You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2013/05/15 17:33:07 UTC
svn commit: r1482903 - /directory/site/trunk/content/apacheds/advanced-ug/
Author: elecharny
Date: Wed May 15 15:33:07 2013
New Revision: 1482903
URL: http://svn.apache.org/r1482903
Log:
some more link fixed and formatted pages
Added:
directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext
- copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext
- copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext
- copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext
- copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext
- copied, changed from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext
Removed:
directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext
directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.5.3-enabling-access-control.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.3-enabling-access-control.mdtext Wed May 15 15:33:07 2013
@@ -1,10 +1,10 @@
-Title: 4.5.3 Enabling Access Control
-NavPrev: 4.5.2-definitions.html
-NavPrevText: 4.5.2 - Definitions
-NavUp: 4.5-authorization.html
-NavUpText: 4.5 - Authorization
-NavNext: 4.5.4-aci-types.html
-NavNextText: 4.5.4 Aci Types
+Title: 4.2.3 Enabling Access Control
+NavPrev: 4.2.2-definitions.html
+NavPrevText: 4.2.2 - Definitions
+NavUp: 4.2-authorization.html
+NavUpText: 4.2 - Authorization
+NavNext: 4.2.4-aci-types.html
+NavNextText: 4.2.4 Aci Types
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -23,5 +23,6 @@ Notice: Licensed to the Apache Software
under the License.
-Title: 4.5.3 Enabling Access Control
-{scrollbar}
+# 4.2.3 Enabling Access Control
+
+TODO...
\ No newline at end of file
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.5.4-aci-types.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4-aci-types.mdtext Wed May 15 15:33:07 2013
@@ -1,10 +1,10 @@
-Title: 4.5.4 ACI types
-NavPrev: 4.5.3-enabling-access-control.html
-NavPrevText: 4.5.3 - Enabling Access Control
-NavUp: 4.5-authorization.html
-NavUpText: 4.5 - Authorization
-NavNext: 4.5.5-aci-elements.html
-NavNextText: 4.5.5 Aci Elements
+Title: 4.2.4 ACI types
+NavPrev: 4.2.3-enabling-access-control.html
+NavPrevText: 4.2.3 - Enabling Access Control
+NavUp: 4.2-authorization.html
+NavUpText: 4.2 - Authorization
+NavNext: 4.2.5-aci-elements.html
+NavNextText: 4.2.5 Aci Elements
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-
+# 4.2.4 ACI types
Three different types of ACI exist. All types use the same specification
syntax for an ACIITem. These types differ in their placement and manner of
@@ -30,6 +30,6 @@ use within the directory.
## Chapter content
-* [4.5.4.1 - Entry Aci](4.5.4.1-entryaci.html)
-* [4.5.4.2 - Prescriptive Aci](4.5.4.2-prescriptiveaci.html)
-* [4.5.4.3 - Subentry Aci](4.5.4.3-subentryaci.html)
+* [4.2.4.1 - Entry Aci](4.2.4.1-entryaci.html)
+* [4.2.4.2 - Prescriptive Aci](4.2.4.2-prescriptiveaci.html)
+* [4.2.4.3 - Subentry Aci](4.2.4.3-subentryaci.html)
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.5.4.1-entryaci.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4.1-entryaci.mdtext Wed May 15 15:33:07 2013
@@ -1,10 +1,10 @@
-Title: 4.5.4.1 EntryACI
-NavPrev: 4.5.4-aci-types.html
-NavPrevText: 4.5.4 - Aci Types
-NavUp: 4.5.4-aci-types.html
-NavUpText: 4.5.4 - Aci Types
-NavNext: 4.5.4.2-prescriptiveaci.html
-NavNextText: 4.5.4.2 Prescriptive Aci
+Title: 4.2.4.1 EntryACI
+NavPrev: 4.2.4-aci-types.html
+NavPrevText: 4.2.4 - Aci Types
+NavUp: 4.2.4-aci-types.html
+NavUpText: 4.2.4 - Aci Types
+NavNext: 4.2.4.2-prescriptiveaci.html
+NavNextText: 4.2.4.2 Prescriptive Aci
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-
+# 4.2.4.1 EntryACI
Entry ACI are access controls added to entries to protect that entry
@@ -31,11 +31,10 @@ resides. When performing an operation on
presence of the multivalued operational attribute, *entryACI*. The values
of the entryACI attribute contain ACIItems.
-{note}
-
+<DIV class="info" markdown="1">
There is one exception to the rule of consulting entryACI attributes within
ApacheDS: add operations do not consult the entryACI within the entry being
added. This is a security precaution. (??? Check this sentence) If allowed
users can arbitrarily add entries where they wanted by putting entryACI
into the new entry being added. This could compromise the DSA.
-{note}
+</DIV>
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.5.4.2-prescriptiveaci.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4.2-prescriptiveaci.mdtext Wed May 15 15:33:07 2013
@@ -1,10 +1,10 @@
-Title: 4.5.4.2 PrescriptiveACI
-NavPrev: 4.5.4.1-entryaci.html
-NavPrevText: 4.5.4.1 - Entry Aci
-NavUp: 4.5.4-aci-types.html
-NavUpText: 4.5.4 - Aci Types
-NavNext: 4.5.4.3-subentryaci.html
-NavNextText: 4.5.4.3 Subentry Aci
+Title: 4.2.4.2 PrescriptiveACI
+NavPrev: 4.2.4.1-entryaci.html
+NavPrevText: 4.2.4.1 - Entry Aci
+NavUp: 4.2.4-aci-types.html
+NavUpText: 4.2.4 - Aci Types
+NavNext: 4.2.4.3-subentryaci.html
+NavNextText: 4.2.4.3 Subentry Aci
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,12 +22,14 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
+# 4.2.4.2 PrescriptiveACI
+
Prescriptive ACI are access controls that are applied to a collection of
entries, not just to a single entry. Collections of entries are defined by
the subtreeSpecifications of subentries. Hence prescriptive ACI are added
to subentries as attributes and are applied by ApacheDS to the entries
selected by the subentry's subtreeSpecification. ApacheDS uses the
-*prescriptiveACI* multivalued operational attribute within subentries to
+**prescriptiveACI** multivalued operational attribute within subentries to
contain ACIItems that apply to the entry collection.
Prescriptive ACI can save much effort when trying to control access to a
@@ -42,7 +44,8 @@ Users should try to avoid entry ACIs whe
prescriptive ACIs instead. Entry ACIs are more for managing exceptional
cases and should not be used excessively.
-{info:title=How it works!}
+<DIV class="info" markdown="1">
+**How it works!**
For every type of LDAP operation, ApacheDS checks to see if any access
control subentries include the protected entry in their collection. The set
of subentries which include the protected entry are discovered very rapidly
@@ -56,4 +59,4 @@ ACI information in a special form called
ACIItem parsing and conversion to an optimal representations for evaluation
is not required at access time. This way access based on prescriptive ACIs
is determined very rapidly.
-{info}
+</DIV>
Copied: directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext (from r1481927, directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext)
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext?p2=directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext&p1=directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext&r1=1481927&r2=1482903&rev=1482903&view=diff
==============================================================================
--- directory/site/trunk/content/apacheds/advanced-ug/4.5.4.3-subentryaci.mdtext (original)
+++ directory/site/trunk/content/apacheds/advanced-ug/4.2.4.3-subentryaci.mdtext Wed May 15 15:33:07 2013
@@ -1,10 +1,10 @@
-Title: 4.5.4.3 SubentryACI
-NavPrev: 4.5.4.2-prescriptiveaci.html
-NavPrevText: 4.5.4.2 - Prescriptive Aci
-NavUp: 4.5.4-aci-types.html
-NavUpText: 4.5.4 - Aci Types
-NavNext: 4.5.5-aci-elements.html
-NavNextText: 4.5.5 Aci Elements
+Title: 4.2.4.3 SubentryACI
+NavPrev: 4.2.4.2-prescriptiveaci.html
+NavPrevText: 4.2.4.2 - Prescriptive Aci
+NavUp: 4.2.4-aci-types.html
+NavUpText: 4.2.4 - Aci Types
+NavNext: 4.2.5-aci-elements.html
+NavNextText: 4.2.5 Aci Elements
Notice: Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
@@ -22,7 +22,7 @@ Notice: Licensed to the Apache Software
specific language governing permissions and limitations
under the License.
-
+# 4.2.4.3 SubentryACI
Access to subentries also needs to be controlled. Subentries are special in
ApacheDS. Although they subordinate to an administrative entry (entry of an