You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2014/11/29 01:18:18 UTC
svn commit: r930927 [1/2] - in /websites/staging/directory/trunk/content: ./
apacheds/advanced-ug/ apacheds/advanced-ug/images/
Author: buildbot
Date: Sat Nov 29 00:18:17 2014
New Revision: 930927
Log:
Staging update by buildbot for directory
Added:
websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/2.2-installation-layout.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/2.3-instance-layout.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/images/debian.png (with props)
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Nov 29 00:18:17 2014
@@ -1 +1 @@
-1641836
+1642377
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html Sat Nov 29 00:18:17 2014
@@ -157,7 +157,7 @@
</div>
<div class="nav_next">
- <a href="3-admin-model.html">3 - Administrative Model</a>
+ <a href="2.1-config-description.html">2.1 - Configuration Description</a>
</div>
<div class="clearfix"></div>
@@ -165,1283 +165,14 @@
<h1 id="2-server-configuraion">2 - Server Configuraion</h1>
-<p>We will now describe the server configuration. Usually, all the configuration is done using Apache Directory Studio, which offers a pretty GUI. One can also configure the server using LDAP request, as the configuration is stored in the <strong>DIT</strong>. Otherwise, all the configuration modifications won't be applied on a started server : usually, you will have to restart the server in order to get those modifications applied.</p>
-<p>It's a good policy not to modify the LDIF files by hand, but instead to use the Studio Configuration plugin to modify your configuration. </p>
-<h1 id="bean-graph">Bean graph</h1>
-<p>The following picture represent the structure of the container used to store the configuration inside the server. The yellow beans are abstract beans, extended by specific beans.</p>
-<p>The bold links mean we can have more than one instance of a bean.</p>
-<p><img alt="ApacheDS configuration beans" src="images/configBeans.png" /></p>
-<h1 id="overall-structure">Overall structure</h1>
-<p>The configuration is stored in a hierarchical order, where sub-elements are related to their parent. For instance, the <em>Transports</em> are associated to the <em>Server</em> they are child of. If we have many kind of servers, we will have as many transports as we have servers.</p>
-<p>The following hierarchy describe the different kind of elements that one can configure, and their relationship :</p>
+<p>We will now describe the server configuration. Usually, all the configuration is done using Apache Directory Studio, which offers a pretty GUI. One can also configure the server using LDAP request, as the configuration is stored in the <strong>DIT</strong>. Otherwise, all the configuration modifications won't be applied on a started server : you will have to restart the server in order to get those modifications applied.</p>
+<p>We will then describe the installation layout (ie, how tha various files are stored on yoru disk).</p>
+<h2 id="chapter-content">Chapter content</h2>
<ul>
-<li>ou=config<ul>
-<li><a href="#directory-service">ads-directoryServiceId=XXXXX (Directory Service)</a> <ul>
-<li><a href="#change-log">ads-changeLogId=XXXXX (ChangeLog)</a></li>
-<li><a href="#journal">ads-journalId=XXXXX (Journal)</a></li>
-<li><a href="#interceptors">ou=interceptors (Interceptors)</a><ul>
-<li><a href="#authentication-Interceptor">ads-interceptorId=authenticationInterceptor (Authentication Interceptor)</a><ul>
-<li><a href="#authenticators">ou=authenticators (Authenticators)</a></li>
-<li><a href="#password-policies">ou=passwordPolicies (Password Policies)</a></li>
+<li><a href="2.1-config-description.html">2.1 - Configuration Description</a></li>
+<li><a href="2.2-installation-layout.html">2.2 - Installation Layout</a></li>
+<li><a href="2.2-instance-layout.html">2.3 - Instance Layout</a></li>
</ul>
-</li>
-</ul>
-</li>
-<li><a href="#partitions">ou=partitions (Partitions)</a><ul>
-<li><a href="#jdbm-partition">ads-partitionId=system (JDBM Partition)</a><ul>
-<li><a href="#indexes">ou=indexes (Indexes)</a><ul>
-<li><a href="#indexed-attribute">ads-indexAttributeId=XXXXX (Indexed Attribute)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-<li><a href="#servers">ou=servers (Servers)</a><ul>
-<li><a href="#ldap-server">ads-serverId=ldapServer (Ldap Server)</a><ul>
-<li><a href="#transports">ou=transports (Transports)</a></li>
-<li><a href="#repl-consumers">ou=replConsumers (ReplConsumers)</a></li>
-<li><a href="#extended-op-handlers">ou=extendedOpHandlers (Extended Operation Handlers)</a></li>
-<li><a href="#sasl-mechanisms">ou=saslMechHandlers (SASL Mechanisms)</a></li>
-</ul>
-</li>
-<li><a href="#kerberos-server">ads-serverId=kerberosServer (Kerberos Server)</a><ul>
-<li><a href="#transports">ou=transports (Transports)</a></li>
-</ul>
-</li>
-<li><a href="#http-server">ads-serverId=httpServer (Http Server)</a><ul>
-<li><a href="#transports">ou=transports (Transports)</a></li>
-<li><a href="#http-web-apps">ou=httpWebApps (HttpWebApps)</a></li>
-</ul>
-</li>
-<li><a href="#change-password-server">ads-serverId=changePasswordServer (ChangePassword Server)</a><ul>
-<li><a href="#transports">ou=transports (Transports)</a></li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-</li>
-</ul>
-<p>Note that in order to modify one element, you have to go down the tree up to the entry containing the elements you want to modify. For instance, to modify the TCP port for LDAP, you have to modify the following entry :
-<strong>ads-transportid=ldap, ou=transports, ads-serverId=ldapServer, ou=servers, ads-directoryServiceId=XXXXX, ou=config</strong></p>
-<p>We will now explain each one of those elements.</p>
-<DIV class="note" markdown="1">
-Note that bold attributes are mandatory in the following tables.
-</DIV>
-
-<h1 id="directory-service">Directory Service</h1>
-<p>This is the key of the whole server : the place where we store the data. Most of the servers are depending on this component. You may have more than one server, but only one <em>DirectoryService</em>. This component itself refers to the servers that will be started, plus the backends it will depends on.</p>
-<p>Here are the configuration parameters for this components :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-directoryServiceId</strong></td>
-<td><em>String</em></td>
-<td></td>
-<td>The unique identifier for the service</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the DirectoryService is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-dsReplicaId</strong></td>
-<td><em>int</em></td>
-<td>1</td>
-<td>The replication identifier</td>
-</tr>
-<tr>
-<td><strong>ads-dsAccessControlEnabled</strong></td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the Access Control interceptor is active</td>
-</tr>
-<tr>
-<td><strong>ads-dsAllowAnonymousAccess</strong></td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the service allow anonymous access</td>
-</tr>
-<tr>
-<td><strong>ads-dsDenormalizeOpAttrsEnabled</strong></td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the service should denormalize operational attributes</td>
-</tr>
-<tr>
-<td><strong>ads-dsPasswordHidden</strong></td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the passwords should be encrypted (not used)</td>
-</tr>
-<tr>
-<td><strong>ads-dsSyncPeriodMillis</strong></td>
-<td><em>long</em></td>
-<td>15000</td>
-<td>The delay in milliseconds before we flush data on disk</td>
-</tr>
-<tr>
-<td>ads-dsTestEntries</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>Not used</td>
-</tr>
-</tbody>
-</table>
-<h2 id="change-log">Change Log</h2>
-<p>The <em>ChangeLog</em> is an optional system that logs every changes made on the server, and also records the revert operation, allowing the system to rollback the changes if needed. This is extremely useful when running tests.</p>
-<p>Note that at the moment, the system works in memory.</p>
-<p>It's disabled by default.</p>
-<p>Here are the configuration element for the <em>ChangeLog</em> elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-changeLogId</strong></td>
-<td><em>String</em></td>
-<td></td>
-<td>The unique identifier for the system</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the ChangeLog system is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-changeLogExposed</strong></td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the ChangeLog is exposed to the users</td>
-</tr>
-</tbody>
-</table>
-<h2 id="journal">Journal</h2>
-<p>The <em>Journal</em> system logs every modification on the file system. It's intended to be used if the <em>DirectoryService</em> crashes, as we can reapply the journal starting from a date in the past where we know that the underlying database is correct.</p>
-<p>The configuration elements for the <em>Journal</em> are :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-journalId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique identifier for the Journal</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the Journal system is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-journalWorkingDir</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The working directory the Journal will be stored in</td>
-</tr>
-<tr>
-<td><strong>ads-journalRotation</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The number of operation stored befoe the journal is rotated</td>
-</tr>
-<tr>
-<td><strong>ads-journalFileName</strong></td>
-<td><em>String</em></td>
-<td>journal.txt</td>
-<td>The file contaning the Journal</td>
-</tr>
-</tbody>
-</table>
-<h2 id="interceptors">Interceptors</h2>
-<p>The <em>Interceptors</em> are generally not configurable. You don't want to change their order, nor remove or add some. The fact that they appear in the configuration is because we use this to initialize the server.</p>
-<p>However, at least one <em>Interceptor</em> can be configured : the <em>authenticationInterceptor</em>. </p>
-<p>In the case where one would like to add an interceptor, it's enough to add the associated entry containing the interceptor identifier, under the <em>ou=interceptors</em> entry. It must have an order. Here are the elements that can be configured in such a case :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-interceptorid</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique identifier for this Interceptor</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the Interceptor is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td>ads-interceptororder</td>
-<td><em>int</em></td>
-<td>N/A</td>
-<td>The position in the chain for this interceptor</td>
-</tr>
-<tr>
-<td>ads-interceptorclassname</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The class implementing this interceptor</td>
-</tr>
-</tbody>
-</table>
-<h3 id="authentication-interceptor">Authentication Interceptor</h3>
-<p>This <em>Interceptor</em> is in charge of managing the users authentication. It is associated with <em><a href="#authenticators">Authenticators</a></em>, and with <em><a href="#password-policies">Password Policies</a></em>.</p>
-<h4 id="authenticators">Authenticators</h4>
-<p>We may have various <em>Authenticator</em> declared for a given server. The default server has three different <em>Authenticators</em>, which are :</p>
-<ul>
-<li>anonymousAuthenticator : used for anonymous requests</li>
-<li>simpleAuthenticator : handle simple authentication, based on a password</li>
-<li>strongAuthenticator : handle SASL authentication.</li>
-</ul>
-<p>One can add a new <em>Authenticator</em>, if needed. It's just a matter of creating a new entry under the <em>ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors</em> entry, containing the two following elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-authenticatorId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique identifier for this Authenticator</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the Partition is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-authenticatorClass</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The FQCN for the class implementing the AUthenticator</td>
-</tr>
-</tbody>
-</table>
-<h3 id="password-policies">Password Policies</h3>
-<p>There are many possible configurable options for the <em>PasswordPolicy</em> system. Here is a list of all the possible elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-pwdId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique ID of the <em>PasswordPolicy</em> system</td>
-</tr>
-<tr>
-<td><strong>ads-pwdAttribute</strong></td>
-<td><em>String</em></td>
-<td>userPassword</td>
-<td>The name of the attribute to which the password policy is applied</td>
-</tr>
-<tr>
-<td>ads-pwdMinAge</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>Holds the number of seconds that must elapse between modifications to the password</td>
-</tr>
-<tr>
-<td>ads-pwdMaxAge</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>Holds the number of seconds after which a modified password will expire. If 0, never expires</td>
-</tr>
-<tr>
-<td>ads-pwdInHistory</td>
-<td><em>boolean</em></td>
-<td>0</td>
-<td>Specifies the maximum number of used passwords stored in the pwdHistory attribute (0 means no storage)</td>
-</tr>
-<tr>
-<td>ads-pwdCheckQuality</td>
-<td><em>boolean</em></td>
-<td>0</td>
-<td>Indicates how the password quality will be verified while being modified or added (0 means no check)</td>
-</tr>
-<tr>
-<td>ads-pwdMinLength</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The minimum number of characters that must be used in a password (0 means no limit)</td>
-</tr>
-<tr>
-<td>ads-pwdMaxLength</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The maximum number of characters that may be used in a password (0 means no limit)</td>
-</tr>
-<tr>
-<td>ads-pwdExpireWarning</td>
-<td><em>boolean</em></td>
-<td>0</td>
-<td>The maximum number of seconds before a password is due to expire, and that expiration warning messages will be returned to an authenticating user (0 means no message wil be sent to user)</td>
-</tr>
-<tr>
-<td>ads-pwdGraceAuthNLimit</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The number of times an expired password can be used to authenticate (0 means do not allow a expired password for authentication)</td>
-</tr>
-<tr>
-<td>ads-pwdGraceExpire</td>
-<td><em>boolean</em></td>
-<td>0</td>
-<td>Specifies the number of seconds the grace authentications are valid (0 means no limit)</td>
-</tr>
-<tr>
-<td>ads-pwdLockout</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Flag to indicate if the account needs to be locked after a specified number of</td>
-</tr>
-<tr>
-<td>consecutive failed bind attempts. The maximum number of consecutive failed bind attempts is specified in ads-pwdMaxFailure</td>
-<td></td>
-<td></td>
-<td></td>
-</tr>
-<tr>
-<td>ads-pwdLockoutDuration</td>
-<td><em>int</em></td>
-<td>300</td>
-<td>The number of seconds that the password cannot be used to authenticate due to too many failed bind attempts</td>
-</tr>
-<tr>
-<td>ads-pwdMaxFailure</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The number of consecutive failed bind attempts after which the password may not be used to authenticate (0 means no limit)</td>
-</tr>
-<tr>
-<td>ads-pwdFailureCountInterval</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The number of seconds after which the password failures are purged from the failure counter (0 means reset all the pwdFailureTimes after a successful authentication)</td>
-</tr>
-<tr>
-<td>ads-pwdMustChange</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Flag to indicate if the password must be changed by the user after they bind to the directory after a password is set or reset by a password administrator</td>
-</tr>
-<tr>
-<td>ads-pwdAllowUserChange</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Indicates whether users can change their own passwords</td>
-</tr>
-<tr>
-<td>ads-pwdSafeModify</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Flag to specify whether or not the existing password must be sent along with the new password when being changed</td>
-</tr>
-<tr>
-<td>ads-pwdMinDelay</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The number of seconds to delay responding to the first failed authentication attempt (0 means no delay)</td>
-</tr>
-<tr>
-<td>ads-pwdMaxDelay</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The maximum number of seconds to delay when responding to a failed authentication attempt (no delay) 0 means</td>
-</tr>
-<tr>
-<td>ads-pwdMaxIdle</td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The number of seconds an account may remain unused before it becomes locked (0 means infinite)</td>
-</tr>
-</tbody>
-</table>
-<h2 id="partitions">Partitions</h2>
-<p>The <em>Partition</em> is the part of the server storing your data. There are many parts that need to be configured in order to obtain the best performances out of the server. It's also the part of the configuration you are the more likely to modify, adding new <em>Partitions</em> or adding new <em>Indexes</em>.</p>
-<p>You may have more than one <em>Partition</em> in your <em>DirectoryService</em>. We have at least three existing <em>Partition</em>, the <em>ou=system</em> <em>Partition</em>, the <em>ou=config</em> <em>Partition</em> and the <em>ou=schema</em> <em>Partition</em>. The former is a <em>JDBM</em> <em>Partition</em>, when the two others are <em>LDIF</em> _Partitions.</p>
-<h3 id="jdbm-partition">JDBM Partition</h3>
-<p>A <em>JDBM Partition</em> have the following configurable elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-partitionid</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique identifier for this Partition</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the Partition is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-partitionsuffix</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The partition DN</td>
-</tr>
-<tr>
-<td>ads-contextEntry</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The entry associated with the suffix (in LDIF format)</td>
-</tr>
-<tr>
-<td>ads-partitionSyncOnWrite</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells the server to flush on disk on each write</td>
-</tr>
-</tbody>
-</table>
-<p>Once those elements have been configured, the <em>Partition</em> is available. You still have to create some mandatory indexes though.</p>
-<h4 id="indexes">Indexes</h4>
-<p>Each <em>Partition</em> have indexes, some are mandatory, and others are user provided. Here are the mandatory indexes :</p>
-<table>
-<thead>
-<tr>
-<th>Index</th>
-<th>role</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>apacheRdn</td>
-<td>Stores the RDN for the entry, and the relation to its parent's RDN</td>
-</tr>
-<tr>
-<td>apachePresence</td>
-<td>Used to index the attributeTypes used in the entry</td>
-</tr>
-<tr>
-<td>apacheOneAlias</td>
-<td>Stores the aliases one level below the current entry</td>
-</tr>
-<tr>
-<td>apacheSubAlias</td>
-<td>Stores the aliases below the current entry</td>
-</tr>
-<tr>
-<td>apacheAlias</td>
-<td>Stores the aliases</td>
-</tr>
-<tr>
-<td>objectClass</td>
-<td>Stores the relation between an ObjectClass an the entry using it</td>
-</tr>
-<tr>
-<td>entryCSN</td>
-<td>Stores the CSN for each entry</td>
-</tr>
-<tr>
-<td>administrativeRole</td>
-<td>Stores the entries that are AdminstrativePoints</td>
-</tr>
-</tbody>
-</table>
-<h5 id="indexed-attribute">Indexed Attribute</h5>
-<p>IndexedATtributes have a type, depending on the <em>Partition</em> they are associated with. Currently, we have only one type, <em>JdbmIndex</em>. They have specific configurable elements.</p>
-<p>Each index attribute have four basic elements that can be configured :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-indexAttributeId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique identifier for this indexedAttribute</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the IntexedAttribute is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-indexHasReverse</strong></td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if the IndexedAttribute has a reverse index</td>
-</tr>
-</tbody>
-</table>
-<p>The <em>JdbmIndex</em> type of index has some more configurable elements, all optional :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-indexFileName</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The index file name (default to the associated attributeType name)</td>
-</tr>
-<tr>
-<td>ads-indexWorkingDir</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The index working directory</td>
-</tr>
-<tr>
-<td>ads-indexNumDupLimit</td>
-<td><em>int</em></td>
-<td>512</td>
-<td>The maximum number of values for a single key before we use a sub-tree</td>
-</tr>
-<tr>
-<td>ads-indexCacheSize</td>
-<td><em>int</em></td>
-<td>100</td>
-<td>The number of cached pages for this index</td>
-</tr>
-</tbody>
-</table>
-<h1 id="servers">Servers</h1>
-<p>As we can see, we can start more than one server. We have :</p>
-<ul>
-<li>a LDAP server</li>
-<li>a Kerberos server</li>
-<li>a changePassword server</li>
-<li>an HTTP Server</li>
-<li>a NTP Server</li>
-<li>a DHCP server</li>
-<li>a DNS server</li>
-</ul>
-<p>There is a distinction though between the servers backed by a <em>DirectoryService</em>, and those that aren't (like the HTTP and NTP servers). </p>
-<p>All the <em>DirectoryService</em> backed servers share some common parameters, which are exposed in the following table :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-searchBaseDN</td>
-<td><em>Dn</em></td>
-<td>N/A</td>
-<td>The place were to start looking for authentication informations</td>
-</tr>
-<tr>
-<td>ads-serverId</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The server unique name</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>N/A</td>
-<td>Tells if the Server is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-</tbody>
-</table>
-<p>A server can define more than one transports : for instance, the Kerberos server uses UDP and TCP transports.</p>
-<h2 id="transports">Transports</h2>
-<p>Here are the parameters for the Transport structure :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-transportId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The identification</td>
-</tr>
-<tr>
-<td><strong>ads-transportAddress</strong></td>
-<td><em>String</em></td>
-<td>localhost</td>
-<td>The IP Address</td>
-</tr>
-<tr>
-<td><strong>ads-systemPort</strong></td>
-<td><em>int</em></td>
-<td>-1</td>
-<td>The port</td>
-</tr>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>N/A</td>
-<td>Tells if the Transport system is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td>ads-transportEnableSsl</td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Tells if SSL is activated (not used for UDP)</td>
-</tr>
-<tr>
-<td>ads-transportNbThreads</td>
-<td><em>int</em></td>
-<td>3</td>
-<td>he number of dedicated threads to process the messages</td>
-</tr>
-<tr>
-<td>ads-transportBackLog</td>
-<td><em>int</em></td>
-<td>50</td>
-<td>The number of messages on hold if the server is overloaded (not used for UDP)</td>
-</tr>
-</tbody>
-</table>
-<h2 id="ldap-server">Ldap Server</h2>
-<p>Let's start with the main server : the LDAP server. </p>
-<p>The list of attributes that can be modified is exposed in the following table. </p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the LdapServer system is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-confidentialityRequired</strong></td>
-<td><em>boolean</em></td>
-<td>false</td>
-<td>Whether or not confidentiality (TLS secured connection) is required</td>
-</tr>
-<tr>
-<td><strong>ads-maxSizeLimit</strong></td>
-<td><em>int</em></td>
-<td>1000</td>
-<td>The maximum number of entries the server will return</td>
-</tr>
-<tr>
-<td><strong>ads-maxTimeLimit</strong></td>
-<td><em>int</em></td>
-<td>1000</td>
-<td>The maximum number of seconds the server will use to process a search request</td>
-</tr>
-<tr>
-<td><strong>ads-maxPDUSize</strong></td>
-<td><em>int</em></td>
-<td>2048</td>
-<td>The maximal size for a PDU. This is currently not leveraged</td>
-</tr>
-<tr>
-<td><strong>ads-saslHost</strong></td>
-<td><em>int</em></td>
-<td>N/A</td>
-<td>The name of this host, validated during SASL negotiation</td>
-</tr>
-<tr>
-<td><strong>ads-saslPrincipal</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The service principal, used by GSSAPI.</td>
-</tr>
-<tr>
-<td><strong>sads-saslRealms</strong></td>
-<td><em>List<String></em></td>
-<td>N/A</td>
-<td>The list of realms serviced by this host.</td>
-</tr>
-<tr>
-<td>ads-keystoreFile</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The place on the filesystem where the Keystore is stored</td>
-</tr>
-<tr>
-<td>ads-certificatePassword</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The certificate's password</td>
-</tr>
-<tr>
-<td>ads-replReqHandler</td>
-<td><em>String</em></td>
-<td>(*)</td>
-<td>The replication request handler FQCN</td>
-</tr>
-<tr>
-<td>ads-replEnabled</td>
-<td><em>boolean</em></td>
-<td>FALSE</td>
-<td>Tells if the replication system is enabled</td>
-</tr>
-</tbody>
-</table>
-<p>(*) org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler</p>
-<h3 id="repl-consumers">Repl Consumers</h3>
-<p>This part of the configuration deals with the replication. It provides all the information for a server to become a consumer. A server can have many different consumers set. </p>
-<p>All the consumers are stored under the <em>ou=replConsumers</em> entry, under the respective server entry.</p>
-<p>Here are the configurable elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td><strong>ads-replConsumerId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The replica unique identifier</td>
-</tr>
-<tr>
-<td><strong>ads-searchBaseDN</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The base DN for replication</td>
-</tr>
-<tr>
-<td><strong>ads-replProvHostName</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The provider host name</td>
-</tr>
-<tr>
-<td><strong>ads-replProvPort</strong></td>
-<td><em>int</em></td>
-<td>389</td>
-<td>The port of the remote server</td>
-</tr>
-<tr>
-<td><strong>ads-replAliasDerefMode</strong></td>
-<td><em>String</em></td>
-<td>NEVER_DEREF_ALIASES</td>
-<td>The alias dereferencing mode to use</td>
-</tr>
-<tr>
-<td><strong>ads-replAttributes</strong></td>
-<td><em>String</em></td>
-<td>*</td>
-<td>The list of attributes to get back</td>
-</tr>
-<tr>
-<td><strong>ads-replRefreshInterval</strong></td>
-<td><em>int</em></td>
-<td>60000</td>
-<td>The delay between refreshes (60 seconds)</td>
-</tr>
-<tr>
-<td><strong>ads-replRefreshNPersist</strong></td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Sets the replication mode</td>
-</tr>
-<tr>
-<td><strong>ads-replSearchScope</strong></td>
-<td><em>String</em></td>
-<td>SUBTREE</td>
-<td>The scope to use while searching for entries</td>
-</tr>
-<tr>
-<td><strong>ads-replSearchFilter</strong></td>
-<td><em>String</em></td>
-<td>(objectClass=*)</td>
-<td>The filter to use</td>
-</tr>
-<tr>
-<td><strong>ads-replSearchSizeLimit</strong></td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The maximum number of entries to get back</td>
-</tr>
-<tr>
-<td><strong>ads-replSearchTimeOut</strong></td>
-<td><em>int</em></td>
-<td>0</td>
-<td>The maximum time to wait while fetching the entries</td>
-</tr>
-<tr>
-<td><strong>ads-replUserDn</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The user DN used to bind on the provider</td>
-</tr>
-<tr>
-<td><strong>ads-replUserPassword</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The password of the user</td>
-</tr>
-<tr>
-<td>ads-replUseTls</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells the server to use startTLS during replication</td>
-</tr>
-<tr>
-<td>ads-replStrictCertValidation</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells the provider to check the certificate if provided</td>
-</tr>
-<tr>
-<td>ads-replPeerCertificate</td>
-<td><em>byte[]</em></td>
-<td>N/A</td>
-<td>The certificate to use for replication</td>
-</tr>
-<tr>
-<td>ads-replConsumerImpl</td>
-<td><em>String</em></td>
-<td>ReplicationConsumerImpl</td>
-<td>The implementation</td>
-</tr>
-<tr>
-<td>ads-replCookie</td>
-<td><em>byte[]</em></td>
-<td>N/A</td>
-<td>The last received cookie</td>
-</tr>
-</tbody>
-</table>
-<h3 id="extended-op-handlers">Extended Op Handlers</h3>
-<p>An LDAP server can handle <em>ExtendedOperations</em>, assuming it has the code to do so. In <strong>ApacheDS</strong>, we do that by associating a <em>Java</em> class with each <em>ExtendedOperation</em>. We may provide more <em>ExtendedOperations</em> in the future. The list of supported <em>ExtendedOperations</em> is given below :</p>
-<ul>
-<li>CertGenerationRequest : Generate a certificate on demand</li>
-<li>GracefulShutdownRequest : Requires the server to shutdown gracefully</li>
-<li>StartTLSExtendedOperation : Process the StartTLS request</li>
-<li>StoredProcedureExtendedOperation : Execute a Stored procedure</li>
-</ul>
-<p>Adding a new <em>ExntedeOperatonHandler</em> is just a matter of adding a new entry under the <em>ou=extendedOpHandlers</em> entry, with the given elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the ExtendedOpHandler system is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-extendedOpId</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The ExtendedOpHandler unique identifier</td>
-</tr>
-<tr>
-<td><strong>ads-extendedOpHandlerClass</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The class FQCN that implements the handler</td>
-</tr>
-</tbody>
-</table>
-<h3 id="sasl-mechanisms">SASL Mechanisms</h3>
-<p>We have various SASL mechanisms, which can be configured. the list of supported SASL mechanisms is :</p>
-<ul>
-<li>CRAM-MD5</li>
-<li>DIGEST-MD5</li>
-<li>GSS-SPNEGO</li>
-<li>GSSAPI</li>
-<li>NTLM</li>
-<li>SIMPLE</li>
-</ul>
-<p>This list is stored in the configuration. It's possible to add new mechanisms if needed, simply by adding an entry containing those elements, under the <em>ou=saslMechHandlers</em></p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the Transport system is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-saslMechName</strong></td>
-<td><em>String</em></td>
-<td><one the above list></td>
-<td>The mechanism name</td>
-</tr>
-<tr>
-<td><strong>ads-saslMechClassName</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The mechanism class name</td>
-</tr>
-<tr>
-<td>ads-ntlmMechProvider</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The NTLM provider</td>
-</tr>
-</tbody>
-</table>
-<h2 id="kerberos-server">Kerberos Server</h2>
-<p>The <em>KerberosServer</em> configuration is an important part of the configuration. It depends on a <em>DirectoryService</em> too, as most of the informations managed by a <em>KerberosServer</em> are store there.</p>
-<p>The list of attributes that can be modified is exposed in the following table. </p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the KerberosServer is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td>ads-krbAllowableClockSkew</td>
-<td><em>int</em></td>
-<td>300000</td>
-<td>The allowable clock skew in milliseconds (5 minutes)</td>
-</tr>
-<tr>
-<td>ads-krbEncryptionTypes</td>
-<td><em>List<String></em></td>
-<td></td>
-<td>The encryption types</td>
-</tr>
-<tr>
-<td>ads-krbEmptyAddressesAllowed</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether empty addresses are allowed</td>
-</tr>
-<tr>
-<td>ads-krbForwardableAllowed</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether forwardable addresses are allowed</td>
-</tr>
-<tr>
-<td>ads-krbPaEncTimestampRequired</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether pre-authentication by encrypted timestamp is required</td>
-</tr>
-<tr>
-<td>ads-krbPostdatedAllowed</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether postdated tickets are allowed</td>
-</tr>
-<tr>
-<td>ads-krbProxiableAllowed</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether proxiable addresses are allowed</td>
-</tr>
-<tr>
-<td>ads-krbRenewableAllowed</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether renewable tickets are allowed</td>
-</tr>
-<tr>
-<td>ads-krbKdcPrincipal</td>
-<td><em>String</em></td>
-<td>krbtgt/EXAMPLE.COM@EXAMPLE.COM</td>
-<td>The service principal name</td>
-</tr>
-<tr>
-<td>ads-krbMaximumRenewableLifetime</td>
-<td><em>long</em></td>
-<td>1000 * 60 * 60 * 24 * 7</td>
-<td>The maximum renewable lifetime in millisconds (7 days)</td>
-</tr>
-<tr>
-<td>ads-krbMaximumTicketLifetime</td>
-<td><em>long</em></td>
-<td>1000 * 60 * 60 * 24</td>
-<td>he maximum ticket lifetime in milliseconds (24 h)</td>
-</tr>
-<tr>
-<td>ads-krbPrimaryRealm</td>
-<td><em>String</em></td>
-<td>EXAMPLE.COM</td>
-<td>The primary realm</td>
-</tr>
-<tr>
-<td>ads-krbBodyChecksumVerified</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Whether to verify the body checksum</td>
-</tr>
-</tbody>
-</table>
-<p>Of course, a <em>Transport</em> has to be defined under the <em>KerberosServer</em> entry (see <a href="#transports">Transports</a>).</p>
-<h2 id="http-server">Http Server</h2>
-<p>We have a Http Server embedded, which is used to manage some parts of the server. One can inject a web application, which has direct access to the embedded LdapServer, for instance. It can be useful for sending LDAP requests using DSML, for instance.</p>
-<p>There is one single element that can be configured :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the HttpServer is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td>ads-httpConfFile</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The configuration file for this server</td>
-</tr>
-</tbody>
-</table>
-<p>An <em>HttpServer</em> without webApps is pretty useless, we now have to configure the underlying web applications</p>
-<h3 id="http-web-apps">Http Web Apps</h3>
-<p>Each <em>WebApp</em> configuration must be added under the <em>ou=webapps</em> entry. Here are the configurable elements :</p>
-<table>
-<thead>
-<tr>
-<th>AttributeType</th>
-<th>type</th>
-<th>default value</th>
-<th>Description</th>
-</tr>
-</thead>
-<tbody>
-<tr>
-<td>ads-enabled</td>
-<td><em>boolean</em></td>
-<td>true</td>
-<td>Tells if the HttpServer is enabled</td>
-</tr>
-<tr>
-<td>description</td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>A short optional description</td>
-</tr>
-<tr>
-<td><strong>ads-httpWarFile</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The WAR file to use</td>
-</tr>
-<tr>
-<td><strong>ads-id</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The unique ID for this WebApp</td>
-</tr>
-<tr>
-<td><strong>ads-httpAppCtxPath</strong></td>
-<td><em>String</em></td>
-<td>N/A</td>
-<td>The context</td>
-</tr>
-</tbody>
-</table>
-<p>Here is an example of configuration :</p>
-<div class="codehilite"><pre>dn: ads-id=webApp1,ou=httpWebApps,ads-serverId=httpServer,ou=servers,ads-directoryServiceId=default,ou=config
-objectclass: top
-objectclass: ads-base
-objectclass: ads-httpWebApp
-ads-Id: webApp1
-ads-httpWarFile: war file 1
-ads-httpAppCtxPath: /home/app1
-</pre></div>
-
-
-<h2 id="change-password-server">Change Password Server</h2>
-<p>To be added...</p>
<div class="nav">
@@ -1457,7 +188,7 @@ ads-httpAppCtxPath: /home/app1
</div>
<div class="nav_next">
- <a href="3-admin-model.html">3 - Administrative Model</a>
+ <a href="2.1-config-description.html">2.1 - Configuration Description</a>
</div>
<div class="clearfix"></div>
Added: websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html (added)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2.1-config-description.html Sat Nov 29 00:18:17 2014
@@ -0,0 +1,1476 @@
+<!DOCTYPE html>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<html>
+ <head>
+ <title>2.1 - Configuration Description — Apache Directory</title>
+
+ <link href="./../../css/common.css" rel="stylesheet" type="text/css">
+ <link href="./../../css/green.css" rel="stylesheet" type="text/css">
+
+
+ <link rel="shortcut icon" href="./../../images/server-icon_16x16.png">
+
+ <!-- Google Analytics -->
+ <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
+ <script type="text/javascript">
+ _uacct = "UA-1358462-1";
+ urchinTracker();
+ </script>
+ </head>
+ <body>
+ <div id="container">
+ <div id="header">
+ <div id="subProjectsNavBar">
+ <a href="./../../">
+
+ Apache Directory Project
+
+ </a>
+ |
+ <a href="./../../apacheds">
+
+ <STRONG>ApacheDS</STRONG>
+
+ </a>
+ |
+ <a href="./../../studio">
+
+ Apache Directory Studio
+
+ </a>
+ |
+ <a href="./../../api">
+
+ Apache LDAP API
+
+ </a>
+ |
+ <a href="./../../mavibot">
+
+ Mavibot
+
+ </a>
+ |
+ <a href="./../../escimo">
+
+ eSCIMo
+
+ </a>
+ |
+ <a href="./../../fortress">
+
+ Fortress
+
+ </a>
+ </div><!-- subProjectsNavBar -->
+ </div><!-- header -->
+ <div id="content">
+ <div id="leftColumn">
+
+<div id="navigation">
+
+ <ul>
+ <li>
+ <a href="http://bit.ly/1n9YlQT" target="_blank">
+ <img src="./../../images/ApacheConBudapest.png" width="125" height="125" alt="I'm Speaking at ApacheCon Europe 2014! Join me!" title="I'm Speaking at ApacheCon Europe 2014! Join me!" border="0" style="margin-bottom:-3px;"/>
+
+ </a>
+ </li>
+ </ul>
+ <h5>ApacheDS 2.0</h5>
+ <ul>
+ <li><a href="./../../apacheds/">Home</a></li>
+ <li><a href="./../../apacheds/news.html">News</a></li>
+ <li><a href="./../../apacheds/features.html">Features</a></li>
+ </ul>
+ <h5>Downloads</h5>
+ <ul>
+ <li><a href="./../../apacheds/downloads.html">ApacheDS 2.0.0-M19</a> <img src="./../../images/new_badge.gif" alt="" style="margin-bottom:-3px;" border="0"></li>
+ <li><a href="./../../apacheds/download-old-versions.html">Older versions</a></li>
+ </ul>
+ <h5>Documentation</h5>
+ <ul>
+ <li><a href="./../../apacheds/basic-user-guide.html">Basic User Guide </a></li>
+ <li><a href="./../../apacheds/advanced-user-guide.html">Advanced User Guide</a></li>
+ <li><a href="./../../apacheds/developer-guide.html">Developer Guide</a></li>
+ <li><a href="./../../apacheds/kerberos-user-guide.html">Kerberos User Guide</a></li>
+ <li><a href="./../../apacheds/configuration/ads-2.0-configuration.html">Configuration</a></li>
+ <li><a href="./../../apacheds/gen-docs/latest/apidocs">JavaDocs</a></li>
+ <li><a href="./../../apacheds/gen-docs/latest/xref">Cross-Reference</a></li>
+ </ul>
+
+
+ <h5>Support</h5>
+ <ul>
+ <li><a href="./../../mailing-lists-and-irc.html">Mailing Lists & IRC</a></li>
+ <li><a href="./../../sources.html">Sources</a></li>
+ <li><a href="./../../issue-tracking.html">Issue Tracking</a></li>
+ <li><a href="./../../commercial-support.html">Commercial Support</a></li>
+ </ul>
+ <h5>Community</h5>
+ <ul>
+ <li><a href="./../../contribute.html">How to Contribute</a></li>
+ <li><a href="./../../team.html">Team</a></li>
+ <li><a href="./../../original-project-proposal.html">Original Project Proposal</a></li>
+ <li><a href="./../../special-thanks.html" class="external-link" rel="nofollow">Special Thanks</a></li>
+ </ul>
+ <h5>About Apache</h5>
+ <ul>
+ <li><a href="http://www.apache.org/">Apache</a></li>
+ <li><a href="http://www.apache.org/licenses/">License</a></li>
+ <li><a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a></li>
+ <li><a href="http://www.apache.org/foundation/thanks.html">Thanks</a></li>
+ <li><a href="http://www.apache.org/security/">Security</a></li>
+ </ul>
+
+</div><!-- navigation -->
+
+ </div><!-- leftColumn -->
+ <div id="rightColumn">
+
+
+ <div class="nav">
+ <div class="nav_prev">
+
+ <a href="2-server-config.html">2 - Server Configuration</a>
+
+ </div>
+ <div class="nav_up">
+
+ <a href="2-server-config.html">2 - Server Configuration</a>
+
+ </div>
+ <div class="nav_next">
+
+ <a href="2.2-installation-layout.html">2.2 - Installation Layout</a>
+
+ </div>
+ <div class="clearfix"></div>
+ </div>
+
+
+<h1 id="21-configuration-description">2.1 - Configuration Description</h1>
+<p>We will now describe the server configuration. Usually, all the configuration is done using Apache Directory Studio, which offers a pretty GUI. One can also configure the server using LDAP request, as the configuration is stored in the <strong>DIT</strong>. Otherwise, all the configuration modifications won't be applied on a started server : usually, you will have to restart the server in order to get those modifications applied.</p>
+<p>It's a good policy not to modify the LDIF files by hand, but instead to use the Studio Configuration plugin to modify your configuration. </p>
+<h1 id="overall-structure">Overall structure</h1>
+<p>The configuration is stored in a hierarchical order, where sub-elements are related to their parent. For instance, the <em>Transports</em> are associated to the <em>Server</em> they are child of. If we have many kind of servers, we will have as many transports as we have servers.</p>
+<p>The following hierarchy describe the different kind of elements that one can configure, and their relationship :</p>
+<ul>
+<li>ou=config<ul>
+<li><a href="#directory-service">ads-directoryServiceId=XXXXX (Directory Service)</a> <ul>
+<li><a href="#change-log">ads-changeLogId=XXXXX (ChangeLog)</a></li>
+<li><a href="#journal">ads-journalId=XXXXX (Journal)</a></li>
+<li><a href="#interceptors">ou=interceptors (Interceptors)</a><ul>
+<li><a href="#authentication-Interceptor">ads-interceptorId=authenticationInterceptor (Authentication Interceptor)</a><ul>
+<li><a href="#authenticators">ou=authenticators (Authenticators)</a></li>
+<li><a href="#password-policies">ou=passwordPolicies (Password Policies)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="#partitions">ou=partitions (Partitions)</a><ul>
+<li><a href="#jdbm-partition">ads-partitionId=system (JDBM Partition)</a><ul>
+<li><a href="#indexes">ou=indexes (Indexes)</a><ul>
+<li><a href="#indexed-attribute">ads-indexAttributeId=XXXXX (Indexed Attribute)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+<li><a href="#servers">ou=servers (Servers)</a><ul>
+<li><a href="#ldap-server">ads-serverId=ldapServer (Ldap Server)</a><ul>
+<li><a href="#transports">ou=transports (Transports)</a></li>
+<li><a href="#repl-consumers">ou=replConsumers (ReplConsumers)</a></li>
+<li><a href="#extended-op-handlers">ou=extendedOpHandlers (Extended Operation Handlers)</a></li>
+<li><a href="#sasl-mechanisms">ou=saslMechHandlers (SASL Mechanisms)</a></li>
+</ul>
+</li>
+<li><a href="#kerberos-server">ads-serverId=kerberosServer (Kerberos Server)</a><ul>
+<li><a href="#transports">ou=transports (Transports)</a></li>
+</ul>
+</li>
+<li><a href="#http-server">ads-serverId=httpServer (Http Server)</a><ul>
+<li><a href="#transports">ou=transports (Transports)</a></li>
+<li><a href="#http-web-apps">ou=httpWebApps (HttpWebApps)</a></li>
+</ul>
+</li>
+<li><a href="#change-password-server">ads-serverId=changePasswordServer (ChangePassword Server)</a><ul>
+<li><a href="#transports">ou=transports (Transports)</a></li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+</li>
+</ul>
+<p>Note that in order to modify one element, you have to go down the tree up to the entry containing the elements you want to modify. For instance, to modify the TCP port for LDAP, you have to modify the following entry :
+<strong>ads-transportid=ldap, ou=transports, ads-serverId=ldapServer, ou=servers, ads-directoryServiceId=XXXXX, ou=config</strong></p>
+<p>We will now explain each one of those elements.</p>
+<DIV class="note" markdown="1">
+Note that bold attributes are mandatory in the following tables.
+</DIV>
+
+<h1 id="directory-service">Directory Service</h1>
+<p>This is the key of the whole server : the place where we store the data. Most of the servers are depending on this component. You may have more than one server, but only one <em>DirectoryService</em>. This component itself refers to the servers that will be started, plus the backends it will depends on.</p>
+<p>Here are the configuration parameters for this components :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-directoryServiceId</strong></td>
+<td><em>String</em></td>
+<td></td>
+<td>The unique identifier for the service</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the DirectoryService is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-dsReplicaId</strong></td>
+<td><em>int</em></td>
+<td>1</td>
+<td>The replication identifier</td>
+</tr>
+<tr>
+<td><strong>ads-dsAccessControlEnabled</strong></td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the Access Control interceptor is active</td>
+</tr>
+<tr>
+<td><strong>ads-dsAllowAnonymousAccess</strong></td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the service allow anonymous access</td>
+</tr>
+<tr>
+<td><strong>ads-dsDenormalizeOpAttrsEnabled</strong></td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the service should denormalize operational attributes</td>
+</tr>
+<tr>
+<td><strong>ads-dsPasswordHidden</strong></td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the passwords should be encrypted (not used)</td>
+</tr>
+<tr>
+<td><strong>ads-dsSyncPeriodMillis</strong></td>
+<td><em>long</em></td>
+<td>15000</td>
+<td>The delay in milliseconds before we flush data on disk</td>
+</tr>
+<tr>
+<td>ads-dsTestEntries</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>Not used</td>
+</tr>
+</tbody>
+</table>
+<h2 id="change-log">Change Log</h2>
+<p>The <em>ChangeLog</em> is an optional system that logs every changes made on the server, and also records the revert operation, allowing the system to rollback the changes if needed. This is extremely useful when running tests.</p>
+<p>Note that at the moment, the system works in memory.</p>
+<p>It's disabled by default.</p>
+<p>Here are the configuration element for the <em>ChangeLog</em> elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-changeLogId</strong></td>
+<td><em>String</em></td>
+<td></td>
+<td>The unique identifier for the system</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the ChangeLog system is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-changeLogExposed</strong></td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the ChangeLog is exposed to the users</td>
+</tr>
+</tbody>
+</table>
+<h2 id="journal">Journal</h2>
+<p>The <em>Journal</em> system logs every modification on the file system. It's intended to be used if the <em>DirectoryService</em> crashes, as we can reapply the journal starting from a date in the past where we know that the underlying database is correct.</p>
+<p>The configuration elements for the <em>Journal</em> are :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-journalId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique identifier for the Journal</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the Journal system is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-journalWorkingDir</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The working directory the Journal will be stored in</td>
+</tr>
+<tr>
+<td><strong>ads-journalRotation</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The number of operation stored befoe the journal is rotated</td>
+</tr>
+<tr>
+<td><strong>ads-journalFileName</strong></td>
+<td><em>String</em></td>
+<td>journal.txt</td>
+<td>The file contaning the Journal</td>
+</tr>
+</tbody>
+</table>
+<h2 id="interceptors">Interceptors</h2>
+<p>The <em>Interceptors</em> are generally not configurable. You don't want to change their order, nor remove or add some. The fact that they appear in the configuration is because we use this to initialize the server.</p>
+<p>However, at least one <em>Interceptor</em> can be configured : the <em>authenticationInterceptor</em>. </p>
+<p>In the case where one would like to add an interceptor, it's enough to add the associated entry containing the interceptor identifier, under the <em>ou=interceptors</em> entry. It must have an order. Here are the elements that can be configured in such a case :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-interceptorid</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique identifier for this Interceptor</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the Interceptor is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td>ads-interceptororder</td>
+<td><em>int</em></td>
+<td>N/A</td>
+<td>The position in the chain for this interceptor</td>
+</tr>
+<tr>
+<td>ads-interceptorclassname</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The class implementing this interceptor</td>
+</tr>
+</tbody>
+</table>
+<h3 id="authentication-interceptor">Authentication Interceptor</h3>
+<p>This <em>Interceptor</em> is in charge of managing the users authentication. It is associated with <em><a href="#authenticators">Authenticators</a></em>, and with <em><a href="#password-policies">Password Policies</a></em>.</p>
+<h4 id="authenticators">Authenticators</h4>
+<p>We may have various <em>Authenticator</em> declared for a given server. The default server has three different <em>Authenticators</em>, which are :</p>
+<ul>
+<li>anonymousAuthenticator : used for anonymous requests</li>
+<li>simpleAuthenticator : handle simple authentication, based on a password</li>
+<li>strongAuthenticator : handle SASL authentication.</li>
+</ul>
+<p>One can add a new <em>Authenticator</em>, if needed. It's just a matter of creating a new entry under the <em>ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors</em> entry, containing the two following elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-authenticatorId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique identifier for this Authenticator</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the Partition is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-authenticatorClass</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The FQCN for the class implementing the AUthenticator</td>
+</tr>
+</tbody>
+</table>
+<h3 id="password-policies">Password Policies</h3>
+<p>There are many possible configurable options for the <em>PasswordPolicy</em> system. Here is a list of all the possible elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-pwdId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique ID of the <em>PasswordPolicy</em> system</td>
+</tr>
+<tr>
+<td><strong>ads-pwdAttribute</strong></td>
+<td><em>String</em></td>
+<td>userPassword</td>
+<td>The name of the attribute to which the password policy is applied</td>
+</tr>
+<tr>
+<td>ads-pwdMinAge</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>Holds the number of seconds that must elapse between modifications to the password</td>
+</tr>
+<tr>
+<td>ads-pwdMaxAge</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>Holds the number of seconds after which a modified password will expire. If 0, never expires</td>
+</tr>
+<tr>
+<td>ads-pwdInHistory</td>
+<td><em>boolean</em></td>
+<td>0</td>
+<td>Specifies the maximum number of used passwords stored in the pwdHistory attribute (0 means no storage)</td>
+</tr>
+<tr>
+<td>ads-pwdCheckQuality</td>
+<td><em>boolean</em></td>
+<td>0</td>
+<td>Indicates how the password quality will be verified while being modified or added (0 means no check)</td>
+</tr>
+<tr>
+<td>ads-pwdMinLength</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The minimum number of characters that must be used in a password (0 means no limit)</td>
+</tr>
+<tr>
+<td>ads-pwdMaxLength</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The maximum number of characters that may be used in a password (0 means no limit)</td>
+</tr>
+<tr>
+<td>ads-pwdExpireWarning</td>
+<td><em>boolean</em></td>
+<td>0</td>
+<td>The maximum number of seconds before a password is due to expire, and that expiration warning messages will be returned to an authenticating user (0 means no message wil be sent to user)</td>
+</tr>
+<tr>
+<td>ads-pwdGraceAuthNLimit</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The number of times an expired password can be used to authenticate (0 means do not allow a expired password for authentication)</td>
+</tr>
+<tr>
+<td>ads-pwdGraceExpire</td>
+<td><em>boolean</em></td>
+<td>0</td>
+<td>Specifies the number of seconds the grace authentications are valid (0 means no limit)</td>
+</tr>
+<tr>
+<td>ads-pwdLockout</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Flag to indicate if the account needs to be locked after a specified number of</td>
+</tr>
+<tr>
+<td>consecutive failed bind attempts. The maximum number of consecutive failed bind attempts is specified in ads-pwdMaxFailure</td>
+<td></td>
+<td></td>
+<td></td>
+</tr>
+<tr>
+<td>ads-pwdLockoutDuration</td>
+<td><em>int</em></td>
+<td>300</td>
+<td>The number of seconds that the password cannot be used to authenticate due to too many failed bind attempts</td>
+</tr>
+<tr>
+<td>ads-pwdMaxFailure</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The number of consecutive failed bind attempts after which the password may not be used to authenticate (0 means no limit)</td>
+</tr>
+<tr>
+<td>ads-pwdFailureCountInterval</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The number of seconds after which the password failures are purged from the failure counter (0 means reset all the pwdFailureTimes after a successful authentication)</td>
+</tr>
+<tr>
+<td>ads-pwdMustChange</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Flag to indicate if the password must be changed by the user after they bind to the directory after a password is set or reset by a password administrator</td>
+</tr>
+<tr>
+<td>ads-pwdAllowUserChange</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Indicates whether users can change their own passwords</td>
+</tr>
+<tr>
+<td>ads-pwdSafeModify</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Flag to specify whether or not the existing password must be sent along with the new password when being changed</td>
+</tr>
+<tr>
+<td>ads-pwdMinDelay</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The number of seconds to delay responding to the first failed authentication attempt (0 means no delay)</td>
+</tr>
+<tr>
+<td>ads-pwdMaxDelay</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The maximum number of seconds to delay when responding to a failed authentication attempt (no delay) 0 means</td>
+</tr>
+<tr>
+<td>ads-pwdMaxIdle</td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The number of seconds an account may remain unused before it becomes locked (0 means infinite)</td>
+</tr>
+</tbody>
+</table>
+<h2 id="partitions">Partitions</h2>
+<p>The <em>Partition</em> is the part of the server storing your data. There are many parts that need to be configured in order to obtain the best performances out of the server. It's also the part of the configuration you are the more likely to modify, adding new <em>Partitions</em> or adding new <em>Indexes</em>.</p>
+<p>You may have more than one <em>Partition</em> in your <em>DirectoryService</em>. We have at least three existing <em>Partition</em>, the <em>ou=system</em> <em>Partition</em>, the <em>ou=config</em> <em>Partition</em> and the <em>ou=schema</em> <em>Partition</em>. The former is a <em>JDBM</em> <em>Partition</em>, when the two others are <em>LDIF</em> _Partitions.</p>
+<h3 id="jdbm-partition">JDBM Partition</h3>
+<p>A <em>JDBM Partition</em> have the following configurable elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-partitionid</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique identifier for this Partition</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the Partition is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-partitionsuffix</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The partition DN</td>
+</tr>
+<tr>
+<td>ads-contextEntry</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The entry associated with the suffix (in LDIF format)</td>
+</tr>
+<tr>
+<td>ads-partitionSyncOnWrite</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells the server to flush on disk on each write</td>
+</tr>
+</tbody>
+</table>
+<p>Once those elements have been configured, the <em>Partition</em> is available. You still have to create some mandatory indexes though.</p>
+<h4 id="indexes">Indexes</h4>
+<p>Each <em>Partition</em> have indexes, some are mandatory, and others are user provided. Here are the mandatory indexes :</p>
+<table>
+<thead>
+<tr>
+<th>Index</th>
+<th>role</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>apacheRdn</td>
+<td>Stores the RDN for the entry, and the relation to its parent's RDN</td>
+</tr>
+<tr>
+<td>apachePresence</td>
+<td>Used to index the attributeTypes used in the entry</td>
+</tr>
+<tr>
+<td>apacheOneAlias</td>
+<td>Stores the aliases one level below the current entry</td>
+</tr>
+<tr>
+<td>apacheSubAlias</td>
+<td>Stores the aliases below the current entry</td>
+</tr>
+<tr>
+<td>apacheAlias</td>
+<td>Stores the aliases</td>
+</tr>
+<tr>
+<td>objectClass</td>
+<td>Stores the relation between an ObjectClass an the entry using it</td>
+</tr>
+<tr>
+<td>entryCSN</td>
+<td>Stores the CSN for each entry</td>
+</tr>
+<tr>
+<td>administrativeRole</td>
+<td>Stores the entries that are AdminstrativePoints</td>
+</tr>
+</tbody>
+</table>
+<h5 id="indexed-attribute">Indexed Attribute</h5>
+<p>IndexedATtributes have a type, depending on the <em>Partition</em> they are associated with. Currently, we have only one type, <em>JdbmIndex</em>. They have specific configurable elements.</p>
+<p>Each index attribute have four basic elements that can be configured :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-indexAttributeId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique identifier for this indexedAttribute</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the IntexedAttribute is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-indexHasReverse</strong></td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if the IndexedAttribute has a reverse index</td>
+</tr>
+</tbody>
+</table>
+<p>The <em>JdbmIndex</em> type of index has some more configurable elements, all optional :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-indexFileName</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The index file name (default to the associated attributeType name)</td>
+</tr>
+<tr>
+<td>ads-indexWorkingDir</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The index working directory</td>
+</tr>
+<tr>
+<td>ads-indexNumDupLimit</td>
+<td><em>int</em></td>
+<td>512</td>
+<td>The maximum number of values for a single key before we use a sub-tree</td>
+</tr>
+<tr>
+<td>ads-indexCacheSize</td>
+<td><em>int</em></td>
+<td>100</td>
+<td>The number of cached pages for this index</td>
+</tr>
+</tbody>
+</table>
+<h1 id="servers">Servers</h1>
+<p>As we can see, we can start more than one server. We have :</p>
+<ul>
+<li>a LDAP server</li>
+<li>a Kerberos server</li>
+<li>a changePassword server</li>
+<li>an HTTP Server</li>
+<li>a NTP Server</li>
+<li>a DHCP server</li>
+<li>a DNS server</li>
+</ul>
+<p>There is a distinction though between the servers backed by a <em>DirectoryService</em>, and those that aren't (like the HTTP and NTP servers). </p>
+<p>All the <em>DirectoryService</em> backed servers share some common parameters, which are exposed in the following table :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-searchBaseDN</td>
+<td><em>Dn</em></td>
+<td>N/A</td>
+<td>The place were to start looking for authentication informations</td>
+</tr>
+<tr>
+<td>ads-serverId</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The server unique name</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>N/A</td>
+<td>Tells if the Server is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+</tbody>
+</table>
+<p>A server can define more than one transports : for instance, the Kerberos server uses UDP and TCP transports.</p>
+<h2 id="transports">Transports</h2>
+<p>Here are the parameters for the Transport structure :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-transportId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The identification</td>
+</tr>
+<tr>
+<td><strong>ads-transportAddress</strong></td>
+<td><em>String</em></td>
+<td>localhost</td>
+<td>The IP Address</td>
+</tr>
+<tr>
+<td><strong>ads-systemPort</strong></td>
+<td><em>int</em></td>
+<td>-1</td>
+<td>The port</td>
+</tr>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>N/A</td>
+<td>Tells if the Transport system is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td>ads-transportEnableSsl</td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Tells if SSL is activated (not used for UDP)</td>
+</tr>
+<tr>
+<td>ads-transportNbThreads</td>
+<td><em>int</em></td>
+<td>3</td>
+<td>he number of dedicated threads to process the messages</td>
+</tr>
+<tr>
+<td>ads-transportBackLog</td>
+<td><em>int</em></td>
+<td>50</td>
+<td>The number of messages on hold if the server is overloaded (not used for UDP)</td>
+</tr>
+</tbody>
+</table>
+<h2 id="ldap-server">Ldap Server</h2>
+<p>Let's start with the main server : the LDAP server. </p>
+<p>The list of attributes that can be modified is exposed in the following table. </p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the LdapServer system is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-confidentialityRequired</strong></td>
+<td><em>boolean</em></td>
+<td>false</td>
+<td>Whether or not confidentiality (TLS secured connection) is required</td>
+</tr>
+<tr>
+<td><strong>ads-maxSizeLimit</strong></td>
+<td><em>int</em></td>
+<td>1000</td>
+<td>The maximum number of entries the server will return</td>
+</tr>
+<tr>
+<td><strong>ads-maxTimeLimit</strong></td>
+<td><em>int</em></td>
+<td>1000</td>
+<td>The maximum number of seconds the server will use to process a search request</td>
+</tr>
+<tr>
+<td><strong>ads-maxPDUSize</strong></td>
+<td><em>int</em></td>
+<td>2048</td>
+<td>The maximal size for a PDU. This is currently not leveraged</td>
+</tr>
+<tr>
+<td><strong>ads-saslHost</strong></td>
+<td><em>int</em></td>
+<td>N/A</td>
+<td>The name of this host, validated during SASL negotiation</td>
+</tr>
+<tr>
+<td><strong>ads-saslPrincipal</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The service principal, used by GSSAPI.</td>
+</tr>
+<tr>
+<td><strong>sads-saslRealms</strong></td>
+<td><em>List<String></em></td>
+<td>N/A</td>
+<td>The list of realms serviced by this host.</td>
+</tr>
+<tr>
+<td>ads-keystoreFile</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The place on the filesystem where the Keystore is stored</td>
+</tr>
+<tr>
+<td>ads-certificatePassword</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The certificate's password</td>
+</tr>
+<tr>
+<td>ads-replReqHandler</td>
+<td><em>String</em></td>
+<td>(*)</td>
+<td>The replication request handler FQCN</td>
+</tr>
+<tr>
+<td>ads-replEnabled</td>
+<td><em>boolean</em></td>
+<td>FALSE</td>
+<td>Tells if the replication system is enabled</td>
+</tr>
+</tbody>
+</table>
+<p>(*) org.apache.directory.server.ldap.replication.provider.SyncReplRequestHandler</p>
+<h3 id="repl-consumers">Repl Consumers</h3>
+<p>This part of the configuration deals with the replication. It provides all the information for a server to become a consumer. A server can have many different consumers set. </p>
+<p>All the consumers are stored under the <em>ou=replConsumers</em> entry, under the respective server entry.</p>
+<p>Here are the configurable elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td><strong>ads-replConsumerId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The replica unique identifier</td>
+</tr>
+<tr>
+<td><strong>ads-searchBaseDN</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The base DN for replication</td>
+</tr>
+<tr>
+<td><strong>ads-replProvHostName</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The provider host name</td>
+</tr>
+<tr>
+<td><strong>ads-replProvPort</strong></td>
+<td><em>int</em></td>
+<td>389</td>
+<td>The port of the remote server</td>
+</tr>
+<tr>
+<td><strong>ads-replAliasDerefMode</strong></td>
+<td><em>String</em></td>
+<td>NEVER_DEREF_ALIASES</td>
+<td>The alias dereferencing mode to use</td>
+</tr>
+<tr>
+<td><strong>ads-replAttributes</strong></td>
+<td><em>String</em></td>
+<td>*</td>
+<td>The list of attributes to get back</td>
+</tr>
+<tr>
+<td><strong>ads-replRefreshInterval</strong></td>
+<td><em>int</em></td>
+<td>60000</td>
+<td>The delay between refreshes (60 seconds)</td>
+</tr>
+<tr>
+<td><strong>ads-replRefreshNPersist</strong></td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Sets the replication mode</td>
+</tr>
+<tr>
+<td><strong>ads-replSearchScope</strong></td>
+<td><em>String</em></td>
+<td>SUBTREE</td>
+<td>The scope to use while searching for entries</td>
+</tr>
+<tr>
+<td><strong>ads-replSearchFilter</strong></td>
+<td><em>String</em></td>
+<td>(objectClass=*)</td>
+<td>The filter to use</td>
+</tr>
+<tr>
+<td><strong>ads-replSearchSizeLimit</strong></td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The maximum number of entries to get back</td>
+</tr>
+<tr>
+<td><strong>ads-replSearchTimeOut</strong></td>
+<td><em>int</em></td>
+<td>0</td>
+<td>The maximum time to wait while fetching the entries</td>
+</tr>
+<tr>
+<td><strong>ads-replUserDn</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The user DN used to bind on the provider</td>
+</tr>
+<tr>
+<td><strong>ads-replUserPassword</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The password of the user</td>
+</tr>
+<tr>
+<td>ads-replUseTls</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells the server to use startTLS during replication</td>
+</tr>
+<tr>
+<td>ads-replStrictCertValidation</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells the provider to check the certificate if provided</td>
+</tr>
+<tr>
+<td>ads-replPeerCertificate</td>
+<td><em>byte[]</em></td>
+<td>N/A</td>
+<td>The certificate to use for replication</td>
+</tr>
+<tr>
+<td>ads-replConsumerImpl</td>
+<td><em>String</em></td>
+<td>ReplicationConsumerImpl</td>
+<td>The implementation</td>
+</tr>
+<tr>
+<td>ads-replCookie</td>
+<td><em>byte[]</em></td>
+<td>N/A</td>
+<td>The last received cookie</td>
+</tr>
+</tbody>
+</table>
+<h3 id="extended-op-handlers">Extended Op Handlers</h3>
+<p>An LDAP server can handle <em>ExtendedOperations</em>, assuming it has the code to do so. In <strong>ApacheDS</strong>, we do that by associating a <em>Java</em> class with each <em>ExtendedOperation</em>. We may provide more <em>ExtendedOperations</em> in the future. The list of supported <em>ExtendedOperations</em> is given below :</p>
+<ul>
+<li>CertGenerationRequest : Generate a certificate on demand</li>
+<li>GracefulShutdownRequest : Requires the server to shutdown gracefully</li>
+<li>StartTLSExtendedOperation : Process the StartTLS request</li>
+<li>StoredProcedureExtendedOperation : Execute a Stored procedure</li>
+</ul>
+<p>Adding a new <em>ExntedeOperatonHandler</em> is just a matter of adding a new entry under the <em>ou=extendedOpHandlers</em> entry, with the given elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the ExtendedOpHandler system is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-extendedOpId</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The ExtendedOpHandler unique identifier</td>
+</tr>
+<tr>
+<td><strong>ads-extendedOpHandlerClass</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The class FQCN that implements the handler</td>
+</tr>
+</tbody>
+</table>
+<h3 id="sasl-mechanisms">SASL Mechanisms</h3>
+<p>We have various SASL mechanisms, which can be configured. the list of supported SASL mechanisms is :</p>
+<ul>
+<li>CRAM-MD5</li>
+<li>DIGEST-MD5</li>
+<li>GSS-SPNEGO</li>
+<li>GSSAPI</li>
+<li>NTLM</li>
+<li>SIMPLE</li>
+</ul>
+<p>This list is stored in the configuration. It's possible to add new mechanisms if needed, simply by adding an entry containing those elements, under the <em>ou=saslMechHandlers</em></p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the Transport system is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-saslMechName</strong></td>
+<td><em>String</em></td>
+<td><one the above list></td>
+<td>The mechanism name</td>
+</tr>
+<tr>
+<td><strong>ads-saslMechClassName</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The mechanism class name</td>
+</tr>
+<tr>
+<td>ads-ntlmMechProvider</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The NTLM provider</td>
+</tr>
+</tbody>
+</table>
+<h2 id="kerberos-server">Kerberos Server</h2>
+<p>The <em>KerberosServer</em> configuration is an important part of the configuration. It depends on a <em>DirectoryService</em> too, as most of the informations managed by a <em>KerberosServer</em> are store there.</p>
+<p>The list of attributes that can be modified is exposed in the following table. </p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the KerberosServer is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td>ads-krbAllowableClockSkew</td>
+<td><em>int</em></td>
+<td>300000</td>
+<td>The allowable clock skew in milliseconds (5 minutes)</td>
+</tr>
+<tr>
+<td>ads-krbEncryptionTypes</td>
+<td><em>List<String></em></td>
+<td></td>
+<td>The encryption types</td>
+</tr>
+<tr>
+<td>ads-krbEmptyAddressesAllowed</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether empty addresses are allowed</td>
+</tr>
+<tr>
+<td>ads-krbForwardableAllowed</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether forwardable addresses are allowed</td>
+</tr>
+<tr>
+<td>ads-krbPaEncTimestampRequired</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether pre-authentication by encrypted timestamp is required</td>
+</tr>
+<tr>
+<td>ads-krbPostdatedAllowed</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether postdated tickets are allowed</td>
+</tr>
+<tr>
+<td>ads-krbProxiableAllowed</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether proxiable addresses are allowed</td>
+</tr>
+<tr>
+<td>ads-krbRenewableAllowed</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether renewable tickets are allowed</td>
+</tr>
+<tr>
+<td>ads-krbKdcPrincipal</td>
+<td><em>String</em></td>
+<td>krbtgt/EXAMPLE.COM@EXAMPLE.COM</td>
+<td>The service principal name</td>
+</tr>
+<tr>
+<td>ads-krbMaximumRenewableLifetime</td>
+<td><em>long</em></td>
+<td>1000 * 60 * 60 * 24 * 7</td>
+<td>The maximum renewable lifetime in millisconds (7 days)</td>
+</tr>
+<tr>
+<td>ads-krbMaximumTicketLifetime</td>
+<td><em>long</em></td>
+<td>1000 * 60 * 60 * 24</td>
+<td>he maximum ticket lifetime in milliseconds (24 h)</td>
+</tr>
+<tr>
+<td>ads-krbPrimaryRealm</td>
+<td><em>String</em></td>
+<td>EXAMPLE.COM</td>
+<td>The primary realm</td>
+</tr>
+<tr>
+<td>ads-krbBodyChecksumVerified</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Whether to verify the body checksum</td>
+</tr>
+</tbody>
+</table>
+<p>Of course, a <em>Transport</em> has to be defined under the <em>KerberosServer</em> entry (see <a href="#transports">Transports</a>).</p>
+<h2 id="http-server">Http Server</h2>
+<p>We have a Http Server embedded, which is used to manage some parts of the server. One can inject a web application, which has direct access to the embedded LdapServer, for instance. It can be useful for sending LDAP requests using DSML, for instance.</p>
+<p>There is one single element that can be configured :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the HttpServer is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td>ads-httpConfFile</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The configuration file for this server</td>
+</tr>
+</tbody>
+</table>
+<p>An <em>HttpServer</em> without webApps is pretty useless, we now have to configure the underlying web applications</p>
+<h3 id="http-web-apps">Http Web Apps</h3>
+<p>Each <em>WebApp</em> configuration must be added under the <em>ou=webapps</em> entry. Here are the configurable elements :</p>
+<table>
+<thead>
+<tr>
+<th>AttributeType</th>
+<th>type</th>
+<th>default value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>ads-enabled</td>
+<td><em>boolean</em></td>
+<td>true</td>
+<td>Tells if the HttpServer is enabled</td>
+</tr>
+<tr>
+<td>description</td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>A short optional description</td>
+</tr>
+<tr>
+<td><strong>ads-httpWarFile</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The WAR file to use</td>
+</tr>
+<tr>
+<td><strong>ads-id</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The unique ID for this WebApp</td>
+</tr>
+<tr>
+<td><strong>ads-httpAppCtxPath</strong></td>
+<td><em>String</em></td>
+<td>N/A</td>
+<td>The context</td>
+</tr>
+</tbody>
+</table>
+<p>Here is an example of configuration :</p>
+<div class="codehilite"><pre>dn: ads-id=webApp1,ou=httpWebApps,ads-serverId=httpServer,ou=servers,ads-directoryServiceId=default,ou=config
+objectclass: top
+objectclass: ads-base
+objectclass: ads-httpWebApp
+ads-Id: webApp1
+ads-httpWarFile: war file 1
+ads-httpAppCtxPath: /home/app1
+</pre></div>
+
+
+<h2 id="change-password-server">Change Password Server</h2>
+<p>To be added...</p>
+<h1 id="bean-graph">Bean graph</h1>
+<p>The following picture represent the structure of the container used to store the configuration inside the server. The yellow beans are abstract beans, extended by specific beans.</p>
+<p>The bold links mean we can have more than one instance of a bean.</p>
+<p><img alt="ApacheDS configuration beans" src="images/configBeans.png" /></p>
+
+
+ <div class="nav">
+ <div class="nav_prev">
+
+ <a href="2-server-config.html">2 - Server Configuration</a>
+
+ </div>
+ <div class="nav_up">
+
+ <a href="2-server-config.html">2 - Server Configuration</a>
+
+ </div>
+ <div class="nav_next">
+
+ <a href="2.2-installation-layout.html">2.2 - Installation Layout</a>
+
+ </div>
+ <div class="clearfix"></div>
+ </div>
+
+
+ </div><!-- rightColumn -->
+ <div id="endContent"></div>
+ </div><!-- content -->
+ <div id="footer">© 2003-2014, <a href="http://www.apache.org">The Apache Software Foundation</a> - <a href="./../../privacy-policy.html">Privacy Policy</a><br />
+ Apache Directory, ApacheDS, Apache Directory Server, Apache Directory Studio, Apache LDAP API, Apache Triplesec, Triplesec, Apache Mavibot, Mavibot, Apache eSCIMo, eSCIMo, Fortress, Apache Fortress, EnMasse,
+ Apache EnMasse, Apache, the Apache feather logo, and the Apache Directory project logos are trademarks of The Apache Software Foundation.
+ </div>
+ </div><!-- container -->
+ </body>
+</html>
\ No newline at end of file