You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2013/06/21 12:04:40 UTC
svn commit: r866770 [2/9] - in /websites/staging/directory/trunk/content: ./ apacheds/ apacheds/advanced-ug/ apacheds/basic-ug/ apacheds/configuration/ apacheds/kerberos-ug/ api/ api/gen-docs/ api/gen-docs/latest/ api/groovy-api/ api/user-guide/ studio/

Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html Fri Jun 21 10:04:38 2013
@@ -140,11 +140,14 @@
 <h1 id="43-password-policy">4.3. Password Policy</h1>
 <p>The <strong>Password Policy for LDAP Directories</strong> is a <strong><a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">RFC</a></strong> draft that has been designed for the very first version in 1999, and the latest version is from 2009. Although it's still a draft, and it's currently noted as inactive, it has been implemented by many existing <strong>LDAP</strong> servers.</p>
 <p><strong>ApacheDS</strong> implements most of the draft.</p>
-<p><DIV class="warning" markdown="1">
-Enforcing a strict passowrd policy is extremely punitive to users. It may leads users to workaround the policy by storing their password in a post-it, a workaround that will defeat any password policy...</p>
-<p>Always try to think about better alternatives than force users to always define a password with 10 or more characters, including numbers, upper and lower case, special chars, and to change it every month...</p>
-<p>A long sentence (4 or 5 words), like "The horse has won the race three time" is most certainly a better passowrd than any other combinaison, and is easy to remember...
-</DIV></p>
+<DIV class="warning" markdown="1">
+Enforcing a strict passowrd policy is extremely punitive to users. It may leads users to workaround the policy by storing their password in a post-it, a workaround that will defeat any password policy...
+
+Always try to think about better alternatives than force users to always define a password with 10 or more characters, including numbers, upper and lower case, special chars, and to change it every month...
+
+A long sentence (4 or 5 words), like "The horse has won the race three time" is most certainly a better passowrd than any other combinaison, and is easy to remember...
+</DIV>
+
 <h2 id="what-is-a-password-policy">What is a password policy ?</h2>
 <p>As explained on <a href="http://en.wikipedia.org/wiki/Password_policy">wikipedia</a>:</p>
 <div class="codehilite"><pre>A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords 
@@ -164,11 +167,11 @@ and use them properly.
 <p>The <em>Password Policy</em> can be configured in two ways.
 First of all, it's important to know that it's activated by default. Let's see the default configuration first.</p>
 <p>There is an entry containing all the default configuration values for the <em>Password Policy</em>, under the DN <strong>"ou=passwordPolicies, ads-interceptorId=authenticationInterceptor, ou=interceptors, ads-directoryServiceId=&lt;default&gt;, ou=config"</strong>, which corresponds to the following hierarchy:</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="n">ou</span><span class="o">=</span><span class="n">config</span>
-    <span class="o">*</span> <span class="n">ads</span><span class="o">-</span><span class="n">directoryServiceId</span><span class="o">=</span><span class="sr">&lt;default&gt;</span>
-        <span class="o">*</span> <span class="n">ou</span><span class="o">=</span><span class="n">interceptors</span>
-            <span class="o">*</span> <span class="n">ads</span><span class="o">-</span><span class="n">interceptorId</span><span class="o">=</span><span class="n">authenticationInterceptor</span>
-                <span class="o">*</span> <span class="n">ou</span><span class="o">=</span><span class="n">passwordPolicies</span>
+<div class="codehilite"><pre><span class="o">*</span> <span class="n">ou</span><span class="p">=</span><span class="n">config</span>
+    <span class="o">*</span> <span class="n">ads</span><span class="o">-</span><span class="n">directoryServiceId</span><span class="p">=</span><span class="o">&lt;</span><span class="n">default</span><span class="o">&gt;</span>
+        <span class="o">*</span> <span class="n">ou</span><span class="p">=</span><span class="n">interceptors</span>
+            <span class="o">*</span> <span class="n">ads</span><span class="o">-</span><span class="n">interceptorId</span><span class="p">=</span><span class="n">authenticationInterceptor</span>
+                <span class="o">*</span> <span class="n">ou</span><span class="p">=</span><span class="n">passwordPolicies</span>
 </pre></div>
 
 
@@ -310,9 +313,10 @@ ads-pwdSafeModify: FALSE
 </pre></div>
 
 
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
 All the configured delays are stored in seconds. As a rule of thumb, a day is 86400 seconds, a week is 604800 seconds and a month can be 2419200 seconds or 2505600 seconds (february normal and leap years), 2592000 seconds (april, june, september, november) and 2678400 (january, march, may, july, august, october and december)
-</DIV></p>
+</DIV>
+
 <p>In the draft, it is said that the passwordPolicy can apply to one user or to many. It's also suggested that some <em>Administrative Area</em> could be used for that purpose : the users present in such an area will be constrained but the associated <em>PasswordPolicy</em>. At the moment, <strong>ApacheDS</strong> does not implement such a mechanism, and will rely on either the global configuration, stored in the <em>ou=config</em> partition, or we can define a specific <em>Password Policy</em> for a user. In this case, we will store in each user the reference to the <em>Password Policy</em> to use into the <em>pwdPolicySubentry</em> attribute (it contains a reference -a <strong>DN</strong> - to an entry storing the specific configuration).</p>
 <p>This specific configuration is stored into an entry having the <em>pwdPolicy</em> Auxiliary ObjectClass, which description is :</p>
 <div class="codehilite"><pre>( 1.3.6.1.4.1.42.2.27.8.2.1
@@ -329,9 +333,10 @@ All the configured delays are stored in 
 </pre></div>
 
 
-<p><DIV class="warning" markdown="1">
-Note that the specification allows the administrator to apply the password policy on any attribute, with a default value of <em>userPassword</em> ApacheDS does not yet allow the use of another Attribute.
-</DIV></p>
+<DIV class="warning" markdown="1">
+Note that the specification allows the administrator to apply the password policy on any attribute, with a default value of _userPassword_ ApacheDS does not yet allow the use of another Attribute.
+</DIV>
+
 <h4 id="enablingdisabling-the-passwordpolicy">Enabling/Disabling the PasswordPolicy</h4>
 <p>The <em>PasswordPolicy</em> is enabled by default. It's possible to disable it by setting the <em>ads-enabled</em> value to FALSE, with a server restart.</p>
 <h2 id="password-protection">Password protection</h2>
@@ -345,13 +350,15 @@ Note that the specification allows the a
 </ul>
 <p>When the account is locked, it can remain locked, or be unlocked after a grace period.</p>
 <h4 id="attempts-counter">Attempts counter</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdLockout, ads-pwdMaxFailure, ads-pwdLockoutDuration
-</DIV></p>
+</DIV>
+
 <p>Each failed attempt will be logged in the entry, in the <em>ads-pwdFailureTime</em> Attribute (it will contain the date and time of the attempt). When the attribute contains more values than the maximum number of failed attempts, the entry will be locked (the <em>ads-pwdAccountLockedTime</em> Attribute will contain the date and time the entry has been locked).</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
 In order to activate this control the ads-pwdLockout parameter must be set to TRUE.
-</DIV></p>
+</DIV>
+
 <p>The following table expose the various possible cases, with three failed attempts: </p>
 <table>
 <thead>
@@ -417,23 +424,26 @@ In order to activate this control the ad
 </table>
 <p>As we can see, the account is locked only when we reach the number of failure, and the <em>ads-pwdLockout</em> flag is TRUE. If the <em>ads-pwdLockoutDuration</em> flag is set, then the password will remain locked for the delay stored in this attribute.</p>
 <h4 id="delayed-login">Delayed login</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdLockout, ads-pwdMaxFailure, ads-pwdLockoutDuration
-</DIV></p>
+</DIV>
+
 <p>When we have reached a number of failed attempt, the account will be locked. We can set another attribute to tell the server that the locked out account can be unlocked afer a delay: the <em>ads-pwdLockoutDuration</em> Attribute stores this delay.</p>
 <p>When the account is locked, no further attempt will succeed, even if the correct password is sent. After the delay, the user will be unlocked.</p>
 <h4 id="purging-failures">Purging failures</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdFailureCountInterval
-</DIV></p>
+</DIV>
+
 <p>As we store all the failures within the entry, at some point we may want to purge those failures. This is done either because we have successfully logged, or because the <em>ads-pwdFailureCountInterval</em> value has expired. In this last case, all the failures older than the current time minus the set interval will be removed.</p>
 <h3 id="password-checks-and-strength-enforcement">Password checks and strength enforcement</h3>
 <p>Those rules are used to enforce some constraints on the password, so that weak passwords can't be used.</p>
 <h4 id="quality-check-policy">Quality Check policy</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdQualityCheck<br>
 Default value: 1
-</DIV></p>
+</DIV>
+
 <p>The system can be enabled or disabled, and when enabled, two different level of checks can be done: relaxed or strict.
 We use a parameter to specify the kind of check we do on the password: <em>ads-pwdCheckQuality</em>, which can take three values:</p>
 <ul>
@@ -442,61 +452,72 @@ We use a parameter to specify the kind o
 <li>2: The password is checked, and if it's hashed or in a form that does not allow the checks to be done, then the changes are rejected.</li>
 </ul>
 <h4 id="password-history">Password History</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdInHistory
-</DIV></p>
+</DIV>
+
 <p>The server can keep a backlog of passwords, so that a user can't keep a password for ever. When requested to do so the user will have to change his/her password, and the old password will be stored in the user's entry password history.</p>
 <p>We can specify the number of passwords we keep in the password history by configuring the <em>ads-pwdInHistory</em> attribute.</p>
 <h4 id="minimum-delay-between-modifications">Minimum delay between modifications</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdMinAge
-</DIV></p>
+</DIV>
+
 <p>When the password history is activated, some users may change their passwords many times to get their old password out of the history, and add it as their password again.  Setting a delay between two password changes may protect the password against such action.</p>
 <p>The <em>ads-pwdMinAge</em> attribute is used for this purpose, and it keeps a value in seconds.</p>
 <h4 id="password-length-constraint">Password length constraint</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attributes: ads-pwdMinLength and ads-pwdMaxLength
-</DIV></p>
+</DIV>
+
 <p>You can control the minimum and maximum length for a password by setting the <em>ads-pwdMinLength</em> and <em>ads-pwdMaxLength</em> attributes.</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
 Setting a password max length is most certainly a waste of time. It's very likely that this parameter has been added to the specification for the sake of symetry...
-</DIV></p>
+</DIV>
+
 <h3 id="password-lifecycle-management">Password lifecycle management</h3>
 <p>We now have to expose the rules that apply to the password during it's life.</p>
 <h4 id="password-max-age">Password max age</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attribute: ads-pwdMaxAge
-</DIV></p>
+</DIV>
+
 <p>A password may have a limited life expectation, and when this age is reached, the password will be invalidated. This is configured through the <em>ads-pwdMaxAge</em> parameter, which contains the number of second a password will last.</p>
 <p>This password invalidation can be overruled by the two next parameters.</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
 This parameter works hands in hands with some othe rparameter, like the ads-pwdGraceAuthNLimit and ads-GraceExpire. If those parameters are set too, you may get some different delay for your password expiration.
-</DIV></p>
+</DIV>
+
 <h4 id="password-grace-auth-n-limit">Password grace auth N limit</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attribute: ads-pwdGraceAuthNLimit
-</DIV></p>
+</DIV>
+
 <p>When the password has expired, this parameter (<em>ads-pwdGraceAuthNLimit</em>) tells how many times a user will still be allowed to bind before the password is definitively locked. Each attempt will decrement the associated counter.</p>
 <h4 id="password-grace-expire">Password grace Expire</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attribute: ads-pwdGraceExpire
-</DIV></p>
+</DIV>
+
 <p>Another option when the password has expired is to give the user the possibility to log in during a certain period of time. This is mainly useful when the <em>ads-pwdGraceAuthNLimit</em> is set: not only there is a limited number of attempts, but those attempts must be done in a limited period of time, ortherwise the password will be locked.</p>
 <p>If the configuration of the <em>ads-pwdGraceAuthNLimit</em> is 0, the <em>ads-pwdGraceExpire</em> value is simply added to the <em>ads-pwdMaxAge</em> value.</p>
 <h4 id="idle-password">Idle Password</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attribute: ads-pwdMaxIdle
-</DIV></p>
+</DIV>
+
 <p>You can set a maximum inactivity delay for a password, before this password expires. This is set using the <em>ads-pwdMaxIdle</em> parameter</p>
 <h4 id="expiration-warning">Expiration warning</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attribute: ads-pwdExpireWarning
-</DIV></p>
+</DIV>
+
 <p>The <em>ads-pwdExpireWarning</em> parameter will be used to send back a warning if the password if the password is going to expire in a given delay. This is convenient as soon as the client sends the <em>PasswordPolicy</em>  control to the server, and as soon as the client reads the response's control.</p>
 <h4 id="allow-user-changes">Allow user changes</h4>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
 Impacted Attribute: ads-pwdAllowUserChange
-</DIV></p>
+</DIV>
+
 <p>The <em>ads-pwdAllowUserChange</em> parameter can be used to allow - or forbid - a user to change his/her own password. When this parameter is set to <em>TRUE</em>, the user can't change his/her password.</p>
 <h3 id="not-supported-parameters">Not supported parameters</h3>
 <p>A few parameters are described in the specification, but aren't supported. Here is the list :</p>

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html Fri Jun 21 10:04:38 2013
@@ -167,9 +167,9 @@
 
 
 <p>this should response something like:</p>
-<div class="codehilite"><pre><span class="n">java</span> <span class="n">version</span> <span class="s">&quot;1.5.0_06&quot;</span>
-<span class="n">Java</span><span class="p">(</span><span class="n">TM</span><span class="p">)</span> <span class="mi">2</span> <span class="n">Runtime</span> <span class="n">Environment</span><span class="p">,</span> <span class="n">Standard</span> <span class="n">Edition</span> <span class="p">(</span><span class="n">build</span> <span class="mf">1.5.0_06</span><span class="o">-</span><span class="n">b05</span><span class="p">)</span>
-<span class="n">Java</span> <span class="n">HotSpot</span><span class="p">(</span><span class="n">TM</span><span class="p">)</span> <span class="n">Client</span> <span class="n">VM</span> <span class="p">(</span><span class="n">build</span> <span class="mf">1.5.0_06</span><span class="o">-</span><span class="n">b05</span><span class="p">,</span> <span class="n">mixed</span> <span class="n">mode</span><span class="p">)</span>
+<div class="codehilite"><pre><span class="n">java</span> <span class="n">version</span> &quot;1<span class="p">.</span>5<span class="p">.</span>0<span class="n">_06</span>&quot;
+<span class="n">Java</span><span class="p">(</span><span class="n">TM</span><span class="p">)</span> 2 <span class="n">Runtime</span> <span class="n">Environment</span><span class="p">,</span> <span class="n">Standard</span> <span class="n">Edition</span> <span class="p">(</span><span class="n">build</span> 1<span class="p">.</span>5<span class="p">.</span>0<span class="n">_06</span><span class="o">-</span><span class="n">b05</span><span class="p">)</span>
+<span class="n">Java</span> <span class="n">HotSpot</span><span class="p">(</span><span class="n">TM</span><span class="p">)</span> <span class="n">Client</span> <span class="n">VM</span> <span class="p">(</span><span class="n">build</span> 1<span class="p">.</span>5<span class="p">.</span>0<span class="n">_06</span><span class="o">-</span><span class="n">b05</span><span class="p">,</span> <span class="n">mixed</span> <span class="n">mode</span><span class="p">)</span>
 </pre></div>
 
 
@@ -208,12 +208,12 @@
 <h3 id="starting-and-stopping-the-server_1">Starting and stopping the server</h3>
 <p>On Mac OS X, Apache DS is installed as a <a href="http://developer.apple.com/macosx/launchd.html">launchd</a> service and is loaded at startup time (and upon successful installation).</p>
 <p>You can stop the server by unloading the launchd service with the following command line:</p>
-<div class="codehilite"><pre><span class="n">sudo</span> <span class="n">launchctl</span> <span class="n">unload</span> <span class="sr">/Library/</span><span class="n">LaunchDaemons</span><span class="o">/</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">plist</span>
+<div class="codehilite"><pre><span class="n">sudo</span> <span class="n">launchctl</span> <span class="n">unload</span> <span class="o">/</span><span class="n">Library</span><span class="o">/</span><span class="n">LaunchDaemons</span><span class="o">/</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">plist</span>
 </pre></div>
 
 
 <p>You can start the server by loading the launchd service with the following command line:</p>
-<div class="codehilite"><pre><span class="n">sudo</span> <span class="n">launchctl</span> <span class="n">load</span> <span class="sr">/Library/</span><span class="n">LaunchDaemons</span><span class="o">/</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">plist</span>
+<div class="codehilite"><pre><span class="n">sudo</span> <span class="n">launchctl</span> <span class="n">load</span> <span class="o">/</span><span class="n">Library</span><span class="o">/</span><span class="n">LaunchDaemons</span><span class="o">/</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">plist</span>
 </pre></div>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.1-changing-server-port.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.1-changing-server-port.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.1-changing-server-port.html Fri Jun 21 10:04:38 2013
@@ -157,9 +157,10 @@
 </div>
 <h2 id="the-task-and-how-to-accomplish-it">The task and how to accomplish it</h2>
 <p>By default the LDAP server listens on port 10389 (unencrypted or StartTLS) and 10636 (SSL). It is quite common to run LDAP on 389, which is the well-known port for this protocol, but that requires the server to be started with a root user (or with sudo). Of course other options are imaginable as well. Changing the LDAP port is a good example for adjusting the existing Spring configuration as introduced in the last section.</p>
-<p><DIV class="note" markdown="1">
+<DIV class="note" markdown="1">
 Due to traditional Unix security restrictions, ports less than 1024 were "trusted". Thus on a Unix-System, a non-root process must listen on a port greater than 1023.
-</DIV></p>
+</DIV>
+
 <p>Basically, there are two cases :
 <em> The server is not started
 </em> The server is started</p>
@@ -182,53 +183,55 @@ Due to traditional Unix security restric
 <img alt="Studio port configuration" src="images/studio-port-config2.png" />
 </CENTER></p>
 <p>You can update the <em>ports</em> and save the file.</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
     Note that you will requite write access on this file !
-</DIV></p>
+</DIV>
+
 <h3 id="modifying-the-configuration-ldif-partition">Modifying the configuration LDIF partition</h3>
 <p>All the <strong>ApacheDS</strong> configuration is stored as a LDIF file, and can be modified either using a text editor (although we don't consider this as a safe practice) or using a Modify request on a running server. </p>
-<p><DIV class="info" markdown="1">
-    Modifying the configuration on a running server will <strong>not</strong> change the listening port of the running server. You will have to relaunch the server in order to get this new configuration to be available.
-</DIV></p>
+<DIV class="info" markdown="1">
+    Modifying the configuration on a running server will **not** change the listening port of the running server. You will have to relaunch the server in order to get this new configuration to be available.
+</DIV>
+
 <p>The configuration is stored as a set of LDAP entries, so you can update one of them. In order to modify the entry containing the ports, you have first to find it, and second to send a valid modify request.</p>
 <p>All the <strong>ApacheDS</strong> configuration is stored under the <em>ou=config</em> partition. The ports are stored in some entries under <em>DN: ldap,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config</em> (obviously, dependning on your installation, this DN might change : the <em>ads-directoryServiceId</em> may have a different name, so is the <em>ads-serverId</em>). In any case, the <em>ou=transports</em> branch contains two entries :</p>
 <p>for LDAP :</p>
-<div class="codehilite"><pre><span class="err">dn:</span> <span class="err">ads-transportid=ldap,ou=transports,ads-serverId=ldapServer,ou=servers,ad</span>
- <span class="err">s-directoryServiceId=default,ou=config</span>
-<span class="err">ads-systemport:</span> <span class="err">10389</span>
-<span class="err">ads-enabled:</span> <span class="err">TRUE</span>
-<span class="err">ads-transportnbthreads:</span> <span class="err">8</span>
-<span class="err">ads-transportaddress:</span> <span class="err">0.0.0.0</span>
-<span class="err">ads-transportid:</span> <span class="err">ldap</span>
-<span class="err">object</span><span class="kd">class</span><span class="err">:</span> <span class="err">ads-transport</span>
-<span class="err">objectclass:</span> <span class="err">ads-tcpTransport</span>
-<span class="err">objectclass:</span> <span class="err">ads-base</span>
-<span class="err">objectclass:</span> <span class="err">top</span>
+<div class="codehilite"><pre><span class="n">dn</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">transportid</span><span class="o">=</span><span class="n">ldap</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">transports</span><span class="o">,</span><span class="n">ads</span><span class="o">-</span><span class="n">serverId</span><span class="o">=</span><span class="n">ldapServer</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">servers</span><span class="o">,</span><span class="n">ad</span>
+ <span class="n">s</span><span class="o">-</span><span class="n">directoryServiceId</span><span class="o">=</span><span class="k">default</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">config</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">systemport</span><span class="o">:</span> <span class="mi">10389</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">enabled</span><span class="o">:</span> <span class="n">TRUE</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">transportnbthreads</span><span class="o">:</span> <span class="mi">8</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">transportaddress</span><span class="o">:</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">transportid</span><span class="o">:</span> <span class="n">ldap</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">transport</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">tcpTransport</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">base</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">top</span>
 </pre></div>
 
 
 <p>and for LDAPS :</p>
-<div class="codehilite"><pre><span class="err">dn:</span> <span class="err">ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,a</span>
- <span class="err">ds-directoryServiceId=default,ou=config</span>
-<span class="err">ads-systemport:</span> <span class="err">10636</span>
-<span class="err">ads-transportenablessl:</span> <span class="err">TRUE</span>
-<span class="err">ads-enabled:</span> <span class="err">TRUE</span>
-<span class="err">ads-transportaddress:</span> <span class="err">0.0.0.0</span>
-<span class="err">ads-transportid:</span> <span class="err">ldaps</span>
-<span class="err">object</span><span class="kd">class</span><span class="err">:</span> <span class="err">ads-transport</span>
-<span class="err">objectclass:</span> <span class="err">ads-tcpTransport</span>
-<span class="err">objectclass:</span> <span class="err">ads-base</span>
-<span class="err">objectclass:</span> <span class="err">top</span>
+<div class="codehilite"><pre><span class="n">dn</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">transportid</span><span class="o">=</span><span class="n">ldaps</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">transports</span><span class="o">,</span><span class="n">ads</span><span class="o">-</span><span class="n">serverId</span><span class="o">=</span><span class="n">ldapServer</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">servers</span><span class="o">,</span><span class="n">a</span>
+ <span class="n">ds</span><span class="o">-</span><span class="n">directoryServiceId</span><span class="o">=</span><span class="k">default</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">config</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">systemport</span><span class="o">:</span> <span class="mi">10636</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">transportenablessl</span><span class="o">:</span> <span class="n">TRUE</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">enabled</span><span class="o">:</span> <span class="n">TRUE</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">transportaddress</span><span class="o">:</span> <span class="mf">0.0</span><span class="o">.</span><span class="mf">0.0</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">transportid</span><span class="o">:</span> <span class="n">ldaps</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">transport</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">tcpTransport</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">base</span>
+<span class="n">objectclass</span><span class="o">:</span> <span class="n">top</span>
 </pre></div>
 
 
 <p>You just have to send a ModifyRequest using such a LDIF :</p>
-<div class="codehilite"><pre><span class="err">dn:</span> <span class="err">ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads</span>
- <span class="err">-directoryServiceId=default,ou=config</span>
-<span class="err">changetype:</span> <span class="err">modify</span>
-<span class="err">replace:</span> <span class="err">ads-systemport</span>
-<span class="err">ads-systemport:</span> <span class="err">10637</span>
-<span class="err">-</span>
+<div class="codehilite"><pre><span class="n">dn</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">transportid</span><span class="o">=</span><span class="n">ldaps</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">transports</span><span class="o">,</span><span class="n">ads</span><span class="o">-</span><span class="n">serverId</span><span class="o">=</span><span class="n">ldapServer</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">servers</span><span class="o">,</span><span class="n">ads</span>
+ <span class="o">-</span><span class="n">directoryServiceId</span><span class="o">=</span><span class="k">default</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">config</span>
+<span class="n">changetype</span><span class="o">:</span> <span class="n">modify</span>
+<span class="n">replace</span><span class="o">:</span> <span class="n">ads</span><span class="o">-</span><span class="n">systemport</span>
+<span class="n">ads</span><span class="o">-</span><span class="n">systemport</span><span class="o">:</span> <span class="mi">10637</span>
+<span class="o">-</span>
 </pre></div>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.2-changing-admin-password.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.2-changing-admin-password.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.2-changing-admin-password.html Fri Jun 21 10:04:38 2013
@@ -164,8 +164,7 @@
 <h2 id="step-two-verification">Step two: Verification</h2>
 <p>Verify that you can login as admin with the new password. With Apache Directory Studio, you can change the properties of the existing connection profile via a right click in the <em>Connections</em> view and a selection of the <em>Properties</em> menu item. The following dialog appears:</p>
 <p><img alt="Connection Properties" src="images/connectionProperties.png" /></p>
-<p>Enter the new password and press <em>OK</em>. Establishing a connection should now work.<br />
-</p>
+<p>Enter the new password and press <em>OK</em>. Establishing a connection should now work.  </p>
 <h2 id="resources">Resources</h2>
 <ul>
 <li><a href="http://directory.apache.org/studio/">Apache Directory Studio</a>: The tool used in steps 1 and 2</li>

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.3-adding-partition.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.3-adding-partition.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.3-adding-partition.html Fri Jun 21 10:04:38 2013
@@ -167,11 +167,11 @@
 <p>The server has a new suffix now, but no context entry has been created for it. If you connect with an LDAP Browser (Apache Directory Studio for instance), the partition is only visible in the Root DSE. Below the Entry Editor of Directory Studio for the Root DSE after connecting to an ApacheDS instance configured like above.</p>
 <p><img alt="RootDSE" src="images/sevenseas-naming-context.png" /></p>
 <p>Before using the partition (e.g. adding entries), you have to add a context entry. If you plan to load LDIF data to your partition anyway, simply provide the context entry (the "root" of your partition) as a first data set. In our example it might look like this:</p>
-<div class="codehilite"><pre><span class="err">dn:</span> <span class="err">o=sevenSeas</span>
-<span class="err">o:</span> <span class="err">sevenSeas</span>
-<span class="err">objectClass:</span> <span class="err">top</span>
-<span class="err">objectClass:</span> <span class="err">organization</span>
-<span class="err">description:</span> <span class="err">The</span> <span class="err">context</span> <span class="err">entry</span> <span class="err">for</span> <span class="err">suffix</span> <span class="err">o=sevenSeas</span>
+<div class="codehilite"><pre><span class="n">dn</span><span class="o">:</span> <span class="n">o</span><span class="o">=</span><span class="n">sevenSeas</span>
+<span class="n">o</span><span class="o">:</span> <span class="n">sevenSeas</span>
+<span class="n">objectClass</span><span class="o">:</span> <span class="n">top</span>
+<span class="n">objectClass</span><span class="o">:</span> <span class="n">organization</span>
+<span class="n">description</span><span class="o">:</span> <span class="n">The</span> <span class="n">context</span> <span class="n">entry</span> <span class="k">for</span> <span class="n">suffix</span> <span class="n">o</span><span class="o">=</span><span class="n">sevenSeas</span>
 </pre></div>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.4-configure-logging.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.4-configure-logging.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.4-configure-logging.html Fri Jun 21 10:04:38 2013
@@ -168,28 +168,28 @@
 <p>By default, ApacheDS writes log files in the directory <em><APACHDS_HOME>/var/log/</em>. Besides stdout, a <a href="http://logging.apache.org/log4j/docs/api/org/apache/log4j/RollingFileAppender.html">RollingFileAppender</a> is used to collect warnings and errors. It backups the log files when they reach a certain size. </p>
 <p>Here is what the default configuration file <em>log4j.properties</em>, which is located in <em><APACHDS_HOME>/conf/</em>, looks like.
 The name of the <em>RollingFileAppender</em> is "R":</p>
-<div class="codehilite"><pre><span class="n">log4j</span><span class="o">.</span><span class="n">rootCategory</span><span class="o">=</span><span class="n">WARN</span><span class="p">,</span> <span class="n">stdout</span><span class="p">,</span> <span class="n">R</span>
+<div class="codehilite"><pre><span class="n">log4j</span><span class="p">.</span><span class="n">rootCategory</span><span class="p">=</span><span class="n">WARN</span><span class="p">,</span> <span class="n">stdout</span><span class="p">,</span> <span class="n">R</span>
 
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">stdout</span><span class="o">=</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">log4j</span><span class="o">.</span><span class="n">ConsoleAppender</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">layout</span><span class="o">=</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">log4j</span><span class="o">.</span><span class="n">PatternLayout</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">stdout</span><span class="p">=</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">log4j</span><span class="p">.</span><span class="n">ConsoleAppender</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="n">layout</span><span class="p">=</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">log4j</span><span class="p">.</span><span class="n">PatternLayout</span>
 
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">=</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">log4j</span><span class="o">.</span><span class="n">RollingFileAppender</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">File</span><span class="o">=</span><span class="n">apacheds</span><span class="o">-</span><span class="n">rolling</span><span class="o">.</span><span class="nb">log</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">=</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">log4j</span><span class="p">.</span><span class="n">RollingFileAppender</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">File</span><span class="p">=</span><span class="n">apacheds</span><span class="o">-</span><span class="n">rolling</span><span class="p">.</span><span class="nb">log</span>
 
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">MaxFileSize</span><span class="o">=</span><span class="mi">1024</span><span class="n">KB</span>
-<span class="c1"># Keep some backup files</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">MaxBackupIndex</span><span class="o">=</span><span class="mi">5</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">MaxFileSize</span><span class="p">=</span>1024<span class="n">KB</span>
+# <span class="n">Keep</span> <span class="n">some</span> <span class="n">backup</span> <span class="n">files</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">MaxBackupIndex</span><span class="p">=</span>5
 
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">layout</span><span class="o">=</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">log4j</span><span class="o">.</span><span class="n">PatternLayout</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">layout</span><span class="o">.</span><span class="n">ConversionPattern</span><span class="o">=</span><span class="p">[</span><span class="nv">%d</span><span class="p">{</span><span class="n">HH:mm:ss</span><span class="p">}]</span> <span class="nv">%p</span> <span class="p">[</span><span class="nv">%c</span><span class="p">]</span> <span class="o">-</span> <span class="nv">%m%n</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">layout</span><span class="p">=</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">log4j</span><span class="p">.</span><span class="n">PatternLayout</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">layout</span><span class="p">.</span><span class="n">ConversionPattern</span><span class="p">=[</span><span class="c">%d{HH:mm:ss}] %p [%c] - %m%n</span>
 
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">stdout</span><span class="o">.</span><span class="n">layout</span><span class="o">.</span><span class="n">ConversionPattern</span><span class="o">=</span><span class="p">[</span><span class="nv">%d</span><span class="p">{</span><span class="n">HH:mm:ss</span><span class="p">}]</span> <span class="nv">%p</span> <span class="p">[</span><span class="nv">%c</span><span class="p">]</span> <span class="o">-</span> <span class="nv">%m%n</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="n">layout</span><span class="p">.</span><span class="n">ConversionPattern</span><span class="p">=[</span><span class="c">%d{HH:mm:ss}] %p [%c] - %m%n</span>
 
-<span class="c1"># with these we&#39;ll not get innundated when switching to DEBUG</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">shared</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">name</span><span class="o">=</span><span class="n">WARN</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">springframework</span><span class="o">=</span><span class="n">WARN</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">shared</span><span class="o">.</span><span class="n">codec</span><span class="o">=</span><span class="n">WARN</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">shared</span><span class="o">.</span><span class="n">asn1</span><span class="o">=</span><span class="n">WARN</span>
+# <span class="n">with</span> <span class="n">these</span> <span class="n">we</span><span class="o">&#39;</span><span class="n">ll</span> <span class="n">not</span> <span class="n">get</span> <span class="n">innundated</span> <span class="n">when</span> <span class="n">switching</span> <span class="n">to</span> <span class="n">DEBUG</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">shared</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">name</span><span class="p">=</span><span class="n">WARN</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">springframework</span><span class="p">=</span><span class="n">WARN</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">shared</span><span class="p">.</span><span class="n">codec</span><span class="p">=</span><span class="n">WARN</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">shared</span><span class="p">.</span><span class="n">asn1</span><span class="p">=</span><span class="n">WARN</span>
 </pre></div>
 
 
@@ -231,12 +231,12 @@ The name of the <em>RollingFileAppender<
 <p>By default the log files are placed at <em><APACHDS_HOME>/var/log/</em>, but that can be changed.</p>
 <h4 id="linuxmacossolaris">Linux/MacOS/Solaris</h4>
 <p>On this systems the location of the log files is configured via an entry in <em>/bin/server.init</em>. Look for the following lines and change it to your preferences:</p>
-<div class="codehilite"><pre><span class="nv">$DAEMON_HOME</span><span class="o">/</span><span class="n">apacheds</span> <span class="o">\</span>
-<span class="o">...</span>
-<span class="o">-</span><span class="n">outfile</span> <span class="nv">$SERVER_HOME</span><span class="sr">/var/</span><span class="nb">log</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">stdout</span><span class="o">.</span><span class="nb">log</span> <span class="o">\</span>
-<span class="o">-</span><span class="n">errfile</span> <span class="nv">$SERVER_HOME</span><span class="sr">/var/</span><span class="nb">log</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">stderr</span><span class="o">.</span><span class="nb">log</span> <span class="o">\</span>
-<span class="o">...</span>    
-<span class="nv">$APACHEDS_HOME</span> <span class="n">start</span>
+<div class="codehilite"><pre>$<span class="n">DAEMON_HOME</span><span class="o">/</span><span class="n">apacheds</span> <span class="o">\</span>
+<span class="p">...</span>
+<span class="o">-</span><span class="n">outfile</span> $<span class="n">SERVER_HOME</span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">stdout</span><span class="p">.</span><span class="nb">log</span> <span class="o">\</span>
+<span class="o">-</span><span class="n">errfile</span> $<span class="n">SERVER_HOME</span><span class="o">/</span><span class="n">var</span><span class="o">/</span><span class="nb">log</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">stderr</span><span class="p">.</span><span class="nb">log</span> <span class="o">\</span>
+<span class="p">...</span>    
+$<span class="n">APACHEDS_HOME</span> <span class="n">start</span>
 </pre></div>
 
 
@@ -275,42 +275,42 @@ The name of the <em>RollingFileAppender<
 </tbody>
 </table>
 <p>The default (global) log level in the configuration is <em>WARN</em>. All messages of level WARN and more severe (ERROR, FATAL) are written to the rolling log file. The easiest way to get finer log messages is to change it like this</p>
-<div class="codehilite"><pre><span class="n">log4j</span><span class="o">.</span><span class="n">rootCategory</span><span class="o">=</span><span class="n">DEBUG</span><span class="p">,</span> <span class="n">stdout</span><span class="p">,</span> <span class="n">R</span>
-<span class="o">...</span>
+<div class="codehilite"><pre><span class="n">log4j</span><span class="p">.</span><span class="n">rootCategory</span><span class="p">=</span><span class="n">DEBUG</span><span class="p">,</span> <span class="n">stdout</span><span class="p">,</span> <span class="n">R</span>
+<span class="p">...</span>
 </pre></div>
 
 
 <p>These detailed log messages took much file space and time and therefore should only be enabled globally in order to analyze problems.</p>
 <p>It is possible to configure the logging more fine grained by using categories. Within the default configuration there are some examples:</p>
-<div class="codehilite"><pre><span class="o">...</span>
-<span class="c1"># with these we&#39;ll not get innundated when switching to DEBUG</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">shared</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">name</span><span class="o">=</span><span class="n">WARN</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">springframework</span><span class="o">=</span><span class="n">WARN</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">shared</span><span class="o">.</span><span class="n">codec</span><span class="o">=</span><span class="n">WARN</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">shared</span><span class="o">.</span><span class="n">asn1</span><span class="o">=</span><span class="n">WARN</span>
+<div class="codehilite"><pre><span class="p">...</span>
+# <span class="n">with</span> <span class="n">these</span> <span class="n">we</span><span class="o">&#39;</span><span class="n">ll</span> <span class="n">not</span> <span class="n">get</span> <span class="n">innundated</span> <span class="n">when</span> <span class="n">switching</span> <span class="n">to</span> <span class="n">DEBUG</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">shared</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">name</span><span class="p">=</span><span class="n">WARN</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">springframework</span><span class="p">=</span><span class="n">WARN</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">shared</span><span class="p">.</span><span class="n">codec</span><span class="p">=</span><span class="n">WARN</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">shared</span><span class="p">.</span><span class="n">asn1</span><span class="p">=</span><span class="n">WARN</span>
 </pre></div>
 
 
 <p>If the global level is switched to DEBUG, these definitions override the setting with WARN for certain areas and therefore keep the file a little bit smaller. Learn more about the concept of categories in the <a href="http://logging.apache.org/log4j/docs/manual.html">Short introduction to log4j</a>. </p>
 <h3 id="format-for-log-messages">Format for log messages</h3>
 <p>The format of each line within a log file is controlled by a pattern. For the <em>RollingFileAppender</em> in the default configuration it looks like this</p>
-<div class="codehilite"><pre><span class="o">...</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">layout</span><span class="o">=</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">log4j</span><span class="o">.</span><span class="n">PatternLayout</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">layout</span><span class="o">.</span><span class="n">ConversionPattern</span><span class="o">=</span><span class="p">[</span><span class="nv">%d</span><span class="p">{</span><span class="n">HH:mm:ss</span><span class="p">}]</span> <span class="nv">%p</span> <span class="p">[</span><span class="nv">%c</span><span class="p">]</span> <span class="o">-</span> <span class="nv">%m%n</span>
-<span class="o">...</span>
+<div class="codehilite"><pre><span class="p">...</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">layout</span><span class="p">=</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">log4j</span><span class="p">.</span><span class="n">PatternLayout</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">layout</span><span class="p">.</span><span class="n">ConversionPattern</span><span class="p">=[</span><span class="c">%d{HH:mm:ss}] %p [%c] - %m%n</span>
+<span class="p">...</span>
 </pre></div>
 
 
 <p>Some examples lines within the log file, formatted with the pattern "[%d{HH:mm:ss}] %p [%c] - %m%n" are:</p>
-<div class="codehilite"><pre><span class="o">...</span>
-<span class="p">[</span><span class="mi">12</span><span class="p">:</span><span class="mi">29</span><span class="p">:</span><span class="mo">03</span><span class="p">]</span> <span class="n">WARN</span> <span class="p">[</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">core</span><span class="o">.</span><span class="n">DefaultDirectoryService</span><span class="p">]</span>
-    <span class="o">-</span> <span class="n">You</span> <span class="n">didn</span><span class="s">&#39;t change the admin password of directory service instance &#39;</span><span class="n">default</span><span class="err">&#39;</span><span class="o">.</span>
-    <span class="n">Please</span> <span class="n">update</span> <span class="n">the</span> <span class="n">admin</span> <span class="n">password</span> <span class="n">as</span> <span class="n">soon</span> <span class="n">as</span> <span class="n">possible</span> <span class="n">to</span> <span class="n">prevent</span> <span class="n">a</span> <span class="n">possible</span> <span class="n">security</span> <span class="n">breach</span><span class="o">.</span>
-<span class="o">...</span>
-<span class="p">[</span><span class="mi">12</span><span class="p">:</span><span class="mi">29</span><span class="p">:</span><span class="mo">05</span><span class="p">]</span> <span class="n">INFO</span> <span class="p">[</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">jndi</span><span class="o">.</span><span class="n">ServerContextFactory</span><span class="p">]</span>
-    <span class="o">-</span> <span class="n">Successful</span> <span class="nb">bind</span> <span class="n">of</span> <span class="n">an</span> <span class="n">LDAP</span> <span class="n">Service</span> <span class="p">(</span><span class="mi">636</span><span class="p">)</span> <span class="n">is</span> <span class="n">complete</span><span class="o">.</span>
-<span class="p">[</span><span class="mi">12</span><span class="p">:</span><span class="mi">29</span><span class="p">:</span><span class="mo">05</span><span class="p">]</span> <span class="n">INFO</span> <span class="p">[</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">Service</span><span class="p">]</span> <span class="o">-</span> <span class="n">server:</span> <span class="n">started</span> <span class="n">in</span> <span class="mi">6750</span> <span class="n">milliseconds</span>
-<span class="o">...</span>
+<div class="codehilite"><pre><span class="p">...</span>
+<span class="p">[</span>12<span class="p">:</span>29<span class="p">:</span>03<span class="p">]</span> <span class="n">WARN</span> <span class="p">[</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">core</span><span class="p">.</span><span class="n">DefaultDirectoryService</span><span class="p">]</span>
+    <span class="o">-</span> <span class="n">You</span> <span class="n">didn</span><span class="o">&#39;</span><span class="n">t</span> <span class="n">change</span> <span class="n">the</span> <span class="n">admin</span> <span class="n">password</span> <span class="n">of</span> <span class="n">directory</span> <span class="n">service</span> <span class="n">instance</span> <span class="s">&#39;default&#39;</span><span class="p">.</span>
+    <span class="n">Please</span> <span class="n">update</span> <span class="n">the</span> <span class="n">admin</span> <span class="n">password</span> <span class="n">as</span> <span class="n">soon</span> <span class="n">as</span> <span class="n">possible</span> <span class="n">to</span> <span class="n">prevent</span> <span class="n">a</span> <span class="n">possible</span> <span class="n">security</span> <span class="n">breach</span><span class="p">.</span>
+<span class="p">...</span>
+<span class="p">[</span>12<span class="p">:</span>29<span class="p">:</span>05<span class="p">]</span> <span class="n">INFO</span> <span class="p">[</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">jndi</span><span class="p">.</span><span class="n">ServerContextFactory</span><span class="p">]</span>
+    <span class="o">-</span> <span class="n">Successful</span> <span class="n">bind</span> <span class="n">of</span> <span class="n">an</span> <span class="n">LDAP</span> <span class="n">Service</span> <span class="p">(</span>636<span class="p">)</span> <span class="n">is</span> <span class="n">complete</span><span class="p">.</span>
+<span class="p">[</span>12<span class="p">:</span>29<span class="p">:</span>05<span class="p">]</span> <span class="n">INFO</span> <span class="p">[</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">Service</span><span class="p">]</span> <span class="o">-</span> <span class="n">server</span><span class="p">:</span> <span class="n">started</span> <span class="n">in</span> 6750 <span class="n">milliseconds</span>
+<span class="p">...</span>
 </pre></div>
 
 
@@ -347,33 +347,35 @@ The name of the <em>RollingFileAppender<
 </table>
 <p>The <a href="http://logging.apache.org/log4j/docs/api/org/apache/log4j/PatternLayout.html">javadoc of log4j</a> contains a table with all valid %-characters and their meaning.</p>
 <p>Simple adjust the pattern in the <em>log4j.properties file</em> to get the log format of your choice, for instance</p>
-<div class="codehilite"><pre><span class="n">log4j</span><span class="o">.</span><span class="n">appender</span><span class="o">.</span><span class="n">R</span><span class="o">.</span><span class="n">layout</span><span class="o">.</span><span class="n">ConversionPattern</span><span class="o">=</span><span class="p">[</span><span class="nv">%d</span><span class="p">{</span><span class="n">dd</span><span class="o">.</span><span class="n">MM</span><span class="o">.</span><span class="n">yyyy</span> <span class="n">HH:mm:ss</span><span class="p">}]</span> <span class="nv">%p:</span> <span class="nv">%c</span><span class="p">{</span><span class="mi">1</span><span class="p">}</span><span class="o">.</span><span class="nv">%M</span><span class="p">()</span> <span class="o">-</span> <span class="nv">%m%n</span>
+<div class="codehilite"><pre><span class="n">log4j</span><span class="p">.</span><span class="n">appender</span><span class="p">.</span><span class="n">R</span><span class="p">.</span><span class="n">layout</span><span class="p">.</span><span class="n">ConversionPattern</span><span class="p">=[</span><span class="c">%d{dd.MM.yyyy HH:mm:ss}] %p: %c{1}.%M() - %m%n</span>
 </pre></div>
 
 
 <p>leads to messages of this form:</p>
-<div class="codehilite"><pre><span class="o">...</span>
-<span class="p">[</span><span class="mf">29.12.2006</span> <span class="mi">13</span><span class="p">:</span><span class="mi">50</span><span class="p">:</span><span class="mi">44</span><span class="p">]</span> <span class="n">INFO:</span> <span class="n">ServerContextFactory</span><span class="o">.</span><span class="n">startLDAP0</span><span class="p">()</span> 
-    <span class="o">-</span> <span class="n">Successful</span> <span class="nb">bind</span> <span class="n">of</span> <span class="n">an</span> <span class="n">LDAP</span> <span class="n">Service</span> <span class="p">(</span><span class="mi">636</span><span class="p">)</span> <span class="n">is</span> <span class="n">complete</span><span class="o">.</span>
-<span class="p">[</span><span class="mf">29.12.2006</span> <span class="mi">13</span><span class="p">:</span><span class="mi">50</span><span class="p">:</span><span class="mi">44</span><span class="p">]</span> <span class="n">INFO:</span> <span class="n">Service</span><span class="o">.</span><span class="n">init</span><span class="p">()</span> <span class="o">-</span> <span class="n">server:</span> <span class="n">started</span> <span class="n">in</span> <span class="mi">3016</span> <span class="n">milliseconds</span>
-<span class="o">...</span>
+<div class="codehilite"><pre><span class="p">...</span>
+<span class="p">[</span>29<span class="p">.</span>12<span class="p">.</span>2006 13<span class="p">:</span>50<span class="p">:</span>44<span class="p">]</span> <span class="n">INFO</span><span class="p">:</span> <span class="n">ServerContextFactory</span><span class="p">.</span><span class="n">startLDAP0</span><span class="p">()</span> 
+    <span class="o">-</span> <span class="n">Successful</span> <span class="n">bind</span> <span class="n">of</span> <span class="n">an</span> <span class="n">LDAP</span> <span class="n">Service</span> <span class="p">(</span>636<span class="p">)</span> <span class="n">is</span> <span class="n">complete</span><span class="p">.</span>
+<span class="p">[</span>29<span class="p">.</span>12<span class="p">.</span>2006 13<span class="p">:</span>50<span class="p">:</span>44<span class="p">]</span> <span class="n">INFO</span><span class="p">:</span> <span class="n">Service</span><span class="p">.</span><span class="n">init</span><span class="p">()</span> <span class="o">-</span> <span class="n">server</span><span class="p">:</span> <span class="n">started</span> <span class="n">in</span> 3016 <span class="n">milliseconds</span>
+<span class="p">...</span>
 </pre></div>
 
 
-<p><DIV class="warning" markdown="1">
-<strong> Warning</strong></p>
-<p>"Generating caller location information like with %M or %L is extremely slow. Its use should be avoided unless execution speed is not an issue." (from the log4j documentation)
-</DIV></p>
+<DIV class="warning" markdown="1">
+** Warning**
+
+"Generating caller location information like with %M or %L is extremely slow. Its use should be avoided unless execution speed is not an issue." (from the log4j documentation)
+</DIV>
+
 <h3 id="advanced-log4j-configuration">Advanced log4j configuration</h3>
 <p>You can take advantage of other features of log4j as well, such as other appenders like the daily rolling file appender. And you can configure logging to make it easier for you to view the messages with tools like Log Factor 5 or <a href="http://logging.apache.org/log4j/docs/chainsaw.html">Chainsaw</a>.</p>
 <p>Learn more about log4j and related tools at its <a href="http://logging.apache.org/log4j/docs/index.html">homepage</a>.</p>
 <h2 id="example-configurations">Example configurations</h2>
 <p>The following example could be used to log all incoming search, add, delete, modify and moddn requests:</p>
-<div class="codehilite"><pre><span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">handlers</span><span class="o">.</span><span class="n">SearchHandler</span><span class="o">=</span><span class="n">DEBUG</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">handlers</span><span class="o">.</span><span class="n">AddHandler</span><span class="o">=</span><span class="n">DEBUG</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">handlers</span><span class="o">.</span><span class="n">DeleteHandler</span><span class="o">=</span><span class="n">DEBUG</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">handlers</span><span class="o">.</span><span class="n">ModifyHandler</span><span class="o">=</span><span class="n">DEBUG</span>
-<span class="n">log4j</span><span class="o">.</span><span class="n">logger</span><span class="o">.</span><span class="n">org</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">directory</span><span class="o">.</span><span class="n">server</span><span class="o">.</span><span class="n">ldap</span><span class="o">.</span><span class="n">handlers</span><span class="o">.</span><span class="n">ModifyDnHandler</span><span class="o">=</span><span class="n">DEBUG</span>
+<div class="codehilite"><pre><span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">handlers</span><span class="p">.</span><span class="n">SearchHandler</span><span class="p">=</span><span class="n">DEBUG</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">handlers</span><span class="p">.</span><span class="n">AddHandler</span><span class="p">=</span><span class="n">DEBUG</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">handlers</span><span class="p">.</span><span class="n">DeleteHandler</span><span class="p">=</span><span class="n">DEBUG</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">handlers</span><span class="p">.</span><span class="n">ModifyHandler</span><span class="p">=</span><span class="n">DEBUG</span>
+<span class="n">log4j</span><span class="p">.</span><span class="n">logger</span><span class="p">.</span><span class="n">org</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">directory</span><span class="p">.</span><span class="n">server</span><span class="p">.</span><span class="n">ldap</span><span class="p">.</span><span class="n">handlers</span><span class="p">.</span><span class="n">ModifyDnHandler</span><span class="p">=</span><span class="n">DEBUG</span>
 </pre></div>
 
 

Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1.5-sample-configuration.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1.5-sample-configuration.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1.5-sample-configuration.html Fri Jun 21 10:04:38 2013
@@ -193,20 +193,20 @@ In order to increase recognition, all ex
 <p>The sample directory tree contains entries for persons and groups. These are structured in sub trees (ou=people and ou=groups), see image below. The person entries describe sailors (historic and fictional), the group entries bundle them. An example for a group is the ship crew of HMS Bounty.</p>
 <p><img alt="Sample Structure" src="images/sample-structure.gif" /></p>
 <p>This snippet of the file represents a single entry, just to give you an impression of how LDIF files look like.</p>
-<div class="codehilite"><pre><span class="o">...</span>
-<span class="c1"># Entry for Fletcher Christian</span>
-<span class="c1">#</span>
-<span class="n">dn:</span> <span class="n">cn</span><span class="o">=</span><span class="n">Fletcher</span> <span class="n">Christian</span><span class="p">,</span><span class="n">ou</span><span class="o">=</span><span class="n">people</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">sevenSeas</span>
-<span class="n">cn:</span> <span class="n">Fletcher</span> <span class="n">Christian</span>
-<span class="n">objectClass:</span> <span class="n">top</span>
-<span class="n">objectClass:</span> <span class="n">person</span>
-<span class="n">objectClass:</span> <span class="n">organizationalPerson</span>
-<span class="n">objectClass:</span> <span class="n">inetOrgPerson</span>
-<span class="n">sn:</span> <span class="n">Christian</span>
-<span class="n">givenName:</span> <span class="n">Fletcher</span>
-<span class="n">description:</span> <span class="n">Lieutenant</span> <span class="n">Fletcher</span> <span class="n">Christian</span>
-<span class="n">manager:</span> <span class="n">cn</span><span class="o">=</span><span class="n">William</span> <span class="n">Bligh</span><span class="p">,</span><span class="n">ou</span><span class="o">=</span><span class="n">people</span><span class="p">,</span><span class="n">o</span><span class="o">=</span><span class="n">sevenSeas</span>
-<span class="o">...</span>
+<div class="codehilite"><pre><span class="p">...</span>
+# <span class="n">Entry</span> <span class="k">for</span> <span class="n">Fletcher</span> <span class="n">Christian</span>
+#
+<span class="n">dn</span><span class="p">:</span> <span class="n">cn</span><span class="p">=</span><span class="n">Fletcher</span> <span class="n">Christian</span><span class="p">,</span><span class="n">ou</span><span class="p">=</span><span class="n">people</span><span class="p">,</span><span class="n">o</span><span class="p">=</span><span class="n">sevenSeas</span>
+<span class="n">cn</span><span class="p">:</span> <span class="n">Fletcher</span> <span class="n">Christian</span>
+<span class="n">objectClass</span><span class="p">:</span> <span class="n">top</span>
+<span class="n">objectClass</span><span class="p">:</span> <span class="n">person</span>
+<span class="n">objectClass</span><span class="p">:</span> <span class="n">organizationalPerson</span>
+<span class="n">objectClass</span><span class="p">:</span> <span class="n">inetOrgPerson</span>
+<span class="n">sn</span><span class="p">:</span> <span class="n">Christian</span>
+<span class="n">givenName</span><span class="p">:</span> <span class="n">Fletcher</span>
+<span class="n">description</span><span class="p">:</span> <span class="n">Lieutenant</span> <span class="n">Fletcher</span> <span class="n">Christian</span>
+<span class="n">manager</span><span class="p">:</span> <span class="n">cn</span><span class="p">=</span><span class="n">William</span> <span class="n">Bligh</span><span class="p">,</span><span class="n">ou</span><span class="p">=</span><span class="n">people</span><span class="p">,</span><span class="n">o</span><span class="p">=</span><span class="n">sevenSeas</span>
+<span class="p">...</span>
 </pre></div>