external-software/github_OpenIdentityPlatform_OpenDJ.git

Added missing documentation attachments (#414)

Maxim Thomas

25.00.2024 1cb77604cc0b6d17ece9b40fe800d0a43eb6893f

 opendj-doc-generated-ref/src/main/asciidoc/admin-guide/chap-connection-handlers.adoc

@@ -1049,7 +1049,7 @@
======
The HTTP endpoint configuration is new in OpenDJ 3.5.
======
The default Rest2ldap endpoint exposes the RESTful API demonstrated in xref:../server-dev-guide/chap-rest-operations.adoc#chap-rest-operations["Performing RESTful Operations"] in the __Directory Server Developer's Guide__. The default mapping works out of the box with Example.com data generated as part of the setup process and with example data imported from link:../resources/Example.ldif[Example.ldif, window=\_blank]:
The default Rest2ldap endpoint exposes the RESTful API demonstrated in xref:../server-dev-guide/chap-rest-operations.adoc#chap-rest-operations["Performing RESTful Operations"] in the __Directory Server Developer's Guide__. The default mapping works out of the box with Example.com data generated as part of the setup process and with example data imported from link:../attachments/Example.ldif[Example.ldif, window=\_blank]:

. (Optional)  If necessary, change the properties of the default Rest2ldap endpoint, or create a new endpoint.
+
@@ -1537,7 +1537,7 @@
====
OpenDJ directory server has a handler for HTTP connections where it exposes the RESTful API demonstrated in xref:../server-dev-guide/chap-rest-operations.adoc#chap-rest-operations["Performing RESTful Operations"] in the __Directory Server Developer's Guide__. The HTTP connection handler is not enabled by default.

You configure the mapping between JSON resources and LDAP entries by editing the configuration file for the HTTP connection handler, by default `/path/to/opendj/config/http-config.json`. The configuration is described in xref:../reference/appendix-rest2ldap-3-0.adoc#appendix-rest2ldap-3-0["REST to LDAP Configuration (3.0)"] in the __Reference__. The default mapping works out of the box with Example.com data generated as part of the setup process and with link:../resources/Example.ldif[Example.ldif, window=\_blank]:
You configure the mapping between JSON resources and LDAP entries by editing the configuration file for the HTTP connection handler, by default `/path/to/opendj/config/http-config.json`. The configuration is described in xref:../reference/appendix-rest2ldap-3-0.adoc#appendix-rest2ldap-3-0["REST to LDAP Configuration (3.0)"] in the __Reference__. The default mapping works out of the box with Example.com data generated as part of the setup process and with link:../attachments/Example.ldif[Example.ldif, window=\_blank]:

. Enable the connection handler:
+

 opendj-doc-generated-ref/src/main/asciidoc/admin-guide/chap-privileges-acis.adoc

@@ -1006,7 +1006,7 @@
cn: Babs Jensen
uid: bjensen
----
An example of the captured command is the shell script, link:../resources/captured-global-aci-edits.sh[captured-global-aci-edits.sh, window=\_blank].
An example of the captured command is the shell script, link:../attachments/captured-global-aci-edits.sh[captured-global-aci-edits.sh, window=\_blank].

To reject anonymous access except bind and StartTLS requests, set `reject-unauthenticated-requests:true`:


 opendj-doc-generated-ref/src/main/asciidoc/attachments/Example.ldif

New file
Diff too large

 opendj-doc-generated-ref/src/main/asciidoc/attachments/captured-global-aci-edits.sh

New file
@@ -0,0 +1,38 @@
# The contents of this file are subject to the terms of the Common Development and
# Distribution License (the License). You may not use this file except in compliance with the
# License.
#
# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
# specific language governing permission and limitations under the License.
#
# When distributing Covered Software, include this CDDL Header Notice in each file and include
# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
# Header, with the fields enclosed by brackets [] replaced by your own identifying
# information: "Portions Copyright [year] [name of copyright owner]".
#
# Portions Copyright 2015 ForgeRock AS.

# Captured dsconfig command to replace anonymous read access with authenticated access.
# Edit this script to match your deployment.
#
# This command does not affect global-aci properties allowing anonymous access
# to read the root DSE and to read directory schema definitions,
# nor to use selected LDAP controls and extended operations.
#
# This command works against a server built following the changes introduced
# in http://sources.forgerock.org/changelog/opendj?cs=9325.
# If the global-aci settings are different on your OpenDJ server,
# generate this script for that server as described in the documentation.
#
dsconfig set-access-control-handler-prop \
          --remove global-aci:\(targetattr!=\"userPassword\|\|authPassword\|\|debugsearchindex\|\|changes\|\|changeNumber\|\|changeType\|\|changeTime\|\|targetDN\|\|newRDN\|\|newSuperior\|\|deleteOldRDN\"\)\(version\ 3.0\;\ acl\ \"Anonymous\ read\ access\"\;\ allow\ \(read,search,compare\)\ userdn=\"ldap:///anyone\"\;\) \
          --remove global-aci:\(targetattr=\"createTimestamp\|\|creatorsName\|\|modifiersName\|\|modifyTimestamp\|\|entryDN\|\|entryUUID\|\|subschemaSubentry\|\|etag\|\|governingStructureRule\|\|structuralObjectClass\|\|hasSubordinates\|\|numSubordinates\"\)\(version\ 3.0\;\ acl\ \"User-Visible\ Operational\ Attributes\"\;\ allow\ \(read,search,compare\)\ userdn=\"ldap:///anyone\"\;\) \
          --add global-aci:\(targetattr!=\"userPassword\|\|authPassword\|\|debugsearchindex\|\|changes\|\|changeNumber\|\|changeType\|\|changeTime\|\|targetDN\|\|newRDN\|\|newSuperior\|\|deleteOldRDN\"\)\(version\ 3.0\;\ acl\ \"Authenticated\ read\ access\"\;\ allow\(read,search,compare\)\ userdn=\"ldap:///all\"\;\) \
          --add global-aci:\(targetattr=\"createTimestamp\|\|creatorsName\|\|modifiersName\|\|modifyTimestamp\|\|entryDN\|\|entryUUID\|\|subschemaSubentry\|\|etag\|\|governingStructureRule\|\|structuralObjectClass\|\|hasSubordinates\|\|numSubordinates\"\)\(version\ 3.0\;\ acl\ \"User-Visible\ Operational\ Attributes\"\;\ allow\(read,search,compare\)\ userdn=\"ldap:///all\"\;\) \
          --hostname opendj.example.com \
          --port 4444 \
          --trustStorePath /path/to/opendj/config/admin-truststore \
          --bindDN cn=Directory\ Manager \
          --bindPassword ****** \
          --no-prompt


 opendj-doc-generated-ref/src/main/asciidoc/install-guide/chap-install.adoc

@@ -990,7 +990,7 @@
The LDAP account used to authenticate needs to perform proxied authorization as described in xref:../server-dev-guide/chap-ldap-operations.adoc#proxied-authz["Configuring Proxied Authorization"] in the __Directory Server Developer's Guide__.

+
The default sample configuration configuration is built to work with generated example data and also the sample content in link:../resources/Example.ldif[Example.ldif, window=\_blank]. If your data is different, then you must also change the JSON resource to LDAP entry mapping settings, described in xref:../reference/appendix-rest2ldap.adoc#mappings-json["Mapping Configuration File"] in the __Reference__.
The default sample configuration configuration is built to work with generated example data and also the sample content in link:../attachments/Example.ldif[Example.ldif, window=\_blank]. If your data is different, then you must also change the JSON resource to LDAP entry mapping settings, described in xref:../reference/appendix-rest2ldap.adoc#mappings-json["Mapping Configuration File"] in the __Reference__.
+
For details regarding the configuration, see xref:../reference/appendix-rest2ldap.adoc#appendix-rest2ldap["REST to LDAP Configuration"] in the __Reference__.
+
@@ -1067,7 +1067,7 @@

. Edit `opendj-rest2ldap-servlet.json` where you deployed the gateway web application.
+
The default JSON resource for the configuration includes both connection and authentication information, and also `mappings`. The `mappings` describe how the gateway translates between JSON and LDAP representations of directory data. The default `mappings` are built to work with generated example data and also the sample content in link:../resources/Example.ldif[Example.ldif, window=\_blank].
The default JSON resource for the configuration includes both connection and authentication information, and also `mappings`. The `mappings` describe how the gateway translates between JSON and LDAP representations of directory data. The default `mappings` are built to work with generated example data and also the sample content in link:../attachments/Example.ldif[Example.ldif, window=\_blank].
+
At minimum adjust the following gateway configuration settings:


 opendj-doc-generated-ref/src/main/asciidoc/server-dev-guide/chap-groups.adoc

@@ -43,7 +43,7 @@

[TIP]
====
The examples in this chapter are written with the assumption that an `ou=Groups,dc=example,dc=com` entry already exists. If you imported data from link:../resources/Example.ldif[Example.ldif, window=\_blank], then you already have the entry. If you generated data during setup and did not create an organizational unit for groups yet, create the entry before you try the examples:
The examples in this chapter are written with the assumption that an `ou=Groups,dc=example,dc=com` entry already exists. If you imported data from link:../attachments/Example.ldif[Example.ldif, window=\_blank], then you already have the entry. If you generated data during setup and did not create an organizational unit for groups yet, create the entry before you try the examples:

[source, console]
----

 opendj-doc-generated-ref/src/main/asciidoc/server-dev-guide/chap-ldap-operations.adoc

@@ -1863,7 +1863,7 @@
====
Before you try to bind to OpenDJ directory server using a certificate, create a certificate, then add the certificate attributes to the entry.

link:../resources/Example.ldif[Example.ldif, window=\_blank] includes an entry for `cn=My App,ou=Apps,dc=example,dc=com`. Examples in this section use that entry, and use the Java `keytool` command to manage the certificate:
link:../attachments/Example.ldif[Example.ldif, window=\_blank] includes an entry for `cn=My App,ou=Apps,dc=example,dc=com`. Examples in this section use that entry, and use the Java `keytool` command to manage the certificate:

. Create a certificate using the DN of the client entry as the distinguished name string:
+

 opendj-doc-generated-ref/src/main/asciidoc/server-dev-guide/chap-rest-operations-3-0.adoc

@@ -25,7 +25,7 @@

OpenDJ lets you access directory data as link:http://json.org[JSON, window=\_blank] resources over HTTP. OpenDJ maps JSON resources onto LDAP entries. As a result, REST clients perform many of the same operations as LDAP clients with directory data.

This chapter demonstrates RESTful client operations by using the default configuration and sample directory data imported into OpenDJ directory server as described in xref:../admin-guide/chap-import-export.adoc#import-ldif["To Import LDIF Data"] in the __Administration Guide__, from the LDIF file link:../resources/Example.ldif[Example.ldif, window=\_blank].
This chapter demonstrates RESTful client operations by using the default configuration and sample directory data imported into OpenDJ directory server as described in xref:../admin-guide/chap-import-export.adoc#import-ldif["To Import LDIF Data"] in the __Administration Guide__, from the LDIF file link:../attachments/Example.ldif[Example.ldif, window=\_blank].

[NOTE]
====
@@ -88,7 +88,7 @@
----
By default, both the HTTP connection handler and also the REST to LDAP gateway allow HTTP Basic authentication and HTTP header-based authentication in the style of OpenIDM. The authentication mechanisms translate HTTP authentication to LDAP authentication to the directory server.

When you install OpenDJ either with generated sample user entries or with data from link:../resources/Example.ldif[Example.ldif, window=\_blank], the relative distinguished name (DN) attribute for sample user entries is the user ID (`uid`) attribute. For example, the DN and user ID for Babs Jensen are:
When you install OpenDJ either with generated sample user entries or with data from link:../attachments/Example.ldif[Example.ldif, window=\_blank], the relative distinguished name (DN) attribute for sample user entries is the user ID (`uid`) attribute. For example, the DN and user ID for Babs Jensen are:

[source, ldif]
----

 opendj-doc-generated-ref/src/main/asciidoc/server-dev-guide/chap-rest-operations.adoc

@@ -25,7 +25,7 @@

OpenDJ lets you access directory data as link:http://json.org[JSON, window=\_blank] resources over HTTP. OpenDJ maps JSON resources onto LDAP entries. As a result, REST clients perform many of the same operations as LDAP clients with directory data.

This chapter demonstrates RESTful client operations by using the default configuration and sample directory data imported into OpenDJ directory server as described in xref:../admin-guide/chap-import-export.adoc#import-ldif["To Import LDIF Data"] in the __Administration Guide__, from the LDIF file link:../resources/Example.ldif[Example.ldif, window=\_blank].
This chapter demonstrates RESTful client operations by using the default configuration and sample directory data imported into OpenDJ directory server as described in xref:../admin-guide/chap-import-export.adoc#import-ldif["To Import LDIF Data"] in the __Administration Guide__, from the LDIF file link:../attachments/Example.ldif[Example.ldif, window=\_blank].

[NOTE]
====
@@ -956,7 +956,7 @@
----
By default, both the Rest2ldap endpoint and also the REST to LDAP gateway allow HTTP Basic authentication and HTTP header-based authentication in the style of OpenIDM. The authentication mechanisms translate HTTP authentication to LDAP authentication to the directory server.

When you install OpenDJ either with generated sample user entries or with data from link:../resources/Example.ldif[Example.ldif, window=\_blank], the relative distinguished name (DN) attribute for sample user entries is the user ID (`uid`) attribute. For example, the DN and user ID for Babs Jensen are:
When you install OpenDJ either with generated sample user entries or with data from link:../attachments/Example.ldif[Example.ldif, window=\_blank], the relative distinguished name (DN) attribute for sample user entries is the user ID (`uid`) attribute. For example, the DN and user ID for Babs Jensen are:

[source, ldif]
----

 opendj-doc-generated-ref/src/main/asciidoc/server-dev-guide/chap-virtual-attrs-collective-attrs.adoc

@@ -191,7 +191,7 @@

[NOTE]
======
The following example depends on the `cos` object class, and the `classOfService` attribute type defined but commented out in the link:../resources/Example.ldif[Example.ldif, window=\_blank] file imported as sample data. To try this example for yourself, add the attribute type and object class definitions in comments near the top of the file, and then uncomment the `objectClass: cos` and `classOfService` attribute lines in `Example.ldif` before importing the data into OpenDJ.
The following example depends on the `cos` object class, and the `classOfService` attribute type defined but commented out in the link:../attachments/Example.ldif[Example.ldif, window=\_blank] file imported as sample data. To try this example for yourself, add the attribute type and object class definitions in comments near the top of the file, and then uncomment the `objectClass: cos` and `classOfService` attribute lines in `Example.ldif` before importing the data into OpenDJ.
======
This example positions collective attributes that depend on the `classOfService` attribute values:

@@ -333,7 +333,7 @@
[#example-dept-from-manager]
.Inheriting an Attribute From the Manager's Entry
====
This example demonstrates how to instruct OpenDJ to set an employee's department number using the manager's department number. To try the example, first import link:../resources/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.
This example demonstrates how to instruct OpenDJ to set an employee's department number using the manager's department number. To try the example, first import link:../attachments/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.

For this example, the relationship between employee entries and manager entries is based on the manager attributes on employee entries. Each `manager` attribute on an employee's entry specifies the DN of the manager's entry. OpenDJ retrieves the department number from the manager's entry to populate the attribute on the employee's entry.

@@ -380,7 +380,7 @@
[#example-inherit-from-locality]
.Inheriting Attributes From the Locality
====
This example demonstrates how to instruct OpenDJ to set a user's language preferences and street address based on locality. To try the example, first import link:../resources/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.
This example demonstrates how to instruct OpenDJ to set a user's language preferences and street address based on locality. To try the example, first import link:../attachments/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.

For this example, the relationship between entries is based on locality. The collective attribute subentry specifies how to construct the RDN of the object holding the attribute values to inherit:

			@@ -1049,7 +1049,7 @@
			======
			The HTTP endpoint configuration is new in OpenDJ 3.5.
			======
			The default Rest2ldap endpoint exposes the RESTful API demonstrated in xref:../server-dev-guide/chap-rest-operations.adoc#chap-rest-operations["Performing RESTful Operations"] in the __Directory Server Developer's Guide__. The default mapping works out of the box with Example.com data generated as part of the setup process and with example data imported from link:../resources/Example.ldif[Example.ldif, window=\_blank]:
			The default Rest2ldap endpoint exposes the RESTful API demonstrated in xref:../server-dev-guide/chap-rest-operations.adoc#chap-rest-operations["Performing RESTful Operations"] in the __Directory Server Developer's Guide__. The default mapping works out of the box with Example.com data generated as part of the setup process and with example data imported from link:../attachments/Example.ldif[Example.ldif, window=\_blank]:

			. (Optional) If necessary, change the properties of the default Rest2ldap endpoint, or create a new endpoint.
			+
			@@ -1537,7 +1537,7 @@
			====
			OpenDJ directory server has a handler for HTTP connections where it exposes the RESTful API demonstrated in xref:../server-dev-guide/chap-rest-operations.adoc#chap-rest-operations["Performing RESTful Operations"] in the __Directory Server Developer's Guide__. The HTTP connection handler is not enabled by default.

			You configure the mapping between JSON resources and LDAP entries by editing the configuration file for the HTTP connection handler, by default `/path/to/opendj/config/http-config.json`. The configuration is described in xref:../reference/appendix-rest2ldap-3-0.adoc#appendix-rest2ldap-3-0["REST to LDAP Configuration (3.0)"] in the __Reference__. The default mapping works out of the box with Example.com data generated as part of the setup process and with link:../resources/Example.ldif[Example.ldif, window=\_blank]:
			You configure the mapping between JSON resources and LDAP entries by editing the configuration file for the HTTP connection handler, by default `/path/to/opendj/config/http-config.json`. The configuration is described in xref:../reference/appendix-rest2ldap-3-0.adoc#appendix-rest2ldap-3-0["REST to LDAP Configuration (3.0)"] in the __Reference__. The default mapping works out of the box with Example.com data generated as part of the setup process and with link:../attachments/Example.ldif[Example.ldif, window=\_blank]:

			. Enable the connection handler:
			+

			@@ -1006,7 +1006,7 @@
			cn: Babs Jensen
			uid: bjensen
			----
			An example of the captured command is the shell script, link:../resources/captured-global-aci-edits.sh[captured-global-aci-edits.sh, window=\_blank].
			An example of the captured command is the shell script, link:../attachments/captured-global-aci-edits.sh[captured-global-aci-edits.sh, window=\_blank].

			To reject anonymous access except bind and StartTLS requests, set `reject-unauthenticated-requests:true`:

New file
			@@ -0,0 +1,38 @@
			# The contents of this file are subject to the terms of the Common Development and
			# Distribution License (the License). You may not use this file except in compliance with the
			# License.
			#
			# You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
			# specific language governing permission and limitations under the License.
			#
			# When distributing Covered Software, include this CDDL Header Notice in each file and include
			# the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
			# Header, with the fields enclosed by brackets [] replaced by your own identifying
			# information: "Portions Copyright [year] [name of copyright owner]".
			#
			# Portions Copyright 2015 ForgeRock AS.

			# Captured dsconfig command to replace anonymous read access with authenticated access.
			# Edit this script to match your deployment.
			#
			# This command does not affect global-aci properties allowing anonymous access
			# to read the root DSE and to read directory schema definitions,
			# nor to use selected LDAP controls and extended operations.
			#
			# This command works against a server built following the changes introduced
			# in http://sources.forgerock.org/changelog/opendj?cs=9325.
			# If the global-aci settings are different on your OpenDJ server,
			# generate this script for that server as described in the documentation.
			#
			dsconfig set-access-control-handler-prop \
			--remove global-aci:\(targetattr!=\"userPassword\\|\\|authPassword\\|\\|debugsearchindex\\|\\|changes\\|\\|changeNumber\\|\\|changeType\\|\\|changeTime\\|\\|targetDN\\|\\|newRDN\\|\\|newSuperior\\|\\|deleteOldRDN\"\)\(version\ 3.0\;\ acl\ \"Anonymous\ read\ access\"\;\ allow\ \(read,search,compare\)\ userdn=\"ldap:///anyone\"\;\) \
			--remove global-aci:\(targetattr=\"createTimestamp\\|\\|creatorsName\\|\\|modifiersName\\|\\|modifyTimestamp\\|\\|entryDN\\|\\|entryUUID\\|\\|subschemaSubentry\\|\\|etag\\|\\|governingStructureRule\\|\\|structuralObjectClass\\|\\|hasSubordinates\\|\\|numSubordinates\"\)\(version\ 3.0\;\ acl\ \"User-Visible\ Operational\ Attributes\"\;\ allow\ \(read,search,compare\)\ userdn=\"ldap:///anyone\"\;\) \
			--add global-aci:\(targetattr!=\"userPassword\\|\\|authPassword\\|\\|debugsearchindex\\|\\|changes\\|\\|changeNumber\\|\\|changeType\\|\\|changeTime\\|\\|targetDN\\|\\|newRDN\\|\\|newSuperior\\|\\|deleteOldRDN\"\)\(version\ 3.0\;\ acl\ \"Authenticated\ read\ access\"\;\ allow\(read,search,compare\)\ userdn=\"ldap:///all\"\;\) \
			--add global-aci:\(targetattr=\"createTimestamp\\|\\|creatorsName\\|\\|modifiersName\\|\\|modifyTimestamp\\|\\|entryDN\\|\\|entryUUID\\|\\|subschemaSubentry\\|\\|etag\\|\\|governingStructureRule\\|\\|structuralObjectClass\\|\\|hasSubordinates\\|\\|numSubordinates\"\)\(version\ 3.0\;\ acl\ \"User-Visible\ Operational\ Attributes\"\;\ allow\(read,search,compare\)\ userdn=\"ldap:///all\"\;\) \
			--hostname opendj.example.com \
			--port 4444 \
			--trustStorePath /path/to/opendj/config/admin-truststore \
			--bindDN cn=Directory\ Manager \
			--bindPassword ****** \
			--no-prompt

			@@ -990,7 +990,7 @@
			The LDAP account used to authenticate needs to perform proxied authorization as described in xref:../server-dev-guide/chap-ldap-operations.adoc#proxied-authz["Configuring Proxied Authorization"] in the __Directory Server Developer's Guide__.

			+
			The default sample configuration configuration is built to work with generated example data and also the sample content in link:../resources/Example.ldif[Example.ldif, window=\_blank]. If your data is different, then you must also change the JSON resource to LDAP entry mapping settings, described in xref:../reference/appendix-rest2ldap.adoc#mappings-json["Mapping Configuration File"] in the __Reference__.
			The default sample configuration configuration is built to work with generated example data and also the sample content in link:../attachments/Example.ldif[Example.ldif, window=\_blank]. If your data is different, then you must also change the JSON resource to LDAP entry mapping settings, described in xref:../reference/appendix-rest2ldap.adoc#mappings-json["Mapping Configuration File"] in the __Reference__.
			+
			For details regarding the configuration, see xref:../reference/appendix-rest2ldap.adoc#appendix-rest2ldap["REST to LDAP Configuration"] in the __Reference__.
			+
			@@ -1067,7 +1067,7 @@

			. Edit `opendj-rest2ldap-servlet.json` where you deployed the gateway web application.
			+
			The default JSON resource for the configuration includes both connection and authentication information, and also `mappings`. The `mappings` describe how the gateway translates between JSON and LDAP representations of directory data. The default `mappings` are built to work with generated example data and also the sample content in link:../resources/Example.ldif[Example.ldif, window=\_blank].
			The default JSON resource for the configuration includes both connection and authentication information, and also `mappings`. The `mappings` describe how the gateway translates between JSON and LDAP representations of directory data. The default `mappings` are built to work with generated example data and also the sample content in link:../attachments/Example.ldif[Example.ldif, window=\_blank].
			+
			At minimum adjust the following gateway configuration settings:

			@@ -43,7 +43,7 @@

			[TIP]
			====
			The examples in this chapter are written with the assumption that an `ou=Groups,dc=example,dc=com` entry already exists. If you imported data from link:../resources/Example.ldif[Example.ldif, window=\_blank], then you already have the entry. If you generated data during setup and did not create an organizational unit for groups yet, create the entry before you try the examples:
			The examples in this chapter are written with the assumption that an `ou=Groups,dc=example,dc=com` entry already exists. If you imported data from link:../attachments/Example.ldif[Example.ldif, window=\_blank], then you already have the entry. If you generated data during setup and did not create an organizational unit for groups yet, create the entry before you try the examples:

			[source, console]
			----

			@@ -1863,7 +1863,7 @@
			====
			Before you try to bind to OpenDJ directory server using a certificate, create a certificate, then add the certificate attributes to the entry.

			link:../resources/Example.ldif[Example.ldif, window=\_blank] includes an entry for `cn=My App,ou=Apps,dc=example,dc=com`. Examples in this section use that entry, and use the Java `keytool` command to manage the certificate:
			link:../attachments/Example.ldif[Example.ldif, window=\_blank] includes an entry for `cn=My App,ou=Apps,dc=example,dc=com`. Examples in this section use that entry, and use the Java `keytool` command to manage the certificate:

			. Create a certificate using the DN of the client entry as the distinguished name string:
			+

			@@ -25,7 +25,7 @@

			OpenDJ lets you access directory data as link:http://json.org[JSON, window=\_blank] resources over HTTP. OpenDJ maps JSON resources onto LDAP entries. As a result, REST clients perform many of the same operations as LDAP clients with directory data.

			This chapter demonstrates RESTful client operations by using the default configuration and sample directory data imported into OpenDJ directory server as described in xref:../admin-guide/chap-import-export.adoc#import-ldif["To Import LDIF Data"] in the __Administration Guide__, from the LDIF file link:../resources/Example.ldif[Example.ldif, window=\_blank].
			This chapter demonstrates RESTful client operations by using the default configuration and sample directory data imported into OpenDJ directory server as described in xref:../admin-guide/chap-import-export.adoc#import-ldif["To Import LDIF Data"] in the __Administration Guide__, from the LDIF file link:../attachments/Example.ldif[Example.ldif, window=\_blank].

			[NOTE]
			====
			@@ -88,7 +88,7 @@
			----
			By default, both the HTTP connection handler and also the REST to LDAP gateway allow HTTP Basic authentication and HTTP header-based authentication in the style of OpenIDM. The authentication mechanisms translate HTTP authentication to LDAP authentication to the directory server.

			When you install OpenDJ either with generated sample user entries or with data from link:../resources/Example.ldif[Example.ldif, window=\_blank], the relative distinguished name (DN) attribute for sample user entries is the user ID (`uid`) attribute. For example, the DN and user ID for Babs Jensen are:
			When you install OpenDJ either with generated sample user entries or with data from link:../attachments/Example.ldif[Example.ldif, window=\_blank], the relative distinguished name (DN) attribute for sample user entries is the user ID (`uid`) attribute. For example, the DN and user ID for Babs Jensen are:

			[source, ldif]
			----

			@@ -191,7 +191,7 @@

			[NOTE]
			======
			The following example depends on the `cos` object class, and the `classOfService` attribute type defined but commented out in the link:../resources/Example.ldif[Example.ldif, window=\_blank] file imported as sample data. To try this example for yourself, add the attribute type and object class definitions in comments near the top of the file, and then uncomment the `objectClass: cos` and `classOfService` attribute lines in `Example.ldif` before importing the data into OpenDJ.
			The following example depends on the `cos` object class, and the `classOfService` attribute type defined but commented out in the link:../attachments/Example.ldif[Example.ldif, window=\_blank] file imported as sample data. To try this example for yourself, add the attribute type and object class definitions in comments near the top of the file, and then uncomment the `objectClass: cos` and `classOfService` attribute lines in `Example.ldif` before importing the data into OpenDJ.
			======
			This example positions collective attributes that depend on the `classOfService` attribute values:

			@@ -333,7 +333,7 @@
			[#example-dept-from-manager]
			.Inheriting an Attribute From the Manager's Entry
			====
			This example demonstrates how to instruct OpenDJ to set an employee's department number using the manager's department number. To try the example, first import link:../resources/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.
			This example demonstrates how to instruct OpenDJ to set an employee's department number using the manager's department number. To try the example, first import link:../attachments/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.

			For this example, the relationship between employee entries and manager entries is based on the manager attributes on employee entries. Each `manager` attribute on an employee's entry specifies the DN of the manager's entry. OpenDJ retrieves the department number from the manager's entry to populate the attribute on the employee's entry.

			@@ -380,7 +380,7 @@
			[#example-inherit-from-locality]
			.Inheriting Attributes From the Locality
			====
			This example demonstrates how to instruct OpenDJ to set a user's language preferences and street address based on locality. To try the example, first import link:../resources/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.
			This example demonstrates how to instruct OpenDJ to set a user's language preferences and street address based on locality. To try the example, first import link:../attachments/Example.ldif[Example.ldif, window=\_blank] into OpenDJ in order to load the appropriate sample data.

			For this example, the relationship between entries is based on locality. The collective attribute subentry specifies how to construct the RDN of the object holding the attribute values to inherit: