You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2012/10/30 18:53:19 UTC
svn commit: r836617 - in /websites/staging/directory/trunk/content: ./
apacheds/ apacheds/basic-ug/ apacheds/basic-ug/images/
Author: buildbot
Date: Tue Oct 30 17:53:18 2012
New Revision: 836617
Log:
Staging update by buildbot for directory
Added:
websites/staging/directory/trunk/content/apacheds/basic-ug/images/open-schema-browser.png (with props)
websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-browser.png (with props)
websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-objects.png (with props)
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html
websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html
websites/staging/directory/trunk/content/apacheds/basic-users-guide.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Oct 30 17:53:18 2012
@@ -1 +1 @@
-1403764
+1403804
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/1-how-to-begin.html Tue Oct 30 17:53:18 2012
@@ -127,6 +127,7 @@
<h1 id="1-how-to-begin">1 - How to begin</h1>
<p>This chapter helps you to set up a server, with the minimal configuration options being explained. That should be enough to get a running server.</p>
+<p>This user guide is <strong>not</strong> intended to be a <strong>LDAP</strong> guide : there are some excellent tutorials or books, we won't try to challenge them !</p>
<h2 id="table-of-content">Table of content</h2>
<ul>
<li><a href="1.1-what-apacheds-is.html">1.1 - What Apache Directory Server is</a></li>
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2-handling-data.html Tue Oct 30 17:53:18 2012
@@ -132,8 +132,6 @@
<li><a href="2.1-data-modification.html">2.1 - Data modification</a><ul>
<li><a href="2.1.1-adding-entries.html">2.1.1 - Adding Entries</a></li>
<li><a href="2.1.2-deleting-entries.html">2.1.2 - Deleting Entries</a></li>
-<li><a href="2.1.3-modifying-entries.html">2.1.3 - Modifying Entries</a></li>
-<li><a href="2.1.4-moving-entries.html">2.1.4 - Moving Entries</a></li>
</ul>
</li>
<li><a href="2.2-searching-data.html">2.2 - Searching Data</a><ul>
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.2-searching-data.html Tue Oct 30 17:53:18 2012
@@ -126,7 +126,8 @@
<h1 id="22-searching-data">2.2 - Searching Data</h1>
-<p>TODO</p>
+<p>Searching is the most frequent operation done on a LDAP server : everything is optimizd so that the search operation is as fast as possible.</p>
+<p>We will show how to do some simple searches on <em>Apache Directory Server</em> in the following pages.</p>
<h2 id="table-of-content">Table of content</h2>
<ul>
<li><a href="2.2.1-simple-search.html">2.2.1 - Simple search</a></li>
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.1-simple-search.html Tue Oct 30 17:53:18 2012
@@ -126,7 +126,29 @@
<h1 id="221-simple-search">2.2.1 - Simple search</h1>
-<p>TODO</p>
+<p>Basically, a search in <strong>LDAP</strong> requires a few parameters :
+<em> A server on which we will send the request
+</em> A port for this server
+<em> A base <em>DN</em>, the location where to start the search from</em> A filter to select the entries to be returned
+<em> The user doing the search
+</em> A password if the user is not already bound
+<em> A scope, defining the depth we should look for
+</em> The list of attributes to return</p>
+<p>There are several other options, which will be exposed in the next chapter.</p>
+<h2 id="doing-a-simple-search-on-the-command-line">Doing a Simple Search on the command line</h2>
+<p>Here is an exemple of search done on the base we have created :</p>
+<div class="codehilite"><pre><span class="nv">$</span> <span class="nv">ldapsearch</span> <span class="o">-</span><span class="n">h</span> <span class="n">zanzibar</span> <span class="o">-</span><span class="n">p</span> <span class="mi">10389</span> <span class="o">-</span><span class="n">b</span> <span class="s">"o=sevenSeas"</span> <span class="o">-</span><span class="n">s</span> <span class="k">sub </span><span class="err">"(</span><span class="nf">cn</span><span class="err">=</span><span class="nf">James</span> <span class="nf">Hook</span><span class="err">)"</span> <span class="err">+</span>
+<span class="nf">version</span><span class="err">:</span> <span class="err">1</span>
+<span class="nf">dn</span><span class="err">:</span> <span class="nf">cn</span><span class="err">=</span><span class="nf">James</span> <span class="nf">Hook</span><span class="err">,</span><span class="nf">ou</span><span class="err">=</span><span class="nf">people</span><span class="err">,</span><span class="nf">o</span><span class="err">=</span><span class="nf">sevenSeas</span>
+<span class="nf">accessControlSubentries</span><span class="err">:</span> <span class="nf">cn</span><span class="err">=</span><span class="nf">sevenSeasAuthorizationRequirementsACISubentry</span><span class="err">,</span><span class="nf">o</span><span class="err">=</span><span class="nf">sevenSeas</span>
+<span class="nf">creatorsName</span><span class="err">:</span> <span class="nf">cn</span><span class="err">=</span><span class="nf">Horatio</span> <span class="nf">Nelson</span><span class="err">,</span><span class="nf">ou</span><span class="err">=</span><span class="nf">people</span><span class="err">,</span><span class="nf">o</span><span class="err">=</span><span class="nf">sevenSeas</span>
+<span class="nf">createTimestamp</span><span class="err">:</span> <span class="err">20061203140109</span><span class="nf">Z</span>
+</pre></div>
+
+
+<p>Here, we see that we are connecting to the <strong>sanzibar</strong> server, on its <strong>10389</strong> port. As we haven't provided any user, this is an anonymous search, which should be allowed if the server accept anonymous searches.
+We then have the base <em>DN</em>, <strong>"o=sevenseas"</strong>, the filter <strong>"(cn=James Hook)"</strong> and the scope : <strong>"sub"</strong>. The last parameter, <strong>"+"</strong>, asks the server to return all the operational attributes.</p>
+<p>The result is just shown as a result of the command (here, we get back one single entry).</p>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.2.2-more-search-options.html Tue Oct 30 17:53:18 2012
@@ -126,7 +126,87 @@
<h1 id="222-more-search-options">2.2.2 - More search options</h1>
-<p>TODO</p>
+<p>There are many parameters we haven't explained in the previous chapter. </p>
+<h2 id="boundanonymous-searches">Bound/anonymous searches</h2>
+<p>When you send a SearchRequest to the server, you may be anonymous, or you mave have been bound before the search is done. Binding on a server creates an <strong>LDAP</strong> session, which stores the credentials. This is used by the authorization system to filter the requests and the returned data, depending on the server settings.</p>
+<p>Not all the server allow an anonymous search : <em>Apache Dorectory Server</em> default to not enabling such anonymous searches (this is for security questions).</p>
+<p>Generally speaking, users do bind before sending a search request.</p>
+<h2 id="filters">Filters</h2>
+<p>The <strong>LDAP</strong> filters can be quite complex. Although they aren't even close to what <strong>SQL</strong> provide : there is no way you can do a Join on a LDAP server.</p>
+<p>A filter is a set of nodes connected with operators like <strong>and</strong>, <strong>or</strong>, <strong>not</strong>...</p>
+<p>Here is the list of possible connectors :</p>
+<div class="table-wrap">
+ <table class="confluenceTable">
+ <tbody>
+ <tr>
+ <th class="confluenceTh"> Connector </th>
+ <th class="confluenceTh"> Description </th>
+ <th class="confluenceTh"> Example </th>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> And </td>
+ <td class="confluenceTd"> All the nodes should be evaluated to true </td>
+ <td class="confluenceTd"> (&(objectClass=person)(cn=acme)) </td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> Or </td>
+ <td class="confluenceTd"> At least one of the node should be evaluated to true</td>
+ <td class="confluenceTd"> (|(objectClass=person)(cn=acme)) </td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> Not </td>
+ <td class="confluenceTd"> select the entries that does not evaluate to true for this filter </td>
+ <td class="confluenceTd"> (!(objectClass=person))</td>
+ </tr>
+ </tbody>
+ </table>
+</div>
+
+<p>Each node proceeds a check on the attributeType and value provided in the filter. For instance, the <strong>"(o=sevenseas)"</strong> filter tells the server to look for all teh entries whcih have an "organization" atribute with a value of <strong>"sevenseas"</strong>. Here are the various kind of filters you can use :</p>
+<div class="table-wrap">
+ <table class="confluenceTable">
+ <tbody>
+ <tr>
+ <th class="confluenceTh">Filter</th>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> = (Equality)</td>
+ </tr>
+ <tr>
+ <td class="confluenceTd">Substring</td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> >= </td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> <= </td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> =* (Present) </td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> ~= (ApproxMatch)</td>
+ </tr>
+ <tr>
+ <td class="confluenceTd"> extensibleMatch </td>
+ </tr>
+ </tbody>
+ </table>
+</div>
+
+<h2 id="scope">Scope</h2>
+<p>A Search can span across the whole <strong>DIT</strong>, or just a subset of it. In <strong>LDAP</strong>, you can use three different scopes :</p>
+<ul>
+<li>OBJECT : the Object itself, none of its children</li>
+<li>ONELEVEL : all of the base direct children, but not it's children's children not the base object</li>
+<li>SUBLEVEL : everything</li>
+</ul>
+<h2 id="returned-attributes">Returned attributes</h2>
+<p>A search can also list the attributes to be returned. This can be :
+<em> '</em>' for all the user attributes
+<em> '+' for all the operational attributes
+</em> a list of attributes name
+* 1.1 if we don't want the attributes values to be returned, but we want the entries' DN that match the filter</p>
<div class="nav">
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/2.3-introducing-schema.html Tue Oct 30 17:53:18 2012
@@ -126,7 +126,27 @@
<h1 id="23-the-schema">2.3 - The Schema</h1>
-<p>TODO</p>
+<p>All the data stored into a LDAP server are structured following a schema, a bit like any DBMS. <em>Apache Directory Server</em> does have a dynamic schema : that means you can modify the schema wihout having to restart the server.</p>
+<p>We won't describe in the basic user guide how to manage the schema, this will be extensively described in the <em>Advanced user guide</em>, this chapter is just a short introduction.</p>
+<h2 id="what-is-the-ldap-schema">What is the LDAP schema ?</h2>
+<p>It's a set of elements defining the data structure that can be stored in the server. It defines the following elements :</p>
+<ul>
+<li>AttributeType : the type of values that can be stored in an attribute</li>
+<li>ObjectClass : the set of AttributeType that can or must be used in an entry</li>
+<li>Syntax : The syntax the values must abide to</li>
+<li>MatchingRule : The rules used to retrieve the data </li>
+</ul>
+<p>There are more schema elements which are not currently used in <em>Apache Directory Server</em>.</p>
+<p>The following diagram shows all the interactions between each schema element :</p>
+<p><img alt="Schema elements interactions" src="images/schema-objects.png" /></p>
+<h2 id="how-do-we-use-it-in-apacheds">How do we use it in ApacheDS ?</h2>
+<p>The schema is everywhere in the server : each entry is controlled against the schema when it's added or modified. The schema is a critical part of the server.</p>
+<p>The <em>Apache Directory Server</em> comes with a predefined schema, which should fit a large part of users need. You may though need to extend it...</p>
+<p>Hopefully, the schema can be extended. This will be explained in the <em>Advanced User Guide</em>.</p>
+<p>Enough said that you can browse the existing schema using <em>Apache Directory Studio</em> :</p>
+<p><img alt="Open Schema Browser" src="images/open-schema-browser.png" /></p>
+<p>then you get the Schema browser :</p>
+<p><img alt="Schema Browser" src="images/schema-browser.png" /></p>
<div class="nav">
Added: websites/staging/directory/trunk/content/apacheds/basic-ug/images/open-schema-browser.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/apacheds/basic-ug/images/open-schema-browser.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-browser.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-browser.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Added: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-objects.png
==============================================================================
Binary file - no diff available.
Propchange: websites/staging/directory/trunk/content/apacheds/basic-ug/images/schema-objects.png
------------------------------------------------------------------------------
svn:mime-type = image/png
Modified: websites/staging/directory/trunk/content/apacheds/basic-users-guide.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-users-guide.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-users-guide.html Tue Oct 30 17:53:18 2012
@@ -132,8 +132,6 @@
<li><a href="basic-ug/2.1-data-modification.html">2.1 - Data modification</a><ul>
<li><a href="basic-ug/2.1.1-adding-data.html">2.1.1 - Adding Entries</a></li>
<li><a href="basic-ug/2.1.2-deleting-data.html">2.1.2 - Deleting Entries</a></li>
-<li><a href="basic-ug/2.1.3-modifying-data.html">2.1.3 - Modifying Entries</a></li>
-<li><a href="basic-ug/2.1.4-moving-data.html">2.1.4 - Moving Entries</a></li>
</ul>
</li>
<li><a href="basic-ug/2.2-searching-data.html">2.2 - Searching Data</a><ul>