[
https://issues.apache.org/jira/browse/DIR-179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12473918
]
Stefan Zoerner commented on DIR-179:
------------------------------------
Ole, has the content been applied to the documentation?
The site has been revamped completetly, and I would like to clean up relevant
issues/tasks at JIRA..
> User Documentation Update
> -------------------------
>
> Key: DIR-179
> URL: https://issues.apache.org/jira/browse/DIR-179
> Project: Directory
> Issue Type: Task
> Components: sitedocs
> Environment: N/A
> Reporter: Ole Ersoy
> Assigned To: Ole Ersoy
> Priority: Minor
>
> Updates to the user documentation. The subversion patch is pasted below.
> Index: /home/ole/workspace-mdc0/mdc.multi/users/authentication.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/authentication.xml
> (revision 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/authentication.xml
> (working copy)
> @@ -206,8 +206,8 @@
> <p>
> The authenticator class has to extend the
> org.apache.ldap.server.auth.AbstractAuthenticator. This class needs to have a
> -no-argument constructor that calls the super() constructor with parameter the
> -authentication mechanism it is going to handle. In the above example,
> +no-argument constructor that calls the super() constructor with the
> authentication parameter the mechanism is
> +going to handle. In the above example,
> MyAuthenticator class is going to handle the simple authentication
> mechanism. To
> implement a SASL mechanism you need to call super() with the name of the SASL
> mechanism, e.g. super( "DIGEST-MD5"
> Index: /home/ole/workspace-mdc0/mdc.multi/users/authorization.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/authorization.xml
> (revision 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/authorization.xml
> (working copy)
> @@ -36,7 +36,7 @@
> <subsection heading="h3" name="Entry ACI">
> <p>
> Entry ACI are access controls added to entries to protect that entry
> -specifically. Meaning the protoected entry is the entry where the ACI
> resides.
> +specifically. Meaning the protected entry is the entry where the ACI resides.
> When performing an operation on an entry, ApacheDS checks for the presence of
> the multivalued operational attribute, *entryACI*. The values of the entryACI
> attribute contain
> @@ -116,7 +116,7 @@
> Access to subentries also needs to be controlled. Subentries are special in
> ApacheDS. Although they subordinate to an administrative entry (entry of an
> Administrative Point), they are technically considered to be in the same
> context
> -as their administrative entry. ApacheDS considers the perscriptive ACI
> applied
> +as their administrative entry. ApacheDS considers the prescriptive ACI
> applied
> to the administrative entry, to also apply to its
> subentries.</p>
> <p>
> Index: /home/ole/workspace-mdc0/mdc.multi/users/collective.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/collective.xml (revision
> 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/collective.xml (working copy)
> @@ -30,7 +30,7 @@
> collective attribute can be used in a subentry. Changes to the value of this
> attribute would immediately be reflected to those entries selected by the
> subtreeSpecification of subentry. For more information on specifying subtrees
> -take
> +take a look at
> at
> <a href="./subentries.html">Subentries</a>
> .
> Index: /home/ole/workspace-mdc0/mdc.multi/users/configuration.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/configuration.xml
> (revision 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/configuration.xml
> (working copy)
> @@ -52,7 +52,7 @@
> schemas>)</li>
> <li>
> contextPartitionConfigurations - A collection of
> ContextPartitionConfigurations.
> -ContextPartitionConfiguration specified ContextPartitions that consist the
> +ContextPartitionConfiguration specified ContextPartitions that define the the
> ApacheDS DIT. (Default: no context partitions except system
> partition)</li>
> <li>
> @@ -129,7 +129,7 @@
> <section heading="h1" name="Using Spring Framework">
> <p>
> The configuration API is designed to fit tightly
> -with
> +with the
> <a href="http://www.springframework.org/";>Spring Framework</a>
> . Here is an example beans xml
> file:
> Index: /home/ole/workspace-mdc0/mdc.multi/users/enablesearchforallusers.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/enablesearchforallusers.xml
> (revision 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/enablesearchforallusers.xml
> (working copy)
> @@ -137,7 +137,7 @@
> </source>
> <p>
> There are several parameters to this simple ACIItem. Here's a breif
> -exaplanation of each field and it's meaning or
> +explanation of each field and it's meaning or
> significance.</p>
> <table>
> <tr>
> @@ -191,7 +191,7 @@
> </table>
> <subsection heading="h2" name="identificationTag">
> <p>
> -The identificationTag is just that a tag. It's often used with a subtring
> +The identificationTag is just a tag that is used often with a subtring
> search filter to lookup a specific ACIItem within an entry. One or more
> ACIItems may be present within a subentry, zero or more in entries, so this
> serves as a means to address the ACIItem within
> @@ -199,7 +199,7 @@
> </subsection>
> <subsection heading="h2" name="precedence">
> <p>
> -Precendence is used to determine the ACI to apply when two or more ACIItem's
> +Precedence is used to determine the ACI to apply when two or more ACIItem's
> applied to an entry conflict. The ACIItem with the highest precedence is
> applied over other conflicting
> ACIItems.</p>
> Index: /home/ole/workspace-mdc0/mdc.multi/users/index.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/index.xml (revision
> 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/index.xml (working copy)
> @@ -9,7 +9,7 @@
> <section heading="h1" name="User's Guide">
> <p>
> This is a simple guide to various ApacheDS features to help users get going.
> -It's be no means
> +It's by no means
> extensive.</p>
> <table>
> <tr>
> @@ -83,7 +83,7 @@
> <a href="./plugin.html">Plugin</a>
> </td>
> <td>
> -How to use the plugin to extends the
> +How to use the plugin to extend the
> schema.</td>
> </tr>
> </table>
> Index: /home/ole/workspace-mdc0/mdc.multi/users/partitions.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/partitions.xml (revision
> 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/partitions.xml (working copy)
> @@ -133,8 +133,8 @@
> on
> <a href="http://www.prevayler.org/wiki.jsp";>Prevayler</a>
> . This is like an in-memory partition but you can save it at the end of the
> day.
> -This might be really useful especially for things the system partition which
> -almost always need to be in memory. The system partition can do this by using
> +This might be really useful for things like the system partition which
> +almost always needs to be in memory. The system partition can do this by
> using
> really large caches equal to the number of entries in the system
> partition.
> </li>
> Index: /home/ole/workspace-mdc0/mdc.multi/users/subentries.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/subentries.xml (revision
> 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/subentries.xml (working copy)
> @@ -9,7 +9,7 @@
> <section heading="h2" name="Introduction">
> <p>
> Subentries are used for managing the administration of different aspects of
> the
> -directory. LDAP has just recently formalized the notion of subentires
> +directory. LDAP has just recently formalized the notion of subentries
> in
> <a href="http://www.faqs.org/rfcs/rfc3672.html";>RFC 3672</a>
> . Subentries have existed within X.500 Directories for years with clear
> @@ -87,7 +87,7 @@
> Presume you're the uber directory administrator over at WallyWorld (a Walmart
> competitor). Let's say WallyWorld uses their corporate directory for various
> things including their product catalog. As the uber admin you're going to
> have a
> -bunch of people wanting access, update and even administer your directory.
> +bunch of people wanting the ability to access, update and administer the
> directory.
> Entire departments within WallyWorld are going to want to control different
> parts of the directory. Sales may want to manage the product catalog, while
> operations may want to manage information in other areas dealing with
> suppliers
> @@ -117,7 +117,7 @@
> Do you really want to manage the corporate product catalog or just let the
> sales
> department manage it? But what do we mean by manage? You want sales people to
> create, and delete entries but they may only trust a few people to do this.
> -Others may just view the catelog. Who are the people with add/remove powers
> and
> +Others may just view the catalog. Who are the people with add/remove powers
> and
> why should you have to be involved with deciding this ever changing
> departmental
> policy? Instead you can delegate the management of access controls in this
> area
> to a administrative contact in the sales department. The sales contact can
> then
> @@ -125,7 +125,7 @@
> sales than you are and they probably have more bandwidth to handle sales
> related
> needs than you do. Delegating authority in this fashion is what X.500
> engineers
> pioneered in the early 80's with the telecom boom in Europe. They knew
> different
> -authorities will want to manage different aspects of directory administration
> +authorities would want to manage different aspects of directory
> administration
> for themselves. These X.500 definitions are there to be able to talk about
> administrative areas within the directory. Now let's get back to what these
> things are
> @@ -137,7 +137,7 @@
> have a partition hanging off of *'dc=example,dc=com'* with an *'ou=product
> catalog'* area. You may want this area to be managed by the sales department
> with respect to the content, schema, it's visibility, and collective
> attributes.
> -Perhaps you only want to delegate only one aspect of administration , access
> +Perhaps you only want to delegate one aspect of administration, access
> control, since you don't want people messing around with schema. To do so you
> can define everything under *'ou=product catalog'* to be an administrative
> area
> specifically for access control and delegate that aspect only. In that case
> the
> Index: /home/ole/workspace-mdc0/mdc.multi/users/userclasses.xml
> ===================================================================
> --- /home/ole/workspace-mdc0/mdc.multi/users/userclasses.xml (revision
> 380975)
> +++ /home/ole/workspace-mdc0/mdc.multi/users/userclasses.xml (working copy)
> @@ -63,9 +63,8 @@
> </table>
> <p>
> These are pretty intuitive. Two other user classes may be a bit less easy to
> -understand or may require some explanation. For these we discuss them in the
> -sections
> -below.</p>
> +understand or may require some explanation. These are discussed in the the
> following sections.
> +</p>
> </section>
> <section heading="h2" name="User Class: userGroup">
> <p>
> @@ -141,7 +140,7 @@
> There is no reason to specify allUsers more than once. More than one type of
> user class mechanism can be used as well. Again some combinations just will
> not
> make sense like having a name based userClass then allUsers. The following
> -ACIItem grants delete abilities to a set of users using more than one
> machanism.
> +ACIItem grants delete abilities to a set of users using more than one
> mechanism.
> It allows jbean, jdoe, all users in the Administrators group to delete
> entries.
> It also allows requestors to delete their own user
> entry.</p>
> Here's a change list I created manuallly (It contains things I did not
> update, but thought was in need of
> clarification...):
> Users Guide
> - http://directory.apache.org/subprojects/apacheds/docs/users/index.html
>
> -------------------------------------------------------------------------
> "be" >> "by" in "be no means extensive"
> -------------------------------------------------------------------------
> extends >> extend in "Using Maven to extends the Schema"
>
> -------------------------------------------------------------------------
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/authentication.html
>
> -------------------------------------------------------------------------
> parameter the authentication mechanism it is going to handle
>
> Interpretation/Fix:
> the authentication parameter the mechanism is going to handle
> -------------------------------------------------------------------------
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/authorization.html
>
> -------------------------------------------------------------------------
> protoected >> protected
> -------------------------------------------------------------------------
>
> NOT FIXED
>
> If allowed users can arbitrarily add entries where they wanted by
> putting
> entryACI into the new entry being added.
>
>
> Interpretation:
> entryACI protect individual entries. So if I were to only allow Alex
> and
> Stefan to update a specific entry, I would store the entryACI in this
> entry,
> and that entryACI would say that only Alex and Stefan are allowed to
> update it.
>
> So when I originally add this entry, I would put the entryACI in along
> with the
> entry right?
>
> If the add operation consulted the entryACI, and I'm not in it, might
> that
> bar me from adding the entry?
>
> Also, if I add myself to the entryACI, then I could add subentries, etc.
> right?
> Is that what we mean by:
>
> "If allowed users can arbitrarily add entries where they wanted by
> putting
> entryACI into the new entry being added"? I would think not, since if I
> add
> myself and I have the authority to add myself, then all is good.
>
>
> -------------------------------------------------------------------------
>
> perscriptive >> prescriptive
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/subentries.html
>
> -------------------------------------------------------------------------
> subentires >> subentries
>
> -------------------------------------------------------------------------
> wanting access, update and even administer the directory
> >> wanting the ability to access, update and administer the directory
>
> -------------------------------------------------------------------------
>
> catelog. >> catalog
>
> -------------------------------------------------------------------------
>
> "will">>"would" in "They knew different
> authorities would want to manage different aspects of directory
> administration
> for themselves."
>
> -------------------------------------------------------------------------
>
> Perhaps you only want to delegate only one aspect of administration ,
> >> Perhaps you only want to delegate one aspect of administration,
>
> -------------------------------------------------------------------------
> NOT FIXED
> disconnected set of selected based
> >> ?????
> -------------------------------------------------------------------------
>
>
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/enablesearchforallusers.html
> -------------------------------------------------------------------------
> exaplanation >> explanation
> -------------------------------------------------------------------------
> The identificationTag is just that a tag
> >>
> The identificationTag is just a tag that is used often with a subtring
> search filter to lookup a specific ACIItem within an entry.
> -------------------------------------------------------------------------
> Precendence>>Precedence
> -------------------------------------------------------------------------
>
>
>
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/userclasses.html
> -------------------------------------------------------------------------
> These are discussed in the the following sections..
> -------------------------------------------------------------------------
> machanism.>>mechanism
> -------------------------------------------------------------------------
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/collective.html
> -------------------------------------------------------------------------
> more information on specifying subtrees take at Subentries
> >>
> For more information on specifying subtrees
> take a look at at
> -------------------------------------------------------------------------
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/configuration.html
> -------------------------------------------------------------------------
> DOUBLE CHECK THIS
> that consist the ApacheDS DIT
> >>
> ContextPartitionConfiguration specifies ContextPartitions that define
> the
> ApacheDS DIT.
>
> -------------------------------------------------------------------------
>
> with Spring Framework
> >>
> The configuration API is designed to fit tightly
> with the
>
> -------------------------------------------------------------------------
>
>
> http://directory.apache.org/subprojects/apacheds/docs/users/partitions.html
>
> really useful especially for things the system partition which almost
> always need to be in memory
> >>
> This might be really useful for things like the system partition which
> almost always needs to be in memory.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
