Bug 985296

Summary: Mistakes in 10.7.4. Use LDAP to Authenticate to the Management Interfaces of Administration and Configuration Guide
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Ondrej Lukas <olukas>
Component: DocumentationAssignee: David Michael <dmichael>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: unspecified Docs Contact: David Michael <dmichael>
Priority: unspecified    
Version: 6.1.1CC: dmichael, jcacek, myarboro, rdickens, smumford, twells
Target Milestone: ER6Keywords: Documentation
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Build: CSProcessor Builder Version 1.11 Build Name: 11865, Administration and Configuration Guide-6.1-4 Build Date: 12-07-2013 01:29:20 Topic ID: 8433-458770 [Specified]
Last Closed: 2014-06-28 15:28:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 953861    
Bug Blocks:    

Description Ondrej Lukas 2013-07-17 09:22:12 UTC 
These mistakes were copied from https://bugzilla.redhat.com/show_bug.cgi?id=953861 because they occure in Administration and Configuration Guide too.

1) 10.7.4. Use LDAP to Authenticate to the Management Interfaces
Table 10.1
 - there shouldn't be attribute name (i.e. name is not an attribute in the model)
 - there is missing attribute "security-realm" - The security realm to reference to obtain a configured SSLContext to use when establishing the connection.

2) There is described rather the XML schema than the model in "Create an LDAP-Enabled Security Realm" section. We should avoid this, editing XML directly is AFAIK not the supported administration way. The model attributes should be described instead:
"connection" => "The name of the connection to use to connect to LDAP.",
"advanced-filter" => "The fully defined filter to be used to search for the user based on their entered user ID. The filter should contain a variable in the form {0} - this will be replaced with the username supplied by the user.",
"base-dn" => "The base distinguished name to commence the search for the user.",
"user-dn" => "The name of the attribute which is the user's distinguished name.",
"recursive" => "Whether the search should be recursive.",  default is false
"username-attribute" => "The name of the attribute to search for the user. This filter will then perform a simple search where the username entered by the user matches the attribute specified here.",
"allow-empty-passwords" => "Should empty passwords be accepted from the user being authenticated.", default is false

3) Example 10.10. Add an LDAP Security Realm
The example doesn't add security realm - there is missing first line in the sample:
/host=master/core-service=management/security-realm=ldap_security_realm:add

4) Example 10.11 should use the realm name used before (in 10.10) - i.e. "ldap_security_realm"
Comment 1 Misty Stanley-Jones 2013-07-25 03:15:59 UTC 
#1 is addressed in revision 481767 of topic 8433.

#2 has been fixed already in bug 953861.

#3 and #4 are now fixed in revision 481768 of topic 8429.

Will be set to ON_QA when the changes are available for review.
Comment 2 Misty Stanley-Jones 2013-08-30 01:45:24 UTC 
Not yet updated.
Comment 4 Josef Cacek 2013-08-30 09:01:23 UTC 
The fixes are not on stage:
http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_JBoss_Enterprise_Application_Platform/6.1/html/Administration_and_Configuration_Guide/Use_LDAP_to_Authenticate_to_the_Management_Interfaces1.html
Comment 11 Ondrej Lukas 2014-06-04 05:36:45 UTC 
Verified on stage for 6.3 Administration and Configuration Guide in Revision 6.3.0-21.