You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/04/06 07:52:52 UTC
svn commit: r1465195 - in /directory/site/trunk/content/apacheds: ./
advanced-ug/
Author: elecharny
Date: Sat Apr 6 05:52:52 2013
New Revision: 1465195
URL: http://svn.apache.org/r1465195
Log:
Removed the SASL Anonymous page, we don't support SASL ANONYMOUS bind
Added:
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.mdtext
- copied, changed from r1465058, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext
- copied, changed from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-gssapi-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-digest-md5-authn.mdtext
- copied, changed from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-digest-md5-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.mdtext
- copied, changed from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-external-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.mdtext
- copied, changed from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.mdtext
Modified:
directory/site/trunk/content/apacheds/advanced-ug/4.1-authentication.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-cram-md5-authn.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.5.7.1-enable-authenticated-users-to-browse-and-read-entries.mdtext
directory/site/trunk/content/apacheds/advanced-user-guide.mdtext
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1-authentication.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1-authentication.mdtext?rev=1465195&r1=1465194&r2=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1-authentication.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1-authentication.mdtext Sat Apr 6 05:52:52 2013
@@ -31,13 +31,12 @@ Notice: Licensed to the Apache Software
* [4.1.1.2 - Name/Password Authentication](4.1.1.2-name-password-authn.html)
* [4.1.1.3 - Unauthenticated Authentication](4.1.1.3-unauthenticated-authn.html)
* [4.1.2 - SASL authentication](4.1.2-sasl-authn.html)
- * [4.1.2.1 - SASL anonymous Authentication](4.1.2.1-sasl-anonymous-authn.html)
- * [4.1.2.2 - SASL plain text Authentication](4.1.2.2-sasl-plain-text-authn.html)
- * [4.1.2.3 - SASL GSSAPI Authentication](4.1.2.3-sasl-gssapi-authn.html)
- * [4.1.2.4 - SASL CRAM-MD5 Authentication](4.1.2.4-sasl-cram-md5-authn.html)
- * [4.1.2.5 - SASL DIGEST-MD5 Authentication](4.1.2.5-sasl-digest-md5-authn.html)
- * [4.1.2.6 - SASL EXTERNAL Authentication](4.1.2.6-sasl-external-authn.html)
- * [4.1.2.7 - SASL NTLM Authentication](4.1.2.7-sasl-ntlm-authn.html)
+ * [4.1.2.1 - SASL plain text Authentication](4.1.2.1-sasl-plain-text-authn.html)
+ * [4.1.2.2 - SASL GSSAPI Authentication](4.1.2.2-sasl-gssapi-authn.html)
+ * [4.1.2.3 - SASL CRAM-MD5 Authentication](4.1.2.3-sasl-cram-md5-authn.html)
+ * [4.1.2.4 - SASL DIGEST-MD5 Authentication](4.1.2.4-sasl-digest-md5-authn.html)
+ * [4.1.2.5 - SASL EXTERNAL Authentication](4.1.2.5-sasl-external-authn.html)
+ * [4.1.2.6 - SASL NTLM Authentication](4.1.2.6-sasl-ntlm-authn.html)
* [4.1.3 - Kerberos authentication](4.1.3-kerberos-authn.html)
* [4.1.4 - Client authentication through certificates](4.1.4-certificate-authn.html)
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext?rev=1465195&r1=1465194&r2=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -30,13 +30,12 @@ It extends the Simple authentication, by
The **SASL* Authentication is used when a simple user/password authentication is not enough. Many other systems exist, and may take many parameters to authenticate a user. With **SASL**, a challenge/response system is used to get the needed information from the client, up to the point the authentication is either successful or fails.
-## Content
+## Chapter content
-* [4.1.2.1 - SASL anonymous Authentication](4.1.2.1-sasl-anonymous-authn.html)
-* [4.1.2.2 - SASL plain text Authentication](4.1.2.2-sasl-plain-text-authn.html)
-* [4.1.2.3 - SASL GSSAPI Authentication](4.1.2.3-sasl-gssapi-authn.html)
-* [4.1.2.4 - SASL CRAM-MD5 Authentication](4.1.2.4-sasl-cram-md5-authn.html)
-* [4.1.2.5 - SASL DIGEST-MD5 Authentication](4.1.2.5-sasl-digest-md5-authn.html)
-* [4.1.2.6 - SASL EXTERNAL Authentication](4.1.2.6-sasl-external-authn.html)
-* [4.1.2.7 - SASL NTLM Authentication](4.1.2.7-sasl-ntlm-authn.html)
+* [4.1.2.1 - SASL plain text Authentication](4.1.2.1-sasl-plain-text-authn.html)
+* [4.1.2.2 - SASL GSSAPI Authentication](4.1.2.2-sasl-gssapi-authn.html)
+* [4.1.2.3 - SASL CRAM-MD5 Authentication](4.1.2.3-sasl-cram-md5-authn.html)
+* [4.1.2.4 - SASL DIGEST-MD5 Authentication](4.1.2.4-sasl-digest-md5-authn.html)
+* [4.1.2.5 - SASL EXTERNAL Authentication](4.1.2.5-sasl-external-authn.html)
+* [4.1.2.6 - SASL NTLM Authentication](4.1.2.6-sasl-ntlm-authn.html)
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.mdtext (from r1465058, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.mdtext&r1=1465058&r2=1465195&rev=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-plain-text-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -1,10 +1,10 @@
-Title: 4.1.2.2 SASL PLAIN Authentication
-NavPrev: 4.1.2.1-sasl-anonymous-authn.html
-NavPrevText: 4.1.2.1 - SASL anonymous Authentication
+Title: 4.1.2.1 SASL PLAIN Authentication
+NavPrev: 4.1.2-sasl-authn.html
+NavPrevText: 4.1.2 - SASL Authentication
NavUp: 4.1.2-sasl-authn.html
NavUpText: 4.1.2 - SASL Authentication
-NavNext: 4.1.2.3-sasl-gssapi-authn.html
-NavNextText: 4.1.2.3 - SASL GSSAPI Authentication
+NavNext: 4.1.2.2-sasl-gssapi-authn.html
+NavNextText: 4.1.2.2 - SASL GSSAPI Authentication
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-# 4.1.2.2 SASL PLAIN Authentication
+# 4.1.2.1 SASL PLAIN Authentication
The **SASL PLAIN** authentication is most certainly useless, as one can already authenticate using the **Simple Bind**. However, it's still possible to issue a **SASL PLAIN** authentication on _ApacheDS_.
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext (from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-gssapi-authn.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-gssapi-authn.mdtext&r1=1464971&r2=1465195&rev=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-gssapi-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-gssapi-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -1,10 +1,10 @@
-Title: 4.1.2.3 - SASL GSSAPI Authentication
-NavPrev: 4.1.2.2-sasl-plain-text-authn.html
-NavPrevText: 4.1.2.2 - SASL plain text Authentication
+Title: 4.1.2.2 - SASL GSSAPI Authentication
+NavPrev: 4.1.2.1-sasl-plain-text-authn.html
+NavPrevText: 4.1.2.1 - SASL plain text Authentication
NavUp: 4.1.2-sasl-authn.html
NavUpText: 4.1.2 - SASL Authentication
-NavNext: 4.1.2.4-sasl-cram-md5-authn.html
-NavNextText: 4.1.2.4 - SASL CRAM-MD5 Authentication
+NavNext: 4.1.2.3-sasl-cram-md5-authn.html
+NavNextText: 4.1.2.3 - SASL CRAM-MD5 Authentication
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,4 +22,4 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-# 4.1.2.3 - SASL GSSAPI Authentication
+# 4.1.2.2 - SASL GSSAPI Authentication
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-cram-md5-authn.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-cram-md5-authn.mdtext?rev=1465195&r1=1465194&r2=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-cram-md5-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-cram-md5-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -1,10 +1,10 @@
-Title: 4.1.2.4 - SASL CRAM-MD5 Authentication
-NavPrev: 4.1.2.3-sasl-gssapi-authn.html
-NavPrevText: 4.1.2.3 - SASL GSSAPI Authentication
+Title: 4.1.2.3 - SASL CRAM-MD5 Authentication
+NavPrev: 4.1.2.2-sasl-gssapi-authn.html
+NavPrevText: 4.1.2.2 - SASL GSSAPI Authentication
NavUp: 4.1.2-sasl-authn.html
NavUpText: 4.1.2 - SASL Authentication
-NavNext: 4.1.2.5-sasl-digest-md5-authn.html
-NavNextText: 4.1.2.5 - SASL DIGEST-MD5 Authentication
+NavNext: 4.1.2.4-sasl-digest-md5-authn.html
+NavNextText: 4.1.2.4 - SASL DIGEST-MD5 Authentication
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-digest-md5-authn.mdtext (from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-digest-md5-authn.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-digest-md5-authn.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-digest-md5-authn.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-digest-md5-authn.mdtext&r1=1464971&r2=1465195&rev=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-digest-md5-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-digest-md5-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -1,10 +1,10 @@
-Title: 4.1.2.5 - SASL DIGEST-MD5 Authentication
-NavPrev: 4.1.2.4-sasl-cram-md5-authn.html
-NavPrevText: 4.1.2.4 - SASL CRAM-MD5 Authentication
+Title: 4.1.2.4 - SASL DIGEST-MD5 Authentication
+NavPrev: 4.1.2.3-sasl-cram-md5-authn.html
+NavPrevText: 4.1.2.3 - SASL CRAM-MD5 Authentication
NavUp: 4.1.2-sasl-authn.html
NavUpText: 4.1.2 - SASL Authentication
-NavNext: 4.1.2.6-sasl-external-authn.html
-NavNextText: 4.1.2.6 - SASL EXTERNAL Authentication
+NavNext: 4.1.2.5-sasl-external-authn.html
+NavNextText: 4.1.2.5 - SASL EXTERNAL Authentication
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,4 +22,4 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-# 4.1.2.5 - SASL DIGEST-MD5 Authentication
+# 4.1.2.4 - SASL DIGEST-MD5 Authentication
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.mdtext (from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-external-authn.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-external-authn.mdtext&r1=1464971&r2=1465195&rev=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-external-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.5-sasl-external-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -1,10 +1,10 @@
-Title: 4.1.2.6 - SASL EXTERNAL Authentication
-NavPrev: 4.1.2.5-sasl-digest-md5-authn.html
-NavPrevText: 4.1.2.5 - SASL DIGEST-MD5 Authentication
+Title: 4.1.2.5 - SASL EXTERNAL Authentication
+NavPrev: 4.1.2.4-sasl-digest-md5-authn.html
+NavPrevText: 4.1.2.4 - SASL DIGEST-MD5 Authentication
NavUp: 4.1.2-sasl-authn.html
NavUpText: 4.1.2 - SASL Authentication
-NavNext: 4.1.2.7-sasl-ntlm-authn.html
-NavNextText: 4.1.2.7 - SASL NTLM Authentication
+NavNext: 4.1.2.6-sasl-ntlm-authn.html
+NavNextText: 4.1.2.6 - SASL NTLM Authentication
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,4 +22,4 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-# 4.1.2.6 - SASL EXTERNAL Authentication
+# 4.1.2.5 - SASL EXTERNAL Authentication
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.mdtext (from r1464971, directory/site/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.mdtext&r1=1464971&r2=1465195&rev=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.1.2.7-sasl-ntlm-authn.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.1.2.6-sasl-ntlm-authn.mdtext Sat Apr 6 05:52:52 2013
@@ -1,5 +1,5 @@
-Title: 4.1.2.7 - SASL NTLM Authentication
-NavPrev: 4.1.2.6-sasl-external-authn.html
+Title: 4.1.2.6 - SASL NTLM Authentication
+NavPrev: 4.1.2.5-sasl-external-authn.html
NavPrevText: 4.1.2.6 - SASL EXTERNAL Authentication
NavUp: 4.1.2-sasl-authn.html
NavUpText: 4.1.2 - SASL Authentication
@@ -23,4 +23,4 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-# 4.1.2.7 - SASL NTLM Authentication
+# 4.1.2.6 - SASL NTLM Authentication
Modified: directory/site/trunk/content/apacheds/advanced-ug/4.5.7.1-enable-authenticated-users-to-browse-and-read-entries.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.5.7.1-enable-authenticated-users-to-browse-and-read-entries.mdtext?rev=1465195&r1=1465194&r2=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.5.7.1-enable-authenticated-users-to-browse-and-read-entries.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.5.7.1-enable-authenticated-users-to-browse-and-read-entries.mdtext Sat Apr 6 05:52:52 2013
@@ -21,42 +21,27 @@ Notice: Licensed to the Apache Software
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-{scrollbar}
-In this trail, we will show how we will allow all authenticated users to
-browse and read all the entries.
+In this trail, we will show how we will allow all authenticated users to browse and read all the entries.
-By default, if the access control subsystem is enabled, no one but the
-administrator can browse the DIT. This is obviously not convenient ...
+By default, if the access control subsystem is enabled, no one but the administrator can browse the DIT. This is obviously not convenient ...
-<a name="2.5.7.1EnableAuthenticatedUserstoBrowseandReadEntries-PartitionandAccessControlAreaSetup"></a>
# Partition and Access Control Area Setup
-For this example we presume you have setup a partition at the namingContext
-*dc=example,dc=com* and have turned on access controls. Now you want to
-grant browse and read access to entries and their attributes.
-
-Before you can add a *subentry* with the *prescriptiveACI* you'll need to
-create an *administrative area*. For now we'll make the root of the
-partition the *Adminstrative Point* (*AP*). Every entry including this
-entry and those underneath will be part of the autonomous administrative
-area for managing access controls. To do this we must add the
-*administrativeRole* operational attribute to the *AP* entry.
+For this example we presume you have setup a partition at the namingContext **dc=example,dc=com** and have turned on access controls. Now you want to grant browse and read access to entries and their attributes.
+
+Before you can add a **subentry** with the **prescriptiveACI** you'll need to create an **administrative area**. For now we'll make the root of the partition the **Administrative Point** (**AP**). Every entry including this entry and those underneath will be part of the autonomous administrative area for managing access controls. To do this we must add the **administrativeRole** operational attribute to the **AP** entry.
-<a name="2.5.7.1EnableAuthenticatedUserstoBrowseandReadEntries-AdministrationPointsetup"></a>
## AdministrationPoint setup
-In our case, the *dc=example,dc=com* context entry has to contain the
-*administrativeRole* attribute, with the *accessControlSpecificArea* value.
+In our case, the **dc=example,dc=com** context entry has to contain the **administrativeRole** attribute, with the **accessControlSpecificArea** value.
-Let's first connect to the server using the *admin* user, and select the
-*dc=example,dc=com* entry :
+Let's first connect to the server using the **admin** user, and select the **dc=example,dc=com** entry :
!Screen shot 2010-07-04 at 8.45.09 PM.png|border=1!
-We will now add the *directoryOperation* attribute *administrativeRole* to
-this entry :
+We will now add the **directoryOperation** attribute **administrativeRole** to this entry :
!Screen shot 2010-07-04 at 10.17.54 PM.png|border=1!
@@ -68,37 +53,33 @@ Here is the resulting entry :
!Screen shot 2010-07-04 at 10.19.44 PM.png|border=1!
-<a name="2.5.7.1EnableAuthenticatedUserstoBrowseandReadEntries-Subentryaddition"></a>
## Subentry addition
-Now, we have to create a *subentry* in which we will add the
-*prescriptiveACI* granting access to all the users.
+Now, we have to create a *subentry* in which we will add the **prescriptiveACI** granting access to all the users.
Let's define the ACI first.
-<a name="2.5.7.1EnableAuthenticatedUserstoBrowseandReadEntries-ACIItemDescription"></a>
### ACIItem Description
Here's the ACIItem we will add :
-{newcode}
-{
- identificationTag "enableSearchForAllUsers",
- precedence 14,
- authenticationLevel simple,
- itemOrUserFirst userFirst:
- {
- userClasses { allUsers },
- userPermissions
+ :::Java
{
- {
- protectedItems {entry, allUserAttributeTypesAndValues},
- grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
- }
- }
- }
-}
-{newcode}
+ identificationTag "enableSearchForAllUsers",
+ precedence 14,
+ authenticationLevel simple,
+ itemOrUserFirst userFirst:
+ {
+ userClasses { allUsers },
+ userPermissions
+ {
+ {
+ protectedItems {entry, allUserAttributeTypesAndValues},
+ grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+ }
+ }
+ }
+ }
There are several parameters to this simple ACIItem. Here's a breif
exaplanation of each field and it's meaning or significance.
@@ -117,21 +98,18 @@ permissions. </td></tr>
In our case, we want to grant all the users :
-{newcode:firstline=7}
- userClasses { allUsers }
-{newcode}
+ :::Java
+ userClasses { allUsers }
to be granted a read access :
-{newcode:firstline=12}
- grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
-{newcode}
+ :::Java
+ grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
for the Entry and all the values :
-{newcode:firstline=11}
- protectedItems {entry, allUserAttributeTypesAndValues},
-{newcode}
+ :::Java
+ protectedItems {entry, allUserAttributeTypesAndValues},
The granted permissions are used to allow the user to browse the tree
(*grantBrowse*), read the entries (*grantRead*) and return the DN for
@@ -147,30 +125,29 @@ dc=example,dc=com*.
The entry is described below in a LDIF format :
-{newcode}
-dn: cn=enableSearchForAllUsers,dc=example,dc=com
-objectClass: top
-objectClass: subentry
-objectClass: accessControlSubentry
-subtreeSpecification: {}
-prescriptiveACI:
- {
- identificationTag "enableSearchForAllUsers",
- precedence 14,
- authenticationLevel simple,
- itemOrUserFirst userFirst:
- {
- userClasses { allUsers },
- userPermissions
- {
- {
- protectedItems {entry, allUserAttributeTypesAndValues}
- grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
- }
- }
- }
- }
-{newcode}
+ :::Java
+ dn: cn=enableSearchForAllUsers,dc=example,dc=com
+ objectClass: top
+ objectClass: subentry
+ objectClass: accessControlSubentry
+ subtreeSpecification: {}
+ prescriptiveACI:
+ {
+ identificationTag "enableSearchForAllUsers",
+ precedence 14,
+ authenticationLevel simple,
+ itemOrUserFirst userFirst:
+ {
+ userClasses { allUsers },
+ userPermissions
+ {
+ {
+ protectedItems {entry, allUserAttributeTypesAndValues}
+ grantsAndDenials { grantRead, grantReturnDN, grantBrowse }
+ }
+ }
+ }
+ }
It's also easy to create such an entry with *Apache Directory Studio*.
First, right click on the context entry, and select 'new Entry' :
Modified: directory/site/trunk/content/apacheds/advanced-user-guide.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-user-guide.mdtext?rev=1465195&r1=1465194&r2=1465195&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-user-guide.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-user-guide.mdtext Sat Apr 6 05:52:52 2013
@@ -42,12 +42,12 @@ This guide get you a deep further into A
* [4.1.1.2 - Name/Password Authentication](advanced-ug/4.1.1.2-name-password-authn.html)
* [4.1.1.2 - Unauthenticated Authentication](advanced-ug/4.1.1.2-unauthenticated-authn.html)
* [4.1.2 - SASL authentication](advanced-ug/4.1.2-sasl-authn.html)
- * [4.1.2.1 - SASL anonymous Authentication](advanced-ug/4.1.2.1-sasl-anonymous-authn.html)
- * [4.1.2.2 - SASL plain text Authentication](advanced-ug/4.1.2.2-sasl-plain-text-authn.html)
- * [4.1.2.3 - SASL GSSAPI Authentication](advanced-ug/4.1.2.3-sasl-gssapi-authn.html)
- * [4.1.2.4 - SASL CRAM-MD5 Authentication](advanced-ug/4.1.2.4-sasl-cram-md5-authn.html)
- * [4.1.2.5 - SASL DIGEST-MD5 Authentication](advanced-ug/4.1.2.5-sasl-digest-md5-authn.html)
- * [4.1.2.6 - SASL EXTERNAL Authentication](advanced-ug/4.1.2.6-sasl-external-authn.html)
+ * [4.1.2.1 - SASL plain text Authentication](advanced-ug/4.1.2.1-sasl-plain-text-authn.html)
+ * [4.1.2.2 - SASL GSSAPI Authentication](advanced-ug/4.1.2.2-sasl-gssapi-authn.html)
+ * [4.1.2.3 - SASL CRAM-MD5 Authentication](advanced-ug/4.1.2.3-sasl-cram-md5-authn.html)
+ * [4.1.2.4 - SASL DIGEST-MD5 Authentication](advanced-ug/4.1.2.4-sasl-digest-md5-authn.html)
+ * [4.1.2.5 - SASL EXTERNAL Authentication](advanced-ug/4.1.2.5-sasl-external-authn.html)
+ * [4.1.2.6 - SASL NTLM Authentication](advanced-ug/4.1.2.6-sasl-ntlm-authn.html)
* [4.1.3 - Kerberos authentication](advanced-ug/4.1.3-kerberos-authn.html)
* [4.1.4 - Client authentication through certificates](advanced-ug/4.1.4-certificate-authn.html)
* [4.2 - Authorization](advanced-ug/4.2-authorization.html)