Hi,
I thought it would be less confusing to start another thread for my
second proposed change to the wiki. This one is a little more complex
and so please don't trust me too much!
Firstly, I attach a small change to the Basic Users Guide, section 3.2.
This section currently states that Studio is the only way to activate
the ACI subsystem, so I have re-worded it and incorporated a link to the
appropriate page in the Advanced Users Guide.
Secondly, I attach a change to two pages in the Advanced Users Guide.
The main change replaces the TODO with new content. However, I
discovered the markdown in a table on the parent page had syntax errors
in two urls, so I have (hopefully) fixed these to make them render as
proper hyperlinks.
Regards,
Brian
Index: 3.2-basic-authorization.mdtext
===================================================================
--- 3.2-basic-authorization.mdtext (revision 1790655)
+++ 3.2-basic-authorization.mdtext (working copy)
@@ -145,10 +145,12 @@
### Enable the ACI Subsystem
-The authorization (ACI) subsystem is disabled by default. You have to enable it using the _Apache Directory Studio_ configuration editor :
+The authorization (ACI) subsystem is disabled by default. It is recommended that you enable it using the _Apache Directory Studio_ configuration editor as follows :
+However, ACI subsystem can also be enabled with an ldapmodify operation. [This technique discussed in the Advanced User Guide](apacheds/advanced-ug/4.2.3-enabling-access-control.html).
+
A restart of the server is necessary for this change to take effect.
### Further configuration tasks to perform afterwards
Index: 4.2-authorization.mdtext
===================================================================
--- 4.2-authorization.mdtext (revision 1790655)
+++ 4.2-authorization.mdtext (working copy)
@@ -75,7 +75,7 @@
| Trail | Description |
|---|---|
| DenySubentryAccess (TBW) | Protecting access to subentries themselves. || Enabling access to browse and read all entries and their attributes by authenticated users. |
-| Allow Self Password Modify](4.2.7.2-allow-self-password-modify.html) | Granting users the rights needed to change their own passwords. |
+| [Allow Self Password Modify](apacheds/advanced-ug/4.2.7.2-allow-self-password-modify.html) | Granting users the rights needed to change their own passwords. |
| GrantAddDelModToGroup (TBW) | Granting add, delete, and modify permissions to a group of users. |
| GrantModToEntry (TBW) | Applying ACI to a single entry. |
-| Enable Authenticated Users to Browse and Read Entries](4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html)
+| [Enable Authenticated Users to Browse and Read Entries](apacheds/advanced-ug/4.2.7.1-enable-authenticated-users-to-browse-and-read-entries.html)
Index: 4.2.3-enabling-access-control.mdtext
===================================================================
--- 4.2.3-enabling-access-control.mdtext (revision 1790655)
+++ 4.2.3-enabling-access-control.mdtext (working copy)
@@ -25,4 +25,29 @@
# 4.2.3 - Enabling Access Control
-TODO...
\ No newline at end of file
+The Access Control Subsystem (ACI) is described in the Basic User Guide. The ACI is disabled by default and the simplest way to enable it is to [use Apache Directory Studio](apacheds/basic-ug/3.2-basic-authorization.html#enable-the-aci-subsystem).
+
+After the server has started, the relevant entry can be found in *config.ldif_migrated* :
+
+ # default, config
+ dn: ads-directoryServiceId=default,ou=config
+ ads-directoryserviceid: default
+ ads-dssyncperiodmillis: 15000
+ ads-dsallowanonymousaccess: TRUE
+ ads-dsreplicaid: 1
+ ads-dsaccesscontrolenabled: FALSE
+ ads-dspasswordhidden: FALSE
+ ads-dsdenormalizeopattrsenabled: FALSE
+ ads-enabled: TRUE
+ objectclass: top
+ objectclass: ads-base
+ objectclass: ads-directoryService
+
+
+The following ldapmodify (by the admin user) will activate the ACI Subsystem when the server is next restarted :
+
+ dn: ads-directoryServiceId=default,ou=config
+ changetype: modify
+ replace: ads-dsaccesscontrolenabled
+ ads-dsaccesscontrolenabled: TRUE
+
