From ae57abea41b1a1c805fee27ffcfeabc0ae07e969 Mon Sep 17 00:00:00 2001 From: Mark Craig <mark.craig@forgerock.com> Date: Mon, 31 Mar 2014 07:17:12 +0000 Subject: [PATCH] Backport CR-3283 Fix for Server docs patch for OPENDJ-980: Allow copy/ paste of formatted shell commands; OPENDJ-1376: Add <userinput> and potential <computeroutput> to <screen> content --- opends/src/main/docbkx/admin-guide/chap-groups.xml | 305 +++++++++++++++++++++++++++----------------------- 1 files changed, 167 insertions(+), 138 deletions(-) diff --git a/opends/src/main/docbkx/admin-guide/chap-groups.xml b/opends/src/main/docbkx/admin-guide/chap-groups.xml index 69b6623..6d7e1f9 100644 --- a/opends/src/main/docbkx/admin-guide/chap-groups.xml +++ b/opends/src/main/docbkx/admin-guide/chap-groups.xml @@ -20,15 +20,15 @@ ! ! CCPL HEADER END ! - ! Copyright 2011-2013 ForgeRock AS + ! Copyright 2011-2014 ForgeRock AS ! --> <chapter xml:id='chap-groups' xmlns='http://docbook.org/ns/docbook' version='5.0' xml:lang='en' xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' - xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd' - xmlns:xlink='http://www.w3.org/1999/xlink' - xmlns:xinclude='http://www.w3.org/2001/XInclude'> + xsi:schemaLocation='http://docbook.org/ns/docbook + http://docbook.org/xml/5.0/xsd/docbook.xsd' + xmlns:xlink='http://www.w3.org/1999/xlink'> <title>Working With Groups of Entries</title> <para>OpenDJ supports several methods of grouping entries in the directory. @@ -52,18 +52,20 @@ generated data during setup and did not create an organizational unit for groups yet, create the entry before you try the examples.</para> - <screen>$ ldapmodify - --defaultAdd - --port 1389 - --bindDN "cn=Directory Manager" + <screen> +$ <userinput>ldapmodify \ + --defaultAdd \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ --bindPassword password dn: ou=Groups,dc=example,dc=com objectClass: organizationalunit objectClass: top ou: Groups - -Processing ADD request for ou=Groups,dc=example,dc=com -ADD operation successful for DN ou=Groups,dc=example,dc=com</screen> +</userinput> +<computeroutput>Processing ADD request for ou=Groups,dc=example,dc=com +ADD operation successful for DN ou=Groups,dc=example,dc=com</computeroutput> + </screen> </tip> <section xml:id="static-groups"> @@ -102,8 +104,9 @@ <para>To create a static group, add a group entry such as the following to the directory.</para> - <screen>$ cat static.ldif -dn: cn=My Static Group,ou=Groups,dc=example,dc=com + <screen> +$ <userinput>cat static.ldif</userinput> +<computeroutput>dn: cn=My Static Group,ou=Groups,dc=example,dc=com cn: My Static Group objectClass: groupOfNames objectClass: top @@ -111,38 +114,43 @@ member: uid=ahunter,ou=People,dc=example,dc=com member: uid=bjensen,ou=People,dc=example,dc=com member: uid=tmorris,ou=People,dc=example,dc=com +</computeroutput> -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - --defaultAdd - --filename static.ldif -Processing ADD request for cn=My Static Group,ou=Groups,dc=example,dc=com -ADD operation successful for DN cn=My Static Group,ou=Groups,dc=example,dc=com</screen> +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --defaultAdd \ + --filename static.ldif</userinput> +<computeroutput>Processing ADD request for cn=My Static Group,ou=Groups,dc=example,dc=com +ADD operation successful for DN cn=My Static Group,ou=Groups,dc=example,dc=com</computeroutput> + </screen> <para>To change group membership, modify the values of the membership attribute.</para> - <screen>$ cat add2grp.ldif -dn: cn=My Static Group,ou=Groups,dc=example,dc=com + <screen> +$ <userinput>cat add2grp.ldif</userinput> +<computeroutput>dn: cn=My Static Group,ou=Groups,dc=example,dc=com changetype: modify add: member member: uid=scarter,ou=People,dc=example,dc=com +</computeroutput> -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - --filename add2grp.ldif -Processing MODIFY request for cn=My Static Group,ou=Groups,dc=example,dc=com +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --filename add2grp.ldif</userinput> +<computeroutput>Processing MODIFY request for cn=My Static Group,ou=Groups,dc=example,dc=com MODIFY operation successful for DN cn=My Static Group,ou=Groups,dc=example,dc=com -$ ldapsearch - --port 1389 - --baseDN dc=example,dc=com - "(cn=My Static Group)" -dn: cn=My Static Group,ou=Groups,dc=example,dc=com +</computeroutput> +$ <userinput>ldapsearch \ + --port 1389 \ + --baseDN dc=example,dc=com \ + "(cn=My Static Group)"</userinput> +<computeroutput>dn: cn=My Static Group,ou=Groups,dc=example,dc=com ou: Groups objectClass: groupOfNames objectClass: top @@ -150,7 +158,8 @@ member: uid=bjensen,ou=People,dc=example,dc=com member: uid=tmorris,ou=People,dc=example,dc=com member: uid=scarter,ou=People,dc=example,dc=com -cn: My Static Group</screen> +cn: My Static Group</computeroutput> + </screen> <para>RFC 4519 says a <literal>groupOfNames</literal> entry must have at least one member. Although OpenDJ allows you to create a @@ -159,25 +168,27 @@ <literal>groupOfEntries</literal> object class as shown in the following example.</para> - <screen>$ cat group-of-entries.ldif -dn: cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com + <screen> +$ <userinput>cat group-of-entries.ldif</userinput> +<computeroutput>dn: cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com cn: Initially Empty Static Group objectClass: groupOfEntries objectClass: top ou: Groups - -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - --defaultAdd - --filename group-of-entries.ldif -Processing ADD request for +</computeroutput> +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --defaultAdd \ + --filename group-of-entries.ldif</userinput> +<computeroutput>Processing ADD request for cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com ADD operation successful for DN cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com -$ cat add-members.ldif -# Now add some members to the group. +</computeroutput> +$ <userinput>cat add-members.ldif</userinput> +<computeroutput># Now add some members to the group. dn: cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com changetype: modify add: member @@ -185,16 +196,17 @@ member: uid=bjensen,ou=People,dc=example,dc=com member: uid=tmorris,ou=People,dc=example,dc=com member: uid=scarter,ou=People,dc=example,dc=com - -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - --filename add-members.ldif -Processing MODIFY request for +</computeroutput> +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --filename add-members.ldif</userinput> +<computeroutput>Processing MODIFY request for cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com MODIFY operation successful for DN - cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com</screen> + cn=Initially Empty Static Group,ou=Groups,dc=example,dc=com</computeroutput> + </screen> </section> <section xml:id="dynamic-groups"> @@ -220,62 +232,66 @@ is Cupertino). Change the filter if your data is different, and so no entries have <literal>l: Cupertino</literal>.</para> - <screen>$ cat dynamic.ldif -dn: cn=My Dynamic Group,ou=Groups,dc=example,dc=com + <screen> +$ <userinput>cat dynamic.ldif</userinput> +<computeroutput>dn: cn=My Dynamic Group,ou=Groups,dc=example,dc=com cn: My Dynamic Group objectClass: top objectClass: groupOfURLs ou: Groups memberURL: ldap:///ou=People,dc=example,dc=com??sub?l=Cupertino - -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - --defaultAdd - --filename dynamic.ldif -Processing ADD request for cn=My Dynamic Group,ou=Groups,dc=example,dc=com -ADD operation successful for DN cn=My Dynamic Group,ou=Groups,dc=example,dc=com</screen> +</computeroutput> +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --defaultAdd \ + --filename dynamic.ldif</userinput> +<computeroutput>Processing ADD request for cn=My Dynamic Group,ou=Groups,dc=example,dc=com +ADD operation successful for DN cn=My Dynamic Group,ou=Groups,dc=example,dc=com</computeroutput> + </screen> <para>Group membership changes dynamically as entries change to match the <literal>memberURL</literal> values.</para> - <screen>$ ldapsearch - --port 1389 - --baseDN dc=example,dc=com - "(&(uid=*jensen)(isMemberOf=cn=My Dynamic Group,ou=Groups,dc=example,dc=com))" - mail -dn: uid=bjensen,ou=People,dc=example,dc=com + <screen width="81"> +$ <userinput>ldapsearch \ + --port 1389 \ + --baseDN dc=example,dc=com \ + "(&(uid=*jensen)(isMemberOf=cn=My Dynamic Group,ou=Groups,dc=example,dc=com))" \ + mail</userinput> +<computeroutput>dn: uid=bjensen,ou=People,dc=example,dc=com mail: bjensen@example.com dn: uid=rjensen,ou=People,dc=example,dc=com mail: rjensen@example.com - -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password -dn: uid=ajensen,ou=People,dc=example,dc=com +</computeroutput> +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password</userinput> +<computeroutput>dn: uid=ajensen,ou=People,dc=example,dc=com changetype: modify replace: l l: Cupertino Processing MODIFY request for uid=ajensen,ou=People,dc=example,dc=com -MODIFY operation successful for DN uid=ajensen,ou=People,dc=example,dc=com -^D -$ ldapsearch - --port 1389 - --baseDN dc=example,dc=com - "(&(uid=*jensen)(isMemberOf=cn=My Dynamic Group,ou=Groups,dc=example,dc=com))" - mail -dn: uid=ajensen,ou=People,dc=example,dc=com +MODIFY operation successful for DN uid=ajensen,ou=People,dc=example,dc=com</computeroutput> +<userinput>^D</userinput> +$ <userinput>ldapsearch \ + --port 1389 \ + --baseDN dc=example,dc=com \ + "(&(uid=*jensen)(isMemberOf=cn=My Dynamic Group,ou=Groups,dc=example,dc=com))" \ + mail</userinput> +<computeroutput>dn: uid=ajensen,ou=People,dc=example,dc=com mail: ajensen@example.com dn: uid=bjensen,ou=People,dc=example,dc=com mail: bjensen@example.com dn: uid=rjensen,ou=People,dc=example,dc=com -mail: rjensen@example.com</screen> +mail: rjensen@example.com</computeroutput> + </screen> </section> <section xml:id="virtual-static-groups"> @@ -303,38 +319,42 @@ <literal>Virtual Static member</literal> or <literal>Virtual Static uniqueMember</literal> property.</para> - <screen>$ dsconfig - set-virtual-attribute-prop - --port 4444 - --hostname opendj.example.com - --bindDN "cn=Directory Manager" - --bindPassword password - --name "Virtual Static member" - --set allow-retrieving-membership:true - --trustAll - --no-prompt</screen> + <screen> +$ <userinput>dsconfig \ + set-virtual-attribute-prop \ + --port 4444 \ + --hostname opendj.example.com \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --name "Virtual Static member" \ + --set allow-retrieving-membership:true \ + --trustAll \ + --no-prompt</userinput> + </screen> <para>The following example creates a virtual static group, and reads the group entry with all members.</para> - <screen>$ cat virtual.ldif -dn: cn=Virtual Static,ou=Groups,dc=example,dc=com + <screen> +$ <userinput>cat virtual.ldif</userinput> +<computeroutput>dn: cn=Virtual Static,ou=Groups,dc=example,dc=com cn: Virtual Static objectclass: top objectclass: groupOfNames objectclass: ds-virtual-static-group ds-target-group-dn: cn=My Dynamic Group,ou=Groups,dc=example,dc=com +</computeroutput> +$ <userinput>ldapmodify \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --defaultAdd \ + --filename virtual.ldif</userinput> +<computeroutput>Processing ADD request for cn=Virtual Static,ou=Groups,dc=example,dc=com +ADD operation successful for DN cn=Virtual Static,ou=Groups,dc=example,dc=com</computeroutput> -$ ldapmodify - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - --defaultAdd - --filename virtual.ldif -Processing ADD request for cn=Virtual Static,ou=Groups,dc=example,dc=com -ADD operation successful for DN cn=Virtual Static,ou=Groups,dc=example,dc=com -$ ldapsearch --port 1389 --baseDN dc=example,dc=com "(cn=Virtual Static)" -dn: cn=Virtual Static,ou=Groups,dc=example,dc=com +$ <userinput>ldapsearch --port 1389 --baseDN dc=example,dc=com "(cn=Virtual Static)"</userinput> +<computeroutput>dn: cn=Virtual Static,ou=Groups,dc=example,dc=com objectClass: groupOfNames objectClass: ds-virtual-static-group objectClass: top @@ -374,7 +394,8 @@ member: uid=abergin,ou=People,dc=example,dc=com member: uid=mschneid,ou=People,dc=example,dc=com cn: Virtual Static -ds-target-group-dn: cn=My Dynamic Group,ou=Groups,dc=example,dc=com</screen> +ds-target-group-dn: cn=My Dynamic Group,ou=Groups,dc=example,dc=com</computeroutput> + </screen> </section> <section xml:id="group-membership"> @@ -387,15 +408,17 @@ <para>OpenDJ lets you look up which groups a user belongs to by using the <literal>isMemberOf</literal> attribute.</para> - <screen>$ ldapsearch - --port 1389 - --baseDN dc=example,dc=com - uid=bjensen - isMemberOf -dn: uid=bjensen,ou=People,dc=example,dc=com + <screen> +$ <userinput>ldapsearch \ + --port 1389 \ + --baseDN dc=example,dc=com \ + uid=bjensen \ + isMemberOf</userinput> +<computeroutput>dn: uid=bjensen,ou=People,dc=example,dc=com isMemberOf: cn=My Static Group,ou=Groups,dc=example,dc=com isMemberOf: cn=Virtual Static,ou=Groups,dc=example,dc=com -isMemberOf: cn=My Dynamic Group,ou=Groups,dc=example,dc=com</screen> +isMemberOf: cn=My Dynamic Group,ou=Groups,dc=example,dc=com</computeroutput> + </screen> <para>You must request <literal>isMemberOf</literal> explicitly.</para> </section> @@ -416,21 +439,25 @@ referential integrity plugin is disabled by default. To enable the plugin, use the <command>dsconfig</command> command.</para> - <screen>$ dsconfig - set-plugin-prop - --port 4444 - --hostname opendj.example.com - --bindDN "cn=Directory Manager" - --bindPassword password - --plugin-name "Referential Integrity" - --set enabled:true - --trustAll --no-prompt</screen> + <screen> +$ <userinput>dsconfig \ + set-plugin-prop \ + --port 4444 \ + --hostname opendj.example.com \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + --plugin-name "Referential Integrity" \ + --set enabled:true \ + --trustAll \ + --no-prompt</userinput> + </screen> <para>With the plugin enabled, you can see OpenDJ referential integrity resolving group membership automatically.</para> - <screen>$ ldapsearch --port 1389 --baseDN dc=example,dc=com "(cn=My Static Group)" -dn: cn=My Static Group,ou=Groups,dc=example,dc=com + <screen> +$ <userinput>ldapsearch --port 1389 --baseDN dc=example,dc=com "(cn=My Static Group)"</userinput> +<computeroutput>dn: cn=My Static Group,ou=Groups,dc=example,dc=com ou: Groups objectClass: groupOfNames objectClass: top @@ -439,23 +466,25 @@ member: uid=tmorris,ou=People,dc=example,dc=com member: uid=scarter,ou=People,dc=example,dc=com cn: My Static Group +</computeroutput> +$ <userinput>ldapdelete \ + --port 1389 \ + --bindDN "cn=Directory Manager" \ + --bindPassword password \ + uid=scarter,ou=People,dc=example,dc=com</userinput> +<computeroutput>Processing DELETE request for uid=scarter,ou=People,dc=example,dc=com +DELETE operation successful for DN uid=scarter,ou=People,dc=example,dc=com</computeroutput> -$ ldapdelete - --port 1389 - --bindDN "cn=Directory Manager" - --bindPassword password - uid=scarter,ou=People,dc=example,dc=com -Processing DELETE request for uid=scarter,ou=People,dc=example,dc=com -DELETE operation successful for DN uid=scarter,ou=People,dc=example,dc=com -$ ldapsearch --port 1389 --baseDN dc=example,dc=com "(cn=My Static Group)" -dn: cn=My Static Group,ou=Groups,dc=example,dc=com +$ <userinput>ldapsearch --port 1389 --baseDN dc=example,dc=com "(cn=My Static Group)"</userinput> +<computeroutput>dn: cn=My Static Group,ou=Groups,dc=example,dc=com ou: Groups objectClass: groupOfNames objectClass: top cn: My Static Group member: uid=ahunter,ou=People,dc=example,dc=com member: uid=bjensen,ou=People,dc=example,dc=com -member: uid=tmorris,ou=People,dc=example,dc=com</screen> +member: uid=tmorris,ou=People,dc=example,dc=com</computeroutput> + </screen> <para>By default the referential integrity plugin is configured to manage <literal>member</literal> and <literal>uniqueMember</literal> attributes. -- Gitblit v1.10.0