Commit c371349a authored by Gavin Henry's avatar Gavin Henry
Browse files

Docs patches: ITS#5216 and ITS#5217

parent 32c6b7fd
......@@ -3,6 +3,8 @@ OpenLDAP 2.4 Change Log
OpenLDAP 2.4.7 Engineering
Documentation
Fixed grammar errors (ITS#5223)
Refint overlay doc contribution (ITS#5217)
Dynamic Lists doc contribution to the admin guide (ITS#5216)
OpenLDAP 2.4.6 Release (2007/10/31)
Initial release for "general use".
......@@ -14,6 +14,9 @@
## <http://www.OpenLDAP.org/license.html>.
all: guide.html index.html
# for website building (for webmaster use, don't change)
www: guide.html index.html OpenLDAP-Admin-Guide.pdf
sdf-src: \
../plain.sdf \
../preamble.sdf \
......@@ -53,12 +56,15 @@ sdf-src: \
sdf-img: \
../images/LDAPlogo.gif \
allmail-en.png \
allusersgroup-en.png \
config_dit.png \
config_local.png \
config_ref.png \
config_repl.gif \
intro_dctree.png \
intro_tree.png \
refint.png
guide.html: guide.sdf sdf-src sdf-img
sdf -2html guide.sdf
......@@ -69,8 +75,11 @@ index.html: index.sdf sdf-src sdf-img
admin.html: admin.sdf sdf-src sdf-img
sdf -DPDF -2html admin.sdf
guide.pdf: admin.html
htmldoc --batch guide.book
guide.pdf: admin.html guide.book
htmldoc --batch guide.book -f guide.pdf
OpenLDAP-Admin-Guide.pdf: admin.html guide.book
htmldoc --batch guide.book -f OpenLDAP-Admin-Guide.pdf
clean:
rm -f *.pdf *.html *~ *.bak
This diff is collapsed.
......@@ -361,10 +361,6 @@ For more information on concept and limitations, see {{slapd-sql}}(5) man page,
or the {{SECT: Backends}} section. There are also several examples for several
RDBMSes in {{F:back-sql/rdbms_depend/*}} subdirectories.
TO REFERENCE:
http://blogs.sun.com/treydrake/entry/ldap_vs_relational_database
http://blogs.sun.com/treydrake/entry/ldap_vs_relational_database_part
H2: What is slapd and what can it do?
......
......@@ -211,11 +211,86 @@ H2: Dynamic Lists
H3: Overview
This overlay allows expansion of dynamic groups and more.
This overlay allows expansion of dynamic groups and lists. Instead of having the
group members or list attributes hard coded, this overlay allows us to define
an LDAP search whose results will make up the group or list.
H3: Dynamic List Configuration
This module can behave both as a dynamic list and dynamic group, depending on
the configuration. The syntax is as follows:
> overlay dynlist
> dynlist-attrset <group-oc> <URL-ad> [member-ad]
The parameters to the {{F:dynlist-attrset}} directive have the following meaning:
* {{F:<group-oc>}}: specifies which object class triggers the subsequent LDAP search.
Whenever an entry with this object class is retrieved, the search is performed.
* {{F:<URL-ad>}}: is the name of the attribute which holds the search URI. It
has to be a subtype of {{F:labeledURI}}. The attributes and values present in
the search result are added to the entry unless {{F:member-ad}} is used (see
below).
* {{F:member-ad}}: if present, changes the overlay behaviour into a dynamic group.
Instead of inserting the results of the search in the entry, the distinguished name
of the results are added as values of this attribute.
Here is an example which will allow us to have an email alias which automatically
expands to all user's emails according to our LDAP filter:
In {{slapd.conf}}(5):
> overlay dynlist
> dynlist-attrset nisMailAlias labeledURI
This means that whenever an entry which has the {{F:nisMailAlias}} object class is
retrieved, the search specified in the {{F:labeledURI}} attribute is performed.
Let's say we have this entry in our directory:
> cn=all,ou=aliases,dc=example,dc=com
> cn: all
> objectClass: nisMailAlias
> labeledURI: ldap:///ou=People,dc=example,dc=com?mail?one?(objectClass=inetOrgPerson)
If this entry is retrieved, the search specified in {{F:labeledURI}} will be
performed and the results will be added to the entry just as if they have always
been there. In this case, the search filter selects all entries directly
under {{F:ou=People}} that have the {{F:inetOrgPerson}} object class and retrieves
the {{F:mail}} attribute, if it exists.
This is what gets added to the entry when we have two users under {{F:ou=People}}
that match the filter:
!import "allmail-en.png"; align="center"; title="Dynamic list for email aliases"
FT[align="Center"] Figure X.Y: Dynamic List for all emails
The configuration for a dynamic group is similar. Let's see an example which would
automatically populate an {{F:allusers}} group with all the user accounts in the
directory.
In {{F:slapd.conf}}(5):
> overlay dynlist
> dynlist-attrset groupOfNames labeledURI member
Let's apply it to the following entry:
> cn=allusers,ou=group,dc=example,dc=com
> cn: all
> objectClass: groupOfNames
> labeledURI: ldap:///ou=people,dc=example,dc=com??one?(objectClass=inetOrgPerson)
The behaviour is similar to the dynamic list configuration we had before:
whenever an entry with the {{F:groupOfNames}} object class is retrieved, the
search specified in the {{F:labeledURI}} attribute is performed. But this time,
only the distinguished names of the results are added, and as values of the
{{F:member}} attribute.
This is what we get:
!import "allusersgroup-en.png"; align="center"; title="Dynamic group for all users"
FT[align="Center"] Figure X.Y: Dynamic Group for all users
Note that a side effect of this scheme of dymamic groups is that the members
need to be specified as full DNs. So, if you are planning in using this for
{{F:posixGroup}}s, be sure to use RFC2307bis and some attribute which can hold
distinguished names. The {{F:memberUid}} attribute used in the {{F:posixGroup}}
object class can hold only names, not DNs, and is therefore not suitable for
dynamic groups.
H2: Reverse Group Membership Maintenance
......@@ -458,13 +533,70 @@ H2: Referential Integrity
H3: Overview
This overlay can be used with a backend database such as slapd-bdb (5)
This overlay can be used with a backend database such as slapd-bdb(5)
to maintain the cohesiveness of a schema which utilizes reference
attributes.
Whenever a {{modrdn}} or {{delete}} is performed, that is, when an entry's DN
is renamed or an entry is removed, the server will search the directory for
references to this DN (in selected attributes: see below) and update them
accordingly. If it was a {{delete}} operation, the reference is deleted. If it
was a {{modrdn}} operation, then the reference is updated with the new DN.
For example, a very common administration task is to maintain group membership
lists, specially when users are removed from the directory. When an
user account is deleted or renamed, all groups this user is a member of have to be
updated. LDAP administrators usually have scripts for that. But we can use the
{{F:refint}} overlay to automate this task. In this example, if the user is
removed from the directory, the overlay will take care to remove the user from
all the groups he/she was a member of. No more scripting for this.
H3: Referential Integrity Configuration
The configuration for this overlay is as follows:
> overlay refint
> refint_attributes <attribute [attribute ...]>
> refint_nothing <string>
* {{F:refint_attributes}}: this parameter specifies a space separated list of
attributes which will have the referential integrity maintained. When an entry is
removed or has its DN renamed, the server will do an internal search for any of the
{{F:refint_attributes}} that point to the affected DN and update them accordingly. IMPORTANT:
the attributes listed here must have the {{F:distinguishedName}} syntax, that is,
hold DNs as values.
* {{F:refint_nothing}}: some times, while trying to maintain the referential
integrity, the server has to remove the last attribute of its kind from an
entry. This may be prohibited by the schema: for example, the
{{F:groupOfNames}} object class requires at least one member. In these cases,
the server will add the attribute value specified in {{F:refint_nothing}}
to the entry.
To illustrate this overlay, we will use the group membership scenario.
In {{F:slapd.conf}}:
> overlay refint
> refint_attributes member
> refint_nothing "cn=admin,dc=example,dc=com"
This configuration tells the overlay to maintain the referential integrity of the {{F:member}}
attribute. This attribute is used in the {{F:groupOfNames}} object class which always needs
a member, so we add the {{F:refint_nothing}} directive to fill in the group with a standard
member should all the members vanish.
If we have the following group membership, the refint overlay will
automatically remove {{F:john}} from the group if his entry is removed from the
directory:
!import "refint.png"; align="center"; title="Group membership"
FT[align="Center"] Figure X.Y: Maintaining referential integrity in groups
Notice that if we rename ({{F:modrdn}}) the {{F:john}} entry to, say, {{F:jsmith}}, the refint
overlay will also rename the reference in the {{F:member}} attribute, so the group membership
stays correct.
If we removed all users from the directory who are a member of this group, then the end result
would be a single member in the group: {{F:cn=admin,dc=example,dc=com}}. This is the
{{F:refint_nothing}} parameter kicking into action so that the schema is not violated.
H2: Return Code
......
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://web.resource.org/cc/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="487.42709"
height="139.10474"
id="svg2"
sodipodi:version="0.32"
inkscape:version="0.45.1"
version="1.0"
sodipodi:docbase="/home/andreas/palestra"
sodipodi:docname="allmail-en.svg"
inkscape:output_extension="org.inkscape.output.svg.inkscape"
inkscape:export-filename="/home/andreas/palestra/ppolicy.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2">
<defs
id="defs4">
<marker
inkscape:stockid="Arrow1Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lend"
style="overflow:visible">
<path
id="path3186"
d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
transform="matrix(-0.8,0,0,-0.8,-10,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Lstart"
orient="auto"
refY="0"
refX="0"
id="Arrow1Lstart"
style="overflow:visible">
<path
id="path3183"
d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
transform="matrix(0.8,0,0,0.8,10,0)" />
</marker>
<marker
inkscape:stockid="Arrow1Send"
orient="auto"
refY="0"
refX="0"
id="Arrow1Send"
style="overflow:visible">
<path
id="path3198"
d="M 0,0 L 5,-5 L -12.5,0 L 5,5 L 0,0 z "
style="fill-rule:evenodd;stroke:#000000;stroke-width:1pt;marker-start:none"
transform="matrix(-0.2,0,0,-0.2,-1.2,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lstart"
orient="auto"
refY="0"
refX="0"
id="Arrow2Lstart"
style="overflow:visible">
<path
id="path3201"
style="font-size:12px;fill-rule:evenodd;stroke-width:0.625;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.97309,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="matrix(1.1,0,0,1.1,1.1,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow2Lend"
style="overflow:visible">
<path
id="path8347"
style="font-size:12px;fill-rule:evenodd;stroke-width:0.625;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.97309,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="matrix(-1.1,0,0,-1.1,-1.1,0)" />
</marker>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="2.351189"
inkscape:cx="115.68184"
inkscape:cy="40.808267"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="true"
showguides="false"
inkscape:window-width="1272"
inkscape:window-height="724"
inkscape:window-x="0"
inkscape:window-y="24" />
<metadata
id="metadata7">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Camada 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(-29.405584,-34.695505)">
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
x="116.88309"
y="48.033184"
id="text2170"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2"><tspan
sodipodi:role="line"
id="tspan2172"
x="116.88309"
y="48.033184">DN: cn=all,ou=aliases,dc=example,dc=com</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="63.033184"
id="tspan2174">cn: all</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="78.033184"
id="tspan5373">objectClass: <tspan
style="font-weight:bold"
id="tspan5377">nisMailAlias</tspan></tspan><tspan
sodipodi:role="line"
x="116.88309"
y="92.036435"
id="tspan3404"
style="font-size:11px;font-weight:bold">labeledURI: <tspan
style="font-weight:normal"
id="tspan5513">ldap:///ou=People,dc=example,dc=com?mail?</tspan></tspan><tspan
sodipodi:role="line"
x="116.88309"
y="105.78643"
id="tspan3413"
style="font-size:11px;font-weight:normal"> one?(objectClass=inetOrgPerson)</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="120.53318"
id="tspan2180">mail: john@example.com</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="135.53318"
id="tspan3411">mail: mary@example.com</tspan></text>
<rect
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.15456796px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
id="rect7321"
width="403.52588"
height="106.68739"
x="112.72952"
y="35.272789"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2" />
<rect
style="opacity:0.28915663;fill:#aa9ab2;fill-opacity:1;stroke:none;stroke-width:0.69669151;stroke-opacity:1"
id="rect7323"
width="168.38275"
height="31.950695"
x="113.71371"
y="107.91574"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2" />
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
x="28.755194"
y="104.6917"
id="text4394"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2"><tspan
sodipodi:role="line"
x="28.755194"
y="104.6917"
id="tspan5371">search</tspan><tspan
sodipodi:role="line"
x="28.755194"
y="119.6917"
id="tspan2187">results</tspan></text>
<path
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;marker-end:url(#Arrow2Lend);stroke-opacity:1"
d="M 108.91035,92.832512 C 59.12768,98.112492 59.881964,116.96956 108.15606,124.51239"
id="path4400"
sodipodi:nodetypes="cc"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2" />
<path
style="opacity:1;fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;marker-start:url(#Arrow1Lstart);marker-end:url(#Arrow1Lend);stroke-miterlimit:4;stroke-dasharray:1, 1;stroke-dashoffset:0;stroke-opacity:1"
d="M 417.4481,61.482433 C 381.50911,141.44198 176.87108,164.40908 132.69882,105.71538"
id="path5515"
transform="translate(11.556417,34.695505)"
sodipodi:nodetypes="cc" />
<rect
inkscape:export-ydpi="136.2"
inkscape:export-xdpi="136.2"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
y="81.541206"
x="417.55688"
height="12.386127"
width="24.625708"
id="rect6492"
style="opacity:0.28915663;fill:#aa9ab2;fill-opacity:1;stroke:none;stroke-width:0.69669151;stroke-opacity:1" />
</g>
</svg>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://web.resource.org/cc/"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
width="419.4133"
height="107.84196"
id="svg2"
sodipodi:version="0.32"
inkscape:version="0.45.1"
version="1.0"
sodipodi:docbase="/home/andreas/palestra"
sodipodi:docname="allusersgroup-en.svg"
inkscape:output_extension="org.inkscape.output.svg.inkscape"
inkscape:export-filename="/home/andreas/palestra/ppolicy.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2">
<defs
id="defs4">
<marker
inkscape:stockid="Arrow2Lstart"
orient="auto"
refY="0"
refX="0"
id="Arrow2Lstart"
style="overflow:visible">
<path
id="path3201"
style="font-size:12px;fill-rule:evenodd;stroke-width:0.625;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.97309,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="matrix(1.1,0,0,1.1,1.1,0)" />
</marker>
<marker
inkscape:stockid="Arrow2Lend"
orient="auto"
refY="0"
refX="0"
id="Arrow2Lend"
style="overflow:visible">
<path
id="path8347"
style="font-size:12px;fill-rule:evenodd;stroke-width:0.625;stroke-linejoin:round"
d="M 8.7185878,4.0337352 L -2.2072895,0.016013256 L 8.7185884,-4.0017078 C 6.97309,-1.6296469 6.9831476,1.6157441 8.7185878,4.0337352 z "
transform="matrix(-1.1,0,0,-1.1,-1.1,0)" />
</marker>
</defs>
<sodipodi:namedview
id="base"
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1.0"
inkscape:pageopacity="0.0"
inkscape:pageshadow="2"
inkscape:zoom="2.3724279"
inkscape:cx="216.23418"
inkscape:cy="53.920976"
inkscape:document-units="px"
inkscape:current-layer="layer1"
showgrid="true"
showguides="true"
inkscape:window-width="1280"
inkscape:window-height="953"
inkscape:window-x="0"
inkscape:window-y="24"
inkscape:guide-bbox="true" />
<metadata
id="metadata7">
<rdf:RDF>
<cc:Work
rdf:about="">
<dc:format>image/svg+xml</dc:format>
<dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
</cc:Work>
</rdf:RDF>
</metadata>
<g
inkscape:label="Camada 1"
inkscape:groupmode="layer"
id="layer1"
transform="translate(-29.134918,-34.695504)">
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
x="116.88309"
y="48.033184"
id="text2170"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2"><tspan
sodipodi:role="line"
id="tspan2172"
x="116.88309"
y="48.033184">DN: cn=allusers,ou=group,dc=example,dc=com</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="63.033184"
id="tspan2174">cn: all</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="78.033184"
id="tspan5379">objectClass: <tspan
style="font-weight:bold"
id="tspan5396">groupOfNames</tspan></tspan><tspan
sodipodi:role="line"
x="116.88309"
y="92.036435"
id="tspan3413"
style="font-size:11px;font-weight:bold">labeledURI<tspan
style="font-weight:normal"
id="tspan5410">: ldap:///ou=People,dc=example,dc=com??</tspan></tspan><tspan
sodipodi:role="line"
x="116.88309"
y="105.78643"
style="font-size:11px;font-weight:normal"
id="tspan5386"> one?(objectClass=inetOrgPerson)</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="120.53318"
id="tspan2180"><tspan
style="font-weight:bold"
id="tspan5400">member</tspan>: uid=john,ou=people,dc=example,dc=com</tspan><tspan
sodipodi:role="line"
x="116.88309"
y="135.53318"
id="tspan3411"><tspan
style="font-weight:bold"
id="tspan5404">member</tspan>: uid=mary,ou=people,dc=example,dc=com</tspan></text>
<rect
style="fill:none;fill-rule:evenodd;stroke:#000000;stroke-width:1.05301607px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
id="rect7321"
width="335.34296"
height="106.78895"
x="112.67875"
y="35.222012"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2" />
<rect
style="opacity:0.28915663;fill:#aa9ab2;fill-opacity:1;stroke:none;stroke-width:0.69669151;stroke-opacity:1"
id="rect7323"
width="329.5397"
height="29.000132"
x="114.97823"
y="110.02328"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2" />
<text
xml:space="preserve"
style="font-size:12px;font-style:normal;font-weight:normal;fill:#000000;fill-opacity:1;stroke:none;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;font-family:Bitstream Vera Sans"
x="28.484528"
y="99.799805"
id="text4394"
inkscape:export-filename="/home/andreas/palestra/allmail.png"
inkscape:export-xdpi="136.2"
inkscape:export-ydpi="136.2"><tspan
sodipodi:role="line"
x="28.484528"
y="99.799805"
id="tspan5390">DNs of</tspan><tspan