You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2013/06/21 12:04:40 UTC
svn commit: r866770 [1/9] - in /websites/staging/directory/trunk/content: ./
apacheds/ apacheds/advanced-ug/ apacheds/basic-ug/ apacheds/configuration/
apacheds/kerberos-ug/ api/ api/gen-docs/ api/gen-docs/latest/
api/groovy-api/ api/user-guide/ studio/
Author: buildbot
Date: Fri Jun 21 10:04:38 2013
New Revision: 866770
Log:
Staging update by buildbot for directory
Removed:
websites/staging/directory/trunk/content/api/gen-docs/1.0.0-M18
websites/staging/directory/trunk/content/api/gen-docs/latest/.htaccess
websites/staging/directory/trunk/content/api/gen-docs/latest/apidocs
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/advanced-ug/0.1-reporting-bugs.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/0.2-building-trunks.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/1.2-network.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/1.5-backend.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.10-aci-grammar.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html
websites/staging/directory/trunk/content/apacheds/advanced-ug/4.3-password-policy.html
websites/staging/directory/trunk/content/apacheds/basic-ug/1.3-installing-and-starting.html
websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.1-changing-server-port.html
websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.2-changing-admin-password.html
websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.3-adding-partition.html
websites/staging/directory/trunk/content/apacheds/basic-ug/1.4.4-configure-logging.html
websites/staging/directory/trunk/content/apacheds/basic-ug/1.5-sample-configuration.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.1.1-adding-entries.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.1.2-deleting-entries.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html
websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html
websites/staging/directory/trunk/content/apacheds/basic-ug/3.2-basic-authorization.html
websites/staging/directory/trunk/content/apacheds/basic-ug/3.3-enabling-ssl.html
websites/staging/directory/trunk/content/apacheds/coding-standards.html
websites/staging/directory/trunk/content/apacheds/configuration/ads-2.0-configuration.html
websites/staging/directory/trunk/content/apacheds/download-old-versions.html
websites/staging/directory/trunk/content/apacheds/index.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.1-realms.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.2-principals.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.3-keys.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.4-kdc.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.6-as.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/1.1.8-tickets.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.1-authenticate-kinit.html
websites/staging/directory/trunk/content/apacheds/kerberos-ug/4.2-authenticate-studio.html
websites/staging/directory/trunk/content/apacheds/news.html
websites/staging/directory/trunk/content/api/download-old-versions.html
websites/staging/directory/trunk/content/api/groovy-api/2-groovy-ldap-user-guide.html
websites/staging/directory/trunk/content/api/groovy-api/3-groovy-ldap-implementation.html
websites/staging/directory/trunk/content/api/groovy-api/4-groovy-ldap-building.html
websites/staging/directory/trunk/content/api/groovy-ldap.html
websites/staging/directory/trunk/content/api/user-guide.html
websites/staging/directory/trunk/content/api/user-guide/2.3-searching.html
websites/staging/directory/trunk/content/api/user-guide/2.4-adding.html
websites/staging/directory/trunk/content/api/user-guide/2.5-deleting.html
websites/staging/directory/trunk/content/api/user-guide/7-requests-responses.html
websites/staging/directory/trunk/content/api/user-guide/7.1-abandon-request.html
websites/staging/directory/trunk/content/index.html
websites/staging/directory/trunk/content/issue-tracking.html
websites/staging/directory/trunk/content/sources.html
websites/staging/directory/trunk/content/studio/building.html
websites/staging/directory/trunk/content/studio/download-old-versions.html
websites/staging/directory/trunk/content/studio/faqs.html
websites/staging/directory/trunk/content/studio/internationalization.html
websites/staging/directory/trunk/content/studio/issue-tracking.html
websites/staging/directory/trunk/content/studio/mailing-lists.html
websites/staging/directory/trunk/content/studio/source-repository.html
websites/staging/directory/trunk/content/studio/studio-plugin-source-repository.html
websites/staging/directory/trunk/content/studio/working.html
websites/staging/directory/trunk/content/vision.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Jun 21 10:04:38 2013
@@ -1 +1 @@
-1495356
+1495362
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/0.1-reporting-bugs.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/0.1-reporting-bugs.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/0.1-reporting-bugs.html Fri Jun 21 10:04:38 2013
@@ -147,7 +147,7 @@
<p>We'll prioritize your bug higher than others and probably fix it rapidly because the problem is isolated thanks to your testcase submission. We will in fact strip out your testcase and add it to our suite of test cases to make sure ApacheDS always passes this integration test you've provided.</p>
<h3 id="installing-the-apacheds-archetype-testcase">Installing the apacheds-archetype-testcase</h3>
<p>To use the archetype you'll need to check it out and install it. Here's how you can do that for the leading edge of 2.0.0:</p>
-<div class="codehilite"><pre><span class="n">svn</span> <span class="n">co</span> <span class="n">http:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/repos/</span><span class="n">asf</span><span class="sr">/directory/</span><span class="n">documentation</span><span class="sr">/samples/</span><span class="n">trunk</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">archetype</span><span class="o">-</span><span class="n">testcase</span>
+<div class="codehilite"><pre><span class="n">svn</span> <span class="n">co</span> <span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">svn</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">repos</span><span class="o">/</span><span class="n">asf</span><span class="o">/</span><span class="n">directory</span><span class="o">/</span><span class="n">documentation</span><span class="o">/</span><span class="n">samples</span><span class="o">/</span><span class="n">trunk</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">archetype</span><span class="o">-</span><span class="n">testcase</span>
<span class="n">cd</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">archetype</span><span class="o">-</span><span class="n">testcase</span>
<span class="n">mvn</span> <span class="n">install</span>
</pre></div>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/0.2-building-trunks.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/0.2-building-trunks.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/0.2-building-trunks.html Fri Jun 21 10:04:38 2013
@@ -192,7 +192,7 @@
</ul>
<p><em>Dependencies</em> : project</p>
<h2 id="junit-addons-project">Junit-Addons project</h2>
-<p>This project is used to add concurrent tests in the server. It's a fork of <a href="ref needed">Mycila</a>.</p>
+<p>This project is used to add concurrent tests in the server. It's a fork of <a href="ref%20needed">Mycila</a>.</p>
<p>It has one single module :</p>
<ul>
<li>junit-addons</li>
@@ -240,7 +240,7 @@
</ul>
<p><em>Dependencies</em> : project, junit-addons</p>
<h3 id="jdbm-project">JDBM project</h3>
-<p>This project covers the JDBM code. It's a fork of the <a href="ref needed">JDBM 1.0 project</a>.</p>
+<p>This project covers the JDBM code. It's a fork of the <a href="ref%20needed">JDBM 1.0 project</a>.</p>
<p>The current project hierarchy is the following :</p>
<ul>
<li>apacheds-jdbm-parent<ul>
@@ -315,46 +315,46 @@
<p><em>Dependencies</em> : project, junit-addons jdbm, shared,</p>
<h2 id="prerequisites-for-building">Prerequisites for building</h2>
<p>You must have installed <strong>Maven 3.0.4</strong> and have a <strong>JDK 5</strong> (or a more recent one) installed on your computer. A working internet connection is also mandatory, unless you have all the needed dependences and plugins loaded locally.</p>
-<p><DIV class="note" markdown="1">
-If the build hangs or you get an out of memory exception please increase the heap space:</p>
-<ul>
-<li>
-<p>For Linux:</p>
-<p>MAVEN_OPTS="-Xmx256m" mvn clean install</p>
-</li>
-<li>
-<p>For Windows:</p>
-<p>SET MAVEN_OPTS="-Xmx256m"
- mvn clean install
-</DIV></p>
-</li>
-</ul>
+<DIV class="note" markdown="1">
+If the build hangs or you get an out of memory exception please increase the heap space:
+
+* For Linux:
+
+ MAVEN_OPTS="-Xmx256m" mvn clean install
+
+* For Windows:
+
+ SET MAVEN_OPTS="-Xmx256m"
+ mvn clean install
+</DIV>
+
<h3 id="maven">Maven</h3>
<p><a href="http://maven.apache.org/download.html">Download</a> and install Maven 3.0.4.</p>
<p>Add a MAVEN_HOME environment variable and add MAVEN_HOME/bin to your system path:</p>
<p>On a Linux box you could add the following to the .bashrc file (.bashrc is a file you'll find in your home directory)</p>
-<div class="codehilite"><pre><span class="o">...</span>
-<span class="n">export</span> <span class="n">MAVEN_HOME</span><span class="o">=</span><span class="sr">/opt/m</span><span class="n">aven</span><span class="o">-</span><span class="mf">3.0.4</span>
-<span class="n">export</span> <span class="n">PATH</span><span class="o">=</span><span class="nv">$JAVA_HOME:$JAVA_HOME</span><span class="sr">/bin:$MAVEN_HOME/</span><span class="n">bin:</span><span class="nv">$PATH</span>
-<span class="o">...</span>
+<div class="codehilite"><pre><span class="p">...</span>
+<span class="n">export</span> <span class="n">MAVEN_HOME</span><span class="p">=</span><span class="o">/</span><span class="n">opt</span><span class="o">/</span><span class="n">maven</span><span class="o">-</span>3<span class="p">.</span>0<span class="p">.</span>4
+<span class="n">export</span> <span class="n">PATH</span><span class="p">=</span>$<span class="n">JAVA_HOME</span><span class="p">:</span>$<span class="n">JAVA_HOME</span><span class="o">/</span><span class="n">bin</span><span class="p">:</span>$<span class="n">MAVEN_HOME</span><span class="o">/</span><span class="n">bin</span><span class="p">:</span>$<span class="n">PATH</span>
+<span class="p">...</span>
</pre></div>
<p>Windows users, use Control Panel -> System -> Advanced -> Environment Variables</p>
<h3 id="jdk-5">JDK 5</h3>
-<p><DIV class="note" markdown="1">
-There may be some issues with older JDK versions and Kerberos, therefore we recommend using a version >=1.5.0_09
-</DIV></p>
+<DIV class="note" markdown="1">
+There may be some issues with older JDK versions and Kerberos, therefore we recommend using a version >=1.5.0_09
+</DIV>
+
<p>Any newer version should also work.</p>
<h2 id="getting-the-code">Getting the code</h2>
<p>To download the sources from trunk, you must have installed a <strong>Subversion</strong> client.</p>
<p>With readonly access :</p>
-<div class="codehilite"><pre><span class="n">svn</span> <span class="n">co</span> <span class="n">http:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/repos/</span><span class="n">asf</span><span class="sr">/directory/</span><span class="n">trunks</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span>
+<div class="codehilite"><pre><span class="n">svn</span> <span class="n">co</span> <span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">svn</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">repos</span><span class="o">/</span><span class="n">asf</span><span class="o">/</span><span class="n">directory</span><span class="o">/</span><span class="n">trunks</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span>
</pre></div>
<p>With read/write access (for committers only) :</p>
-<div class="codehilite"><pre><span class="n">svn</span> <span class="n">co</span> <span class="n">https:</span><span class="sr">//s</span><span class="n">vn</span><span class="o">.</span><span class="n">apache</span><span class="o">.</span><span class="n">org</span><span class="sr">/repos/</span><span class="n">asf</span><span class="sr">/directory/</span><span class="n">trunks</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span>
+<div class="codehilite"><pre><span class="n">svn</span> <span class="n">co</span> <span class="n">https</span><span class="p">:</span><span class="o">//</span><span class="n">svn</span><span class="p">.</span><span class="n">apache</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">repos</span><span class="o">/</span><span class="n">asf</span><span class="o">/</span><span class="n">directory</span><span class="o">/</span><span class="n">trunks</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span>
</pre></div>
@@ -378,21 +378,20 @@ Building should finish with these lines:
<div class="codehilite"><pre><span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="o">------------------------------------------------------------------------</span>
<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">BUILD</span> <span class="n">SUCCESSFUL</span>
<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="o">------------------------------------------------------------------------</span>
-<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">Total</span> <span class="nb">time</span><span class="p">:</span> <span class="mi">8</span> <span class="n">minutes</span> <span class="mi">30</span> <span class="n">seconds</span>
-<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">Finished</span> <span class="n">at:</span> <span class="n">Mon</span> <span class="n">Oct</span> <span class="mi">30</span> <span class="mi">23</span><span class="p">:</span><span class="mi">32</span><span class="p">:</span><span class="mi">41</span> <span class="n">CET</span> <span class="mi">2006</span>
-<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">Final</span> <span class="n">Memory:</span> <span class="mi">18</span><span class="n">M</span><span class="o">/</span><span class="mi">32</span><span class="n">M</span>
+<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">Total</span> <span class="n">time</span><span class="p">:</span> 8 <span class="n">minutes</span> 30 <span class="n">seconds</span>
+<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">Finished</span> <span class="n">at</span><span class="p">:</span> <span class="n">Mon</span> <span class="n">Oct</span> 30 23<span class="p">:</span>32<span class="p">:</span>41 <span class="n">CET</span> 2006
+<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="n">Final</span> <span class="n">Memory</span><span class="p">:</span> 18<span class="n">M</span><span class="o">/</span>32<span class="n">M</span>
<span class="p">[</span><span class="n">INFO</span><span class="p">]</span> <span class="o">------------------------------------------------------------------------</span>
</pre></div>
-<p><DIV class="info" markdown="1">
-If you want to do really safe build, run the following commands in trunks:</p>
-<div class="codehilite"><pre><span class="n">resources</span><span class="o">/</span><span class="n">superclean</span><span class="o">.</span><span class="n">sh</span>
-<span class="n">mvn</span> <span class="n">install</span> <span class="o">-</span><span class="n">Dintegration</span>
-</pre></div>
+<DIV class="info" markdown="1">
+If you want to do really safe build, run the following commands in trunks:
+ resources/superclean.sh
+ mvn install -Dintegration
+</DIV>
-<p></DIV></p>
<h2 id="building-the-installers">Building the installers</h2>
<p>Building the installers is a two phase process :</p>
<div class="codehilite"><pre><span class="n">cd</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span>
@@ -404,8 +403,8 @@ If you want to do really safe build, run
<h2 id="starting-the-server-without-installation">Starting the server without installation</h2>
<p>The directory apacheds-trunk/installers/apacheds-noarch contains a script for Linux (apacheds.sh) and one for Windows (apacheds.bat) which can be used for starting the server without the need to install it first (as non-root-user on Linux and non-Windows-service on Windows).</p>
<p>Linux:</p>
-<div class="codehilite"><pre><span class="n">cd</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span><span class="sr">/installers/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">noarch</span>
-<span class="o">./</span><span class="n">apacheds</span><span class="o">.</span><span class="n">sh</span>
+<div class="codehilite"><pre><span class="n">cd</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span><span class="o">/</span><span class="n">installers</span><span class="o">/</span><span class="n">apacheds</span><span class="o">-</span><span class="n">noarch</span>
+<span class="o">./</span><span class="n">apacheds</span><span class="p">.</span><span class="n">sh</span>
</pre></div>
@@ -414,7 +413,7 @@ If you want to do really safe build, run
<h3 id="building-eclipse-files">Building eclipse files</h3>
<p>To build the .project and .classpath files for eclipse, type the following commands :</p>
<div class="codehilite"><pre><span class="n">cd</span> <span class="n">apacheds</span><span class="o">-</span><span class="n">trunk</span>
-<span class="n">mvn</span> <span class="n">eclipse:eclipse</span>
+<span class="n">mvn</span> <span class="n">eclipse</span><span class="p">:</span><span class="n">eclipse</span>
</pre></div>
@@ -424,12 +423,12 @@ If you want to do really safe build, run
<h3 id="eclipse-hints">Eclipse hints</h3>
<p>Add an eclipse-apacheDS.sh file in your eclipse root directory, to allow eclipse to get more memory (e.g. 750MB)
You may also declare a specific workspace when launching eclipse. I have created a workspace-apacheDS directory in my HOME directory, where all the ApacheDS project is built when I use Eclipse.</p>
-<div class="codehilite"><pre><span class="sr"><eclipse_root>/eclipse -data $HOME/</span><span class="n">workspace</span><span class="o">-</span><span class="n">apacheDS</span> <span class="o">-</span><span class="n">vm</span> <span class="n">java</span> <span class="o">-</span><span class="n">vmargs</span> <span class="o">-</span><span class="n">Xmx750M</span>
+<div class="codehilite"><pre><span class="o"><</span><span class="n">eclipse_root</span><span class="o">>/</span><span class="n">eclipse</span> <span class="o">-</span><span class="n">data</span> $<span class="n">HOME</span><span class="o">/</span><span class="n">workspace</span><span class="o">-</span><span class="n">apacheDS</span> <span class="o">-</span><span class="n">vm</span> <span class="n">java</span> <span class="o">-</span><span class="n">vmargs</span> <span class="o">-</span><span class="n">Xmx750M</span>
</pre></div>
<p>Launch eclipse :</p>
-<div class="codehilite"><pre><span class="sr"><eclipse_root></span><span class="o">/</span><span class="n">eclipse</span><span class="o">-</span><span class="n">apacheDS</span><span class="o">.</span><span class="n">sh</span>
+<div class="codehilite"><pre><span class="o"><</span><span class="n">eclipse_root</span><span class="o">>/</span><span class="n">eclipse</span><span class="o">-</span><span class="n">apacheDS</span><span class="p">.</span><span class="n">sh</span>
</pre></div>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/1.2-network.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/1.2-network.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/1.2-network.html Fri Jun 21 10:04:38 2013
@@ -157,9 +157,10 @@ The <em>DirectoryService</em> is the par
<p>We allow connection through the definition of <em>transports</em>. A <em>Transport</em> is a <strong>TCP</strong> or an <strong>UDP</strong> socket capable of absorbing a request and to send a response. Depending on the type of server, we may declare one or more <strong>TCP</strong> <em>Transports</em>, or a <strong>TCP</strong> and a <strong>UDP</strong> <em>Transports</em>, or an <strong>UDP</strong> <em>Transport</em> only.</p>
<h3 id="ldap-server">Ldap Server</h3>
<p>The LDAP server needs one or two <strong>TCP</strong> <em>Transport</em>. We have the standard <em>LDAP</em> port (defaulting to <em>10389</em> for <em>ApacheDS</em>, but the well know port is usually 389), and one can also declare the <em>LDAPS</em> port (defaulting to <em>10636</em> for <em>ApacheDS</em>, but the well know port is usually 636). </p>
-<p><DIV class="warning" markdown="1">
-Note that <em>LDAPS</em> is considered as deprecated.
-</DIV></p>
+<DIV class="warning" markdown="1">
+Note that *LDAPS* is considered as deprecated.
+</DIV>
+
<h3 id="kerberos-server">Kerberos Server</h3>
<p>The Kerberos Server uses one <strong>TCP</strong> <em>Transport</em> (defaulting to <em>60088</em>, but the well know port is 88 ) and one <strong>UDP</strong> _transport (same value for both ports). The idea is that the communication starts on <strong>TCP</strong> and continues on <strong>UDP</strong>.</p>
<h3 id="changepassword-server">ChangePassword Server</h3>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/1.5-backend.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/1.5-backend.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/1.5-backend.html Fri Jun 21 10:04:38 2013
@@ -162,9 +162,10 @@
<h3 id="mastertable">MasterTable</h3>
<p>The <em>MasterTable</em> contains all the entries, serialized. </p>
<p>This table is a <Key, Value> <strong>BTree</strong>, where the key is the entry's <strong>UUID</strong>, and the value the serialized entry.</p>
-<p><DIV class="note" markdown="1">
-Theorically, we could be able to read it, and restore the whole database, indexes included, assuming that we know which index we have to create. Sadly, it's not enough, as the entries are stored without any information about their position in the <strong>DIT</strong>.
-</DIV></p>
+<DIV class="note" markdown="1">
+Theorically, we could be able to read it, and restore the whole database, indexes included, assuming that we know which index we have to create. Sadly, it's not enough, as the entries are stored without any information about their position in the **DIT**.
+</DIV>
+
<h3 id="indexes">Indexes</h3>
<p>Each index is also a <key, value> <strong>BTree</strong>, with some exceptions : as we may store multi-valued elements, it's perfectly possible that the value will grow up to a point it's extremely costly to store it serialized. For instance, the <em>ObjectClass</em> index may have thousands of entries for the <em>Person</em> key.</p>
<p>In this case, we use a sub-btree, which is a <key,key> <strong>BTree</strong> (as strange as it sounds, it's an easy way to add a new key without having to rewrite the full value).</p>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/2-server-config.html Fri Jun 21 10:04:38 2013
@@ -197,9 +197,10 @@
<p>Note that in order to modify one element, you have to go down the tree up to the entry containing the elements you want to modify. For instance, to modify the TCP port for LDAP, you have to modify the following entry :
<strong>ads-transportid=ldap, ou=transports, ads-serverId=ldapServer, ou=servers, ads-directoryServiceId=XXXXX, ou=config</strong></p>
<p>We will now explain each one of those elements.</p>
-<p><DIV class="note" markdown="1">
+<DIV class="note" markdown="1">
Note that bold attributes are mandatory in the following tables.
-</DIV></p>
+</DIV>
+
<h1 id="directory-service">Directory Service</h1>
<p>This is the key of the whole server : the place where we store the data. Most of the servers are depending on this component. You maye have more than one server, but only one <em>DirectoryService</em>. This compoent itself refers to the servers that will be started, plus the backends it will depends on.</p>
<p>Here are the configuration parameters for this components :</p>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3-admin-model.html Fri Jun 21 10:04:38 2013
@@ -166,13 +166,15 @@ then one area totally includes the other
<p>An <strong>Administration Point</strong> is the point in the <strong>DIT</strong> where an area starts. It defines the roles, and the scope that applies to this area.</p>
<p>Once we know which area we need to define, and the associated roles, it's mandatory to store those information in the <strong>DIT</strong>. This is done by adding <strong>subentries</strong>, which just are entries storing all the administrative configuration.</p>
<p>An Administrative Point is stored as a <strong>subentry</strong> (which is just a plain LDAP entry) just below the base of the defined area.</p>
-<p><DIV class="info" markdown="1">
- A <strong>Subentry</strong> is just a plain normal entry except that it contains administrative model informations.
+<DIV class="info" markdown="1">
+ A **Subentry** is just a plain normal entry except that it contains administrative model informations.
They are stored below the entry they are managing, as a child entry.
-</DIV></p>
-<p><DIV class="note" markdown="1">
+</DIV>
+
+<DIV class="note" markdown="1">
We also use the term "subtree" to define areas. This is due to the fact that we define a subtree specification in the administration point to express the set of selected entries.
-</DIV></p>
+</DIV>
+
<h2 id="roles">Roles</h2>
<p>The roles are the various aspects which are managed by the administration points. Currently, we manage five different roles in ApacheDS :</p>
<ul>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/3.1-administrative-points.html Fri Jun 21 10:04:38 2013
@@ -197,45 +197,47 @@ the description of the administrative ac
named <em>subtree</em>.</li>
</ul>
<p>The <em>SubtreeSpecification</em> can be complex. Its grammar is given below :</p>
-<div class="codehilite"><pre><span class="sr"><subtreeSpecificationComponent-e></span> <span class="o">::=</span> <span class="sr"><subtreeSpecificationComponent></span> <span class="sr"><sps-e></span> <span class="sr"><subtreeSpecificationComponent-list></span> <span class="o">|</span> <span class="n">e</span>
+<div class="codehilite"><pre><span class="o"><</span><span class="n">subtreeSpecification</span><span class="o">></span> <span class="p">::=</span> <span class="s">'{'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">-</span><span class="n">e</span><span class="o">></span><span class="s">'}'</span>
-<span class="sr"><subtreeSpecificationComponent-list></span> <span class="o">::=</span> <span class="s">','</span> <span class="sr"><sps-e></span>
-<span class="sr"><subtreeSpecificationComponent></span> <span class="sr"><sps-e></span>
-<span class="sr"><subtreeSpecificationComponent-list></span> <span class="o">|</span> <span class="n">e</span>
+<span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="p">::=</span> <span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">></span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
-<span class="sr"><subtreeSpecificationComponent></span> <span class="o">::=</span>
- <span class="s">'base'</span> <span class="sr"><sps></span> <span class="n">DN</span>
- <span class="o">|</span> <span class="s">'specificExclusions'</span> <span class="sr"><sps></span> <span class="s">'{'</span> <span class="sr"><sps-e></span> <span class="sr"><specificExclusion-e></span> <span class="s">'}'</span>
- <span class="o">|</span> <span class="s">'minimum'</span> <span class="sr"><sps></span> <span class="n">INTEGER</span>
- <span class="o">|</span> <span class="s">'maximum'</span> <span class="sr"><sps></span> <span class="n">INTEGER</span>
- <span class="o">|</span> <span class="s">'specificationFilter'</span> <span class="sr"><sps></span> <span class="sr"><refinement-filter></span>
+<span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="p">::=</span> <span class="s">','</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span>
+<span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">></span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span>
+<span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
-<span class="sr"><specificExclusion-e></span> <span class="o">::=</span> <span class="sr"><specificExclusion></span> <span class="sr"><sps-e></span>
-<span class="sr"><specificExclusion-list></span> <span class="o">|</span> <span class="n">e</span>
+<span class="o"><</span><span class="n">subtreeSpecificationComponent</span><span class="o">></span> <span class="p">::=</span>
+ <span class="s">'base'</span> <span class="o"><</span><span class="n">sps</span><span class="o">></span> <span class="n">DN</span>
+ <span class="o">|</span> <span class="s">'specificExclusions'</span> <span class="o"><</span><span class="n">sps</span><span class="o">></span> <span class="s">'{'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">specificExclusion</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">'}'</span>
+ <span class="o">|</span> <span class="s">'minimum'</span> <span class="o"><</span><span class="n">sps</span><span class="o">></span> <span class="n">INTEGER</span>
+ <span class="o">|</span> <span class="s">'maximum'</span> <span class="o"><</span><span class="n">sps</span><span class="o">></span> <span class="n">INTEGER</span>
+ <span class="o">|</span> <span class="s">'specificationFilter'</span> <span class="o"><</span><span class="n">sps</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">filter</span><span class="o">></span>
-<span class="sr"><specificExclusion-list></span> <span class="o">::=</span> <span class="s">','</span> <span class="sr"><sps-e></span> <span class="sr"><specificExclusion></span> <span class="sr"><sps-e></span>
-<span class="sr"><specificExclusion-list></span> <span class="o">|</span> <span class="n">e</span>
+<span class="o"><</span><span class="n">specificExclusion</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="p">::=</span> <span class="o"><</span><span class="n">specificExclusion</span><span class="o">></span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span>
+<span class="o"><</span><span class="n">specificExclusion</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
-<span class="sr"><specificExclusion></span> <span class="o">::=</span> <span class="s">'chopBefore'</span> <span class="sr"><sps-e></span> <span class="s">':'</span> <span class="sr"><sps-e></span> <span class="n">DN</span> <span class="o">|</span> <span class="s">'chopAfter'</span>
-<span class="sr"><sps-e></span> <span class="s">':'</span> <span class="sr"><sps-e></span> <span class="n">DN</span>
+<span class="o"><</span><span class="n">specificExclusion</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="p">::=</span> <span class="s">','</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">specificExclusion</span><span class="o">></span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span>
+<span class="o"><</span><span class="n">specificExclusion</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
-<span class="sr"><refinement-filter></span> <span class="o">::=</span> <span class="sr"><refinement></span> <span class="o">|</span> <span class="n">FILTER</span>
+<span class="o"><</span><span class="n">specificExclusion</span><span class="o">></span> <span class="p">::=</span> <span class="s">'chopBefore'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">':'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="n">DN</span> <span class="o">|</span> <span class="s">'chopAfter'</span>
+<span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">':'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="n">DN</span>
-<span class="sr"><refinement></span> <span class="o">::=</span>
- <span class="s">'item'</span> <span class="sr"><sps-e></span> <span class="s">':'</span> <span class="sr"><sps-e></span> <span class="sr"><oid></span>
- <span class="o">|</span> <span class="s">'and'</span> <span class="sr"><sps-e></span> <span class="s">':'</span> <span class="sr"><sps-e></span> <span class="s">'{'</span> <span class="sr"><sps-e></span> <span class="sr"><refinement-e></span> <span class="s">'}'</span>
- <span class="o">|</span> <span class="s">'or'</span> <span class="sr"><sps-e></span> <span class="s">':'</span> <span class="sr"><sps-e></span> <span class="s">'{'</span> <span class="sr"><sps-e></span> <span class="sr"><refinement-e></span> <span class="s">'}'</span>
- <span class="o">|</span> <span class="s">'not'</span> <span class="sr"><sps-e></span> <span class="s">':'</span> <span class="sr"><sps-e></span> <span class="sr"><refinement></span>
+<span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">filter</span><span class="o">></span> <span class="p">::=</span> <span class="o"><</span><span class="n">refinement</span><span class="o">></span> <span class="o">|</span> <span class="n">FILTER</span>
-<span class="sr"><refinement-e></span> <span class="o">::=</span> <span class="sr"><refinement></span> <span class="sr"><sps-e></span> <span class="sr"><refinement-list></span> <span class="o">|</span> <span class="n">e</span>
+<span class="o"><</span><span class="n">refinement</span><span class="o">></span> <span class="p">::=</span>
+ <span class="s">'item'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">':'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">oid</span><span class="o">></span>
+ <span class="o">|</span> <span class="s">'and'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">':'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">'{'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">'}'</span>
+ <span class="o">|</span> <span class="s">'or'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">':'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">'{'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">'}'</span>
+ <span class="o">|</span> <span class="s">'not'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="s">':'</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">></span>
-<span class="sr"><refinement-list></span> <span class="o">::=</span> <span class="s">','</span> <span class="sr"><sps-e></span> <span class="sr"><refinement></span> <span class="sr"><sps-e></span> <span class="sr"><refinement-list></span> <span class="o">|</span> <span class="n">e</span>
+<span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="p">::=</span> <span class="o"><</span><span class="n">refinement</span><span class="o">></span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
-<span class="sr"><oid></span> <span class="o">::=</span> <span class="n">DESCR</span> <span class="o">|</span> <span class="n">NUMERICOID</span>
+<span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="p">::=</span> <span class="s">','</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">></span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o"><</span><span class="n">refinement</span><span class="o">-</span><span class="n">list</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
-<span class="sr"><sps></span> <span class="o">::=</span> <span class="s">' '</span> <span class="sr"><sps-e></span>
+<span class="o"><</span><span class="n">oid</span><span class="o">></span> <span class="p">::=</span> <span class="n">DESCR</span> <span class="o">|</span> <span class="n">NUMERICOID</span>
-<span class="sr"><sps-e></span> <span class="o">::=</span> <span class="s">' '</span> <span class="sr"><sps-e></span> <span class="o">|</span> <span class="n">e</span>
+<span class="o"><</span><span class="n">sps</span><span class="o">></span> <span class="p">::=</span> <span class="s">' '</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span>
+
+<span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="p">::=</span> <span class="s">' '</span> <span class="o"><</span><span class="n">sps</span><span class="o">-</span><span class="n">e</span><span class="o">></span> <span class="o">|</span> <span class="n">e</span>
</pre></div>
@@ -247,12 +249,12 @@ named <em>subtree</em>.</li>
<p><strong>select all the entries below the ou=users branch
starting from the AdministrativePoint entry :</strong></p>
-<div class="codehilite"><pre><span class="p">{</span> <span class="n">base</span> <span class="s">"ou=users"</span> <span class="p">}</span>
+<div class="codehilite"><pre><span class="p">{</span> <span class="n">base</span> "<span class="n">ou</span><span class="p">=</span><span class="n">users</span>" <span class="p">}</span>
</pre></div>
<p><strong> exclude all the entries below the "ou=groups" branch : </strong></p>
-<div class="codehilite"><pre><span class="p">{</span> <span class="n">specificExclusions</span> <span class="p">{</span> <span class="n">chopBefore:</span><span class="s">"ou=groups"</span> <span class="p">}</span> <span class="p">}</span>
+<div class="codehilite"><pre><span class="p">{</span> <span class="n">specificExclusions</span> <span class="p">{</span> <span class="n">chopBefore</span><span class="p">:</span>"<span class="n">ou</span><span class="p">=</span><span class="n">groups</span>" <span class="p">}</span> <span class="p">}</span>
</pre></div>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.1.2-name-password-authn.html Fri Jun 21 10:04:38 2013
@@ -172,9 +172,10 @@ userPassword:: c2VjcmV0
<h3 id="password-storage">Password storage</h3>
<p>As we have juste seen, the password is stored in plain text in the server. This is not exatcly safe ! As soon as someone gets access to your server, all the passwords are compromised. This is certainly not the way we want to protect our users !</p>
<p>Hopefully, you can hash those passwords, instead of storing them as provided. </p>
-<p><DIV class="note" markdown="1">
+<DIV class="note" markdown="1">
A hashed password is not a password we can decrypt : when we hash a password, we lose some information. Also note that two different passwords might result in the exact same hash value, but it's unlikely.
-</DIV></p>
+</DIV>
+
<p><strong>ApacheDS</strong> let you select an encryption type when you inject a password :</p>
<p><img alt="Password hash method selection" src="images/password-hash-selection.png" /></p>
<p>The following hash method are available :</p>
@@ -277,14 +278,14 @@ return false
</pre></div>
-<p><DIV class="note" markdown="1">
+<DIV class="note" markdown="1">
A few rules of thumb :<BR/>
o Never store a password as plain text. <BR/>
o Prefer salted methods over non salted ones, and prefer the strongest one (here, SSHA-512 on Studio 2.0, or SSHA)<BR/>
o crypt is also a good choice<BR/>
o Pick strong passwords, otherwise if someone gets access to the list of passwords, he or she can run a rainbow attack on it.<BR/>
o Keep in mind that whatever you do, the password will be passed in clear text from the client to the server. Always use startTLS before any bind, or at least use SSL<BR/>
-</DIV></p>
+</DIV>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2-sasl-authn.html Fri Jun 21 10:04:38 2013
@@ -178,24 +178,24 @@
<p>In any case, if you are using one of those mechanisms, be sure to activate <strong>TLS</strong>.</p>
<h2 id="specifications">Specifications</h2>
<p>The SASL specifications are defined by an <a href="http://datatracker.ietf.org/wg/sasl/">IETF Working Group</a> which has published the following proposed standards :</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">4013</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc4013</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">SASLprep:</span> <span class="n">Stringprep</span> <span class="n">Profile</span> <span class="k">for</span> <span class="n">User</span> <span class="n">Names</span> <span class="ow">and</span> <span class="n">Passwords</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">4422</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc4422</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="ow">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">4505</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc4505</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Anonymous</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="ow">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="n">Mechanism</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">4616</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc4616</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">The</span> <span class="n">PLAIN</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="ow">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="n">Mechanism</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">4752</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc4752</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">The</span> <span class="n">Kerberos</span> <span class="n">V5</span> <span class="p">(</span><span class="s">"GSSAPI"</span><span class="p">)</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="ow">and</span> <span class="n">Security</span> <span class="n">Layer</span>
+<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4013<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4013</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">SASLprep</span><span class="p">:</span> <span class="n">Stringprep</span> <span class="n">Profile</span> <span class="k">for</span> <span class="n">User</span> <span class="n">Names</span> <span class="n">and</span> <span class="n">Passwords</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4422<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4422</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4505<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4505</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Anonymous</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="n">Mechanism</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4616<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4616</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">The</span> <span class="n">PLAIN</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="n">Mechanism</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4752<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc4752</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">The</span> <span class="n">Kerberos</span> <span class="n">V5</span> <span class="p">(</span>"<span class="n">GSSAPI</span>"<span class="p">)</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span>
<span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="n">Mechanism</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">5801</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc5801</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Using</span> <span class="n">Generic</span> <span class="n">Security</span> <span class="n">Service</span> <span class="n">Application</span> <span class="n">Program</span> <span class="n">Interface</span> <span class="p">(</span><span class="n">GSS</span><span class="o">-</span><span class="n">API</span><span class="p">)</span>
- <span class="n">Mechanisms</span> <span class="n">in</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="ow">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">):</span> <span class="n">The</span> <span class="n">GS2</span> <span class="n">Mechanism</span> <span class="n">Family</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">5802</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc5802</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Salted</span> <span class="n">Challenge</span> <span class="n">Response</span> <span class="n">Authentication</span> <span class="n">Mechanism</span> <span class="p">(</span><span class="n">SCRAM</span><span class="p">)</span> <span class="n">SASL</span>
- <span class="ow">and</span> <span class="n">GSS</span><span class="o">-</span><span class="n">API</span> <span class="n">Mechanisms</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 5801<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc5801</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Using</span> <span class="n">Generic</span> <span class="n">Security</span> <span class="n">Service</span> <span class="n">Application</span> <span class="n">Program</span> <span class="n">Interface</span> <span class="p">(</span><span class="n">GSS</span><span class="o">-</span><span class="n">API</span><span class="p">)</span>
+ <span class="n">Mechanisms</span> <span class="n">in</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">):</span> <span class="n">The</span> <span class="n">GS2</span> <span class="n">Mechanism</span> <span class="n">Family</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 5802<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc5802</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Salted</span> <span class="n">Challenge</span> <span class="n">Response</span> <span class="n">Authentication</span> <span class="n">Mechanism</span> <span class="p">(</span><span class="n">SCRAM</span><span class="p">)</span> <span class="n">SASL</span>
+ <span class="n">and</span> <span class="n">GSS</span><span class="o">-</span><span class="n">API</span> <span class="n">Mechanisms</span>
</pre></div>
<p>Some other RFCs have been published, for each specific mechanisms, some of them are obsoleted by more recent RFCs :</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">2595</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc2595</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Using</span> <span class="n">TLS</span> <span class="n">with</span> <span class="n">IMAP</span><span class="p">,</span> <span class="n">POP3</span> <span class="ow">and</span> <span class="n">ACAP</span> <span class="p">(</span><span class="n">updated</span> <span class="n">by</span> <span class="n">RFC</span> <span class="mi">4616</span><span class="p">)</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">2195</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc2195</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">IMAP</span><span class="sr">/POP AUTHorize Extension for Simple Challenge/</span><span class="n">Response</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">2831</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc2831</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Using</span> <span class="n">Digest</span> <span class="n">Authentication</span> <span class="n">as</span> <span class="n">a</span> <span class="n">SASL</span> <span class="n">Mechanism</span> <span class="p">(</span><span class="n">obsoleted</span> <span class="n">by</span> <span class="n">RFC</span> <span class="mi">6631</span><span class="p">)</span>
-<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">2222</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">www</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/rfc/</span><span class="n">rfc2222</span><span class="o">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="ow">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="p">(</span><span class="n">obsoleted</span> <span class="n">by</span> <span class="n">RFC</span> <span class="mi">4422</span><span class="p">)</span>
+<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 2595<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc2595</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Using</span> <span class="n">TLS</span> <span class="n">with</span> <span class="n">IMAP</span><span class="p">,</span> <span class="n">POP3</span> <span class="n">and</span> <span class="n">ACAP</span> <span class="p">(</span><span class="n">updated</span> <span class="n">by</span> <span class="n">RFC</span> 4616<span class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 2195<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc2195</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">IMAP</span><span class="o">/</span><span class="n">POP</span> <span class="n">AUTHorize</span> <span class="n">Extension</span> <span class="k">for</span> <span class="n">Simple</span> <span class="n">Challenge</span><span class="o">/</span><span class="n">Response</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 2831<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc2831</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Using</span> <span class="n">Digest</span> <span class="n">Authentication</span> <span class="n">as</span> <span class="n">a</span> <span class="n">SASL</span> <span class="n">Mechanism</span> <span class="p">(</span><span class="n">obsoleted</span> <span class="n">by</span> <span class="n">RFC</span> 6631<span class="p">)</span>
+<span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 2222<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">www</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">rfc</span><span class="o">/</span><span class="n">rfc2222</span><span class="p">.</span><span class="n">txt</span><span class="p">)</span> <span class="p">:</span> <span class="n">Simple</span> <span class="n">Authentication</span> <span class="n">and</span> <span class="n">Security</span> <span class="n">Layer</span> <span class="p">(</span><span class="n">SASL</span><span class="p">)</span> <span class="p">(</span><span class="n">obsoleted</span> <span class="n">by</span> <span class="n">RFC</span> 4422<span class="p">)</span>
</pre></div>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.html Fri Jun 21 10:04:38 2013
@@ -141,12 +141,13 @@
<p>The <strong>SASL PLAIN</strong> authentication is most certainly useless, as one can already authenticate using the <strong>Simple Bind</strong>. However, it's still possible to issue a <strong>SASL PLAIN</strong> authentication on <em>ApacheDS</em>.</p>
<p>The difference with a <strong>Simple Bind</strong> is that the user's name is not <strong>DN</strong>, but a meaningful value that is stored into one of the user's entry Attributes.</p>
<p>When the server receives a <strong>SASL PLAIN</strong> bind request, it will look for the first entry which <strong>uid</strong> is equal to the provided value, starting from the server <strong>searchBaseDN</strong> position in the DIT.</p>
-<p><DIV class="note" markdown="1">
-ApacheDS expect the given name to be stored in the <strong>UID</strong> Attribute. This is not configurable in this version of the server.
-</DIV></p>
-<p><DIV class="note" markdown="1">
+<DIV class="note" markdown="1">
+ApacheDS expect the given name to be stored in the **UID** Attribute. This is not configurable in this version of the server.
+</DIV>
+
+<DIV class="note" markdown="1">
ApacheDS does not yet support the authorization identity parameter.
-</DIV></p>
+</DIV>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.2-sasl-cram-md5-authn.html Fri Jun 21 10:04:38 2013
@@ -140,9 +140,10 @@
<h1 id="4122-sasl-cram-md5-authentication">4.1.2.2 - SASL CRAM-MD5 Authentication</h1>
<p>The <strong>CRAM-MD5</strong> <strong>SASL</strong> mechanism is defined by <a href="http://www.ietf.org/rfc/rfc2195.txt">RFC 2195</a>.</p>
<p>We will have an exchange between the client, which will send an empty <em>Bind request</em> (ie, the username and credentials won't be sent the first time), and the server will return a challenge.</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
It's not recommanded to use this mechanism.
-</DIV></p>
+</DIV>
+
<h2 id="usage">Usage</h2>
<p>The client first send a <em>BindRequest</em> with no credentials:</p>
<div class="codehilite"><pre>MessageType : BIND_REQUEST
@@ -182,12 +183,13 @@ Message ID : 2
<p>In any case, the full exchange aims at transfering the user's credential encrypted instead of passing it in clear text. Once the server receives the password, it will check it against the stored password which must be stored in clear text.</p>
<p>When the server receives a <strong>SASL PLAIN</strong> bind request, it will look for the first entry which <strong>uid</strong> is equal to the provided value, starting from the server <strong>searchBaseDN</strong> position in the DIT.</p>
-<p><DIV class="note" markdown="1">
-ApacheDS expect the given name to be stored in the <strong>UID</strong> Attribute. This is not configurable in this version of the server.
-</DIV></p>
-<p><DIV class="warning" markdown="1">
+<DIV class="note" markdown="1">
+ApacheDS expect the given name to be stored in the **UID** Attribute. This is not configurable in this version of the server.
+</DIV>
+
+<DIV class="warning" markdown="1">
The password must be stored in clear text on the server. This is a serious weakness...
-</DIV></p>
+</DIV>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.3-sasl-digest-md5-authn.html Fri Jun 21 10:04:38 2013
@@ -139,9 +139,10 @@
<h1 id="4123-sasl-digest-md5-authentication">4.1.2.3 - SASL DIGEST-MD5 Authentication</h1>
<p>The <strong>DIGEST-MD5</strong> <strong>SASL</strong> mechanism is defined by <a href="http://www.ietf.org/rfc/rfc2829.txt">RFC 2829</a>, which has been moved to an <em>historic</em> status by <a href="http://www.ietf.org/rfc/rfc6631.txt">RFC 6331</a>, due to its intrinsec weaknesses.</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
It's not recommanded to use this mechanism.
-</DIV></p>
+</DIV>
+
<h2 id="usage">Usage</h2>
<p>As for <strong>CRAM-MD5</strong> mechanism, there is an exchange between the server and the client. First, the client sends a <em>BindRequest</em> with no credentials :</p>
<div class="codehilite"><pre>MessageType : BIND_REQUEST
@@ -210,12 +211,13 @@ qop = auth
<p>You also have to configure the <strong>SaslRealms</strong> which is also contained into the same entry (<em>ads_saslrealms</em> attributeType)</p>
-<p><DIV class="note" markdown="1">
-ApacheDS expect the given name to be stored in the <strong>UID</strong> Attribute. This is not configurable in this version of the server.
-</DIV></p>
-<p><DIV class="warning" markdown="1">
+<DIV class="note" markdown="1">
+ApacheDS expect the given name to be stored in the **UID** Attribute. This is not configurable in this version of the server.
+</DIV>
+
+<DIV class="warning" markdown="1">
The password must be stored in clear text on the server. This is a serious weakness...
-</DIV></p>
+</DIV>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.1.2.4-sasl-gssapi-authn.html Fri Jun 21 10:04:38 2013
@@ -139,7 +139,7 @@
<h1 id="4124-sasl-gssapi-authentication">4.1.2.4 - SASL GSSAPI Authentication</h1>
<p>This authentication mechanism is specified in the following RFCs :</p>
-<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> <span class="mi">4752</span><span class="p">](</span><span class="n">http:</span><span class="sr">//</span><span class="n">tools</span><span class="o">.</span><span class="n">ietf</span><span class="o">.</span><span class="n">org</span><span class="sr">/html/</span><span class="n">rfc4752</span><span class="p">)</span>
+<div class="codehilite"><pre><span class="o">*</span> <span class="p">[</span><span class="n">RFC</span> 4752<span class="p">](</span><span class="n">http</span><span class="p">:</span><span class="o">//</span><span class="n">tools</span><span class="p">.</span><span class="n">ietf</span><span class="p">.</span><span class="n">org</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">rfc4752</span><span class="p">)</span>
</pre></div>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2-authorization.html Fri Jun 21 10:04:38 2013
@@ -164,13 +164,14 @@ very easy to grasp for beginners. For th
examples that focus on different protection mechanisms offered by the
ACIItem syntax. We do this instead of specifying the grammar which is not
the best way to learn a language.</p>
-<p><DIV class="warning" markdown="1">
+<DIV class="warning" markdown="1">
<B>Before you go any further...</B>
Please don't go any further until you have read up on the use of
Subentries. Knowledge of subentries, subtreeSpecifications, administrative
areas, and administrative roles are required to properly digest the
following material.
-</DIV></p>
+</DIV>
+
<p>Before going on to these trails you might want to set up an Administrative
Area for managing access control via prescriptiveACI. Both subentryACI and
prescriptiveACI require the presence of an Administrative Point entry. For
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.1-introduction.html Fri Jun 21 10:04:38 2013
@@ -140,10 +140,11 @@
<h1 id="421-introduction">4.2.1 - Introduction</h1>
<p>First of all, one has to understand that Authorization in this context
involves four components. The principle is :</p>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
grants <b>Users</b> authorization to proceed some <b>Action</b> on a set of
<b>Items</b> in a defined <b>Area</b>
-</DIV></p>
+</DIV>
+
<p>Let's define the four components.</p>
<p><strong>Users</strong> :</p>
<blockquote>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.10-aci-grammar.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.10-aci-grammar.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.10-aci-grammar.html Fri Jun 21 10:04:38 2013
@@ -359,6 +359,7 @@ SAFEUTF8CHAR :
<SP*> ::= <SP> <SP*> | e
<SP> ::= ' ' | '\t' | '\n' | '\r' ;
+
ALPHA : 'A'..'Z' | 'a'..'z' ;
<INTEGER> ::= <DIGIT> | <LDIGIT> <DIGIT> <DIGIT*>
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.html Fri Jun 21 10:04:38 2013
@@ -143,13 +143,13 @@ specifically. Meaning the protected entr
resides. When performing an operation on an entry, ApacheDS checks for the
presence of the multivalued operational attribute, <em>entryACI</em>. The values
of the entryACI attribute contain ACIItems.</p>
-<p><DIV class="info" markdown="1">
+<DIV class="info" markdown="1">
There is one exception to the rule of consulting entryACI attributes within
ApacheDS: add operations do not consult the entryACI within the entry being
added. This is a security precaution. (??? Check this sentence) If allowed
users can arbitrarily add entries where they wanted by putting entryACI
into the new entry being added. This could compromise the DSA.
-</DIV></p>
+</DIV>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.html Fri Jun 21 10:04:38 2013
@@ -155,21 +155,22 @@ point entries themselves.</p>
<p>Users should try to avoid entry ACIs whenever possible, and use
prescriptive ACIs instead. Entry ACIs are more for managing exceptional
cases and should not be used excessively.</p>
-<p><DIV class="info" markdown="1">
-<strong>How it works!</strong>
+<DIV class="info" markdown="1">
+**How it works!**
For every type of LDAP operation, ApacheDS checks to see if any access
control subentries include the protected entry in their collection. The set
of subentries which include the protected entry are discovered very rapidly
by the subentry subsystem. The subentry subsystem caches
subtreeSpecifications for all subentries within the server so inclusion
-checks are fast. </p>
-<p>For each access control subentry in the set, ApacheDS checks within a
+checks are fast.
+
+For each access control subentry in the set, ApacheDS checks within a
prescriptive ACI cache for ACI tuples. ApacheDS also caches prescriptive
ACI information in a special form called ACI tuples. This is done so
ACIItem parsing and conversion to an optimal representations for evaluation
is not required at access time. This way access based on prescriptive ACIs
is determined very rapidly.
-</DIV></p>
+</DIV>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html (original)
+++ websites/staging/directory/trunk/content/apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html Fri Jun 21 10:04:38 2013
@@ -158,10 +158,10 @@
<h2 id="commentary">Commentary</h2>
<p>Note that two different user permissions are used to accurately specify self access and self modification of the <strong>userPassword</strong> attribute within the entry. So with the first userPermission of this ACI a user would be able to read all attributes and values within his/her entry. They also have the ability to modify the entry but this is moot since they cannot add, remove or replace any attributes within their entry. The second user permission completes the picture by granting add and remove permissions to all values of userPassword. This means the user can replace the password.</p>
-<p><DIV class="warning" markdown="1">
-<strong>grantAdd + grantRemove = grantReplace</strong>
-Modify operations either add, remove or replace attributes and their values in LDAP. X.500 seems to have overlooked the replace capability. Hence there is no such thing as a <em>grantReplace</em> permission. However grantAdd and grantDelete on an attribute and its values are both required for a replace operation to take place.
-</DIV></p>
+<DIV class="warning" markdown="1">
+**grantAdd + grantRemove = grantReplace**
+Modify operations either add, remove or replace attributes and their values in LDAP. X.500 seems to have overlooked the replace capability. Hence there is no such thing as a *grantReplace* permission. However grantAdd and grantDelete on an attribute and its values are both required for a replace operation to take place.
+</DIV>
<div class="nav">