org> archived-at: Sun, 13 Aug 2017 07:44:24 -0000 Author: buildbot Date: Sun Aug 13 07:44:22 2017 New Revision: 1016727 Log: Staging update by buildbot for directory Modified: websites/staging/directory/trunk/content/ (props changed) websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html Propchange: websites/staging/directory/trunk/content/ ------------------------------------------------------------------------------ --- cms:source-revision (original) +++ cms:source-revision Sun Aug 13 07:44:22 2017 @@ -1 +1 @@ -1803383 +1804881 Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html ============================================================================== --- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html (original) +++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html Sun Aug 13 07:44:22 2017 @@ -186,6 +186,11 @@ h2:hover > .headerlink, h3:hover > .head

Partition and Access Control Area Setup

For this example we presume you have setup a partition at the namingContext dc=example,dc=com and have turned on access controls. Now you want to grant browse and read access to entries and their attributes.

Before you can add a subentry with the prescriptiveACI you'll need to create an administrative area. For now we'll make the root of the partition the Administrative Point (AP). Every entry including this entry and those underneath will be part of the autonomous administrative area for managing access controls. To do this we must add the administrativeRole operational attribute to the AP entry.

+
+Reminder... +Don't't forget to check the 'fetch subentries' and 'fetch operational attributes' in your connection's browser option tab, otherwise some parts of the following tutorial will not appear ! +
+

AdministrationPoint setup

In our case, the dc=example,dc=com context entry has to contain the administrativeRole attribute, with the accessControlSpecificArea value.

Let's first connect to the server using the admin user, and select the dc=example,dc=com entry :