Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A49B6D67B for ; Wed, 15 May 2013 15:33:33 +0000 (UTC) Received: (qmail 43575 invoked by uid 500); 15 May 2013 15:33:33 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 43532 invoked by uid 500); 15 May 2013 15:33:33 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 43525 invoked by uid 99); 15 May 2013 15:33:33 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 May 2013 15:33:33 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 15 May 2013 15:33:29 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 3560A23889F1; Wed, 15 May 2013 15:33:08 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1482903 - /directory/site/trunk/content/apacheds/advanced-ug/ Date: Wed, 15 May 2013 15:33:07 -0000 To: commits@directory.apache.org From: elecharny@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130515153308.3560A23889F1@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: elecharny Date: Wed May 15 15:33:07 2013 New Revision: 1482903 URL: http://svn.apache.org/r1482903 Log: some more link fixed and formatted pages Added: directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext - copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext - copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext - copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext - copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext - copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext Removed: directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext) URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext (original) +++ directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext Wed May 15 15:33:07 2013 @@ -1,10 +1,10 @@ -Title: 4.5.3 Enabling Access Control -NavPrev: 4.5.2-definitions.html -NavPrevText: 4.5.2 - Definitions -NavUp: 4.5-authorization.html -NavUpText: 4.5 - Authorization -NavNext: 4.5.4-aci-types.html -NavNextText: 4.5.4 Aci Types +Title: 4.2.3 Enabling Access Control +NavPrev: 4.2.2-definitions.html +NavPrevText: 4.2.2 - Definitions +NavUp: 4.2-authorization.html +NavUpText: 4.2 - Authorization +NavNext: 4.2.4-aci-types.html +NavNextText: 4.2.4 Aci Types Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information @@ -23,5 +23,6 @@ Notice: Licensed to the Apache Software under the License. -Title: 4.5.3 Enabling Access Control -{scrollbar} +# 4.2.3 Enabling Access Control + +TODO... \ No newline at end of file Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext) URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext (original) +++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext Wed May 15 15:33:07 2013 @@ -1,10 +1,10 @@ -Title: 4.5.4 ACI types -NavPrev: 4.5.3-enabling-access-control.html -NavPrevText: 4.5.3 - Enabling Access Control -NavUp: 4.5-authorization.html -NavUpText: 4.5 - Authorization -NavNext: 4.5.5-aci-elements.html -NavNextText: 4.5.5 Aci Elements +Title: 4.2.4 ACI types +NavPrev: 4.2.3-enabling-access-control.html +NavPrevText: 4.2.3 - Enabling Access Control +NavUp: 4.2-authorization.html +NavUpText: 4.2 - Authorization +NavNext: 4.2.5-aci-elements.html +NavNextText: 4.2.5 Aci Elements Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information @@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software specific language governing permissions and limitations under the License. - +# 4.2.4 ACI types Three different types of ACI exist. All types use the same specification syntax for an ACIITem. These types differ in their placement and manner of @@ -30,6 +30,6 @@ use within the directory. ## Chapter content -* [4.5.4.1 - Entry Aci](4.5.4.1-entryaci.html) -* [4.5.4.2 - Prescriptive Aci](4.5.4.2-prescriptiveaci.html) -* [4.5.4.3 - Subentry Aci](4.5.4.3-subentryaci.html) +* [4.2.4.1 - Entry Aci](4.2.4.1-entryaci.html) +* [4.2.4.2 - Prescriptive Aci](4.2.4.2-prescriptiveaci.html) +* [4.2.4.3 - Subentry Aci](4.2.4.3-subentryaci.html) Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext) URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext (original) +++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext Wed May 15 15:33:07 2013 @@ -1,10 +1,10 @@ -Title: 4.5.4.1 EntryACI -NavPrev: 4.5.4-aci-types.html -NavPrevText: 4.5.4 - Aci Types -NavUp: 4.5.4-aci-types.html -NavUpText: 4.5.4 - Aci Types -NavNext: 4.5.4.2-prescriptiveaci.html -NavNextText: 4.5.4.2 Prescriptive Aci +Title: 4.2.4.1 EntryACI +NavPrev: 4.2.4-aci-types.html +NavPrevText: 4.2.4 - Aci Types +NavUp: 4.2.4-aci-types.html +NavUpText: 4.2.4 - Aci Types +NavNext: 4.2.4.2-prescriptiveaci.html +NavNextText: 4.2.4.2 Prescriptive Aci Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information @@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software specific language governing permissions and limitations under the License. - +# 4.2.4.1 EntryACI Entry ACI are access controls added to entries to protect that entry @@ -31,11 +31,10 @@ resides. When performing an operation on presence of the multivalued operational attribute, *entryACI*. The values of the entryACI attribute contain ACIItems. -{note} - +
There is one exception to the rule of consulting entryACI attributes within ApacheDS: add operations do not consult the entryACI within the entry being added. This is a security precaution. (??? Check this sentence) If allowed users can arbitrarily add entries where they wanted by putting entryACI into the new entry being added. This could compromise the DSA. -{note} +
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext) URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext (original) +++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext Wed May 15 15:33:07 2013 @@ -1,10 +1,10 @@ -Title: 4.5.4.2 PrescriptiveACI -NavPrev: 4.5.4.1-entryaci.html -NavPrevText: 4.5.4.1 - Entry Aci -NavUp: 4.5.4-aci-types.html -NavUpText: 4.5.4 - Aci Types -NavNext: 4.5.4.3-subentryaci.html -NavNextText: 4.5.4.3 Subentry Aci +Title: 4.2.4.2 PrescriptiveACI +NavPrev: 4.2.4.1-entryaci.html +NavPrevText: 4.2.4.1 - Entry Aci +NavUp: 4.2.4-aci-types.html +NavUpText: 4.2.4 - Aci Types +NavNext: 4.2.4.3-subentryaci.html +NavNextText: 4.2.4.3 Subentry Aci Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information @@ -22,12 +22,14 @@ Notice: Licensed to the Apache Software specific language governing permissions and limitations under the License. +# 4.2.4.2 PrescriptiveACI + Prescriptive ACI are access controls that are applied to a collection of entries, not just to a single entry. Collections of entries are defined by the subtreeSpecifications of subentries. Hence prescriptive ACI are added to subentries as attributes and are applied by ApacheDS to the entries selected by the subentry's subtreeSpecification. ApacheDS uses the -*prescriptiveACI* multivalued operational attribute within subentries to +**prescriptiveACI** multivalued operational attribute within subentries to contain ACIItems that apply to the entry collection. Prescriptive ACI can save much effort when trying to control access to a @@ -42,7 +44,8 @@ Users should try to avoid entry ACIs whe prescriptive ACIs instead. Entry ACIs are more for managing exceptional cases and should not be used excessively. -{info:title=How it works!} +
+**How it works!** For every type of LDAP operation, ApacheDS checks to see if any access control subentries include the protected entry in their collection. The set of subentries which include the protected entry are discovered very rapidly @@ -56,4 +59,4 @@ ACI information in a special form called ACIItem parsing and conversion to an optimal representations for evaluation is not required at access time. This way access based on prescriptive ACIs is determined very rapidly. -{info} +
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext) URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff ============================================================================== --- directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext (original) +++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext Wed May 15 15:33:07 2013 @@ -1,10 +1,10 @@ -Title: 4.5.4.3 SubentryACI -NavPrev: 4.5.4.2-prescriptiveaci.html -NavPrevText: 4.5.4.2 - Prescriptive Aci -NavUp: 4.5.4-aci-types.html -NavUpText: 4.5.4 - Aci Types -NavNext: 4.5.5-aci-elements.html -NavNextText: 4.5.5 Aci Elements +Title: 4.2.4.3 SubentryACI +NavPrev: 4.2.4.2-prescriptiveaci.html +NavPrevText: 4.2.4.2 - Prescriptive Aci +NavUp: 4.2.4-aci-types.html +NavUpText: 4.2.4 - Aci Types +NavNext: 4.2.5-aci-elements.html +NavNextText: 4.2.5 Aci Elements Notice: Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information @@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software specific language governing permissions and limitations under the License. - +# 4.2.4.3 SubentryACI Access to subentries also needs to be controlled. Subentries are special in ApacheDS. Although they subordinate to an administrative entry (entry of an