You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/05/17 18:56:45 UTC

svn commit: r1483912 - in /directory/site/trunk/content/apacheds: advanced-ug/4.2-authorization.mdtext advanced-ug/4.2.7-using-acis-trail.mdtext advanced-ug/4.2.7.2-allow-self-password-modify.mdtext basic-ug/1.3-installing-and-starting.mdtext

Author: elecharny
Date: Fri May 17 16:56:44 2013
New Revision: 1483912

URL: http://svn.apache.org/r1483912
Log:
Added a page, fixed some broken links

Added:
    directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext
Modified:
    directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext
    directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext
    directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext

Modified: directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext?rev=1483912&r1=1483911&r2=1483912&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2-authorization.mdtext Fri May 17 16:56:44 2013
@@ -74,8 +74,8 @@ time.
 
 | Trail | Description |
 |---|---|
-| [EnableSearchForAllUsers](enablesearchforallusers.html) | Enabling access to browse and read all entries and their attributes by authenticated users. |
-| DenySubentryAccess (TBW) | Protecting access to subentries themselves. |
-| [AllowSelfPasswordModify](allowselfpasswordmodify.html) | Granting users the rights needed to change their own passwords. |
+| DenySubentryAccess (TBW) | Protecting access to subentries themselves. || Enabling access to browse and read all entries and their attributes by authenticated users. |
+| Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html) | Granting users the rights needed to change their own passwords. |
 | GrantAddDelModToGroup (TBW) | Granting add, delete, and modify permissions to a group of users. |
 | GrantModToEntry (TBW) | Applying ACI to a single entry. |
+| Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html) 

Modified: directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext?rev=1483912&r1=1483911&r2=1483912&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.7-using-acis-trail.mdtext Fri May 17 16:56:44 2013
@@ -27,4 +27,5 @@ Notice: Licensed to the Apache Software 
 ## Chapter content
 
 * [4.2.7.1 - Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html)
+* [4.2.7.2 - Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html)
 

Added: directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext?rev=1483912&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext (added)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.mdtext Fri May 17 16:56:44 2013
@@ -0,0 +1,52 @@
+Title: 4.2.7.2 - Allow Self Password Modify
+NavPrev: 4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html
+NavPrevText: 4.2.7.1 - Enable Authenticated Users to Browse and Read Entries
+NavUp: 4.2.7-using-acis-trail.html
+NavUpText: 4.2.7 Using ACIs trail
+NavNext: 4.2.7.3-.html
+NavNextText: 4.2.7.3 - 
+Notice: Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    .
+    http://www.apache.org/licenses/LICENSE-2.0
+    .
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+# 4.2.7.2 - Allow Self Password Modify
+
+We will  now configure the system to allow anyone to modify his/her own password :
+
+    :::text
+    {
+      identificationTag "allowSelfAccessAndModification",
+      precedence 14,
+      authenticationLevel none,
+      itemOrUserFirst userFirst: 
+      {
+        userClasses { thisEntry },
+        userPermissions 
+        { 
+          { protectedItems {entry}, grantsAndDenials { grantModify, grantBrowse, grantRead } },
+          { protectedItems {allAttributeValues {userPassword}}, grantsAndDenials { grantAdd, grantRemove } }
+        } 
+      } 
+    }
+
+## Commentary
+
+Note that two different user permissions are used to accurately specify self access and self modification of the **userPassword** attribute within the entry.  So with the first userPermission of this ACI a user would be able to read all attributes and values within his/her entry.  They also have the ability to modify the entry but this is moot since they cannot add, remove or replace any attributes within their entry.  The second user permission completes the picture by granting add and remove permissions to all values of userPassword.  This means the user can replace the password.
+
+<DIV class="warning" markdown="1">
+**grantAdd + grantRemove = grantReplace**
+Modify operations either add, remove or replace attributes and their values in LDAP.  X.500 seems to have overlooked the replace capability.  Hence there is no such thing as a *grantReplace* permission.  However grantAdd and grantDelete on an attribute and its values are both required for a replace operation to take place. 
+</DIV>

Modified: directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext?rev=1483912&r1=1483911&r2=1483912&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext (original)
+++ directory/site/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.mdtext Fri May 17 16:56:44 2013
@@ -123,4 +123,4 @@ and stop it with :
 
 ## Installation on Linux and Solaris
 
-The installation for different installers is described on the [Apache Directory Server 2.0 Downloads](http://directory.apache.org/apacheds/2.0/downloads.html) page.
+The installation for different installers is described on the [Apache Directory Server 2.0 Downloads](http://directory.apache.org/apacheds/downloads.html) page.