directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Directory Server v1.5 > 1.4.1 Configuration of ApacheDS with Spring
Date Wed, 28 Oct 2009 16:02:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1519/1/1/_/styles/combined.css?spaceKey=DIRxSRVx11&amp;forWysiwyg=true" type="text/css">
    </head>
<body style="background-color: white" bgcolor="white">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
     <h2><a href="http://cwiki.apache.org/confluence/display/DIRxSRVx11/1.4.1+Configuration+of+ApacheDS+with+Spring">1.4.1 Configuration of ApacheDS with Spring</a></h2>
     <h4>Page <b>edited</b> by             <a href="http://cwiki.apache.org/confluence/display/~seelmann">Stefan Seelmann</a>
    </h4>
     
          <br/>
     <div class="notificationGreySide">
         <style type='text/css'>/*<![CDATA[*/
table.ScrollbarTable  {border: none;padding: 3px;width: 100%;padding: 3px;margin: 0px;background-color: #f0f0f0}
table.ScrollbarTable td.ScrollbarPrevIcon {text-align: center;width: 16px;border: none;}
table.ScrollbarTable td.ScrollbarPrevName {text-align: left;border: none;}
table.ScrollbarTable td.ScrollbarParent {text-align: center;border: none;}
table.ScrollbarTable td.ScrollbarNextName {text-align: right;border: none;}
table.ScrollbarTable td.ScrollbarNextIcon {text-align: center;width: 16px;border: none;}

/*]]>*/</style><div class="Scrollbar"><table class='ScrollbarTable'><tr><td width='33%' class='ScrollbarPrevName'>&nbsp;</td><td width='33%' class='ScrollbarParent'><sup><a href="/confluence/display/DIRxSRVx11/1.4.+Basic+configuration+tasks"><img border='0' align='middle' src='/confluence/images/icons/up_16.gif' width='8' height='8'></a></sup><a href="/confluence/display/DIRxSRVx11/1.4.+Basic+configuration+tasks">1.4. Basic configuration tasks</a></td><td width='33%' class='ScrollbarNextName'>&nbsp;<a href="/confluence/display/DIRxSRVx11/1.4.2+Changing+the+server+port+for+LDAP">1.4.2 Changing the server port for LDAP</a></td><td class='ScrollbarNextIcon'><a href="/confluence/display/DIRxSRVx11/1.4.2+Changing+the+server+port+for+LDAP"><img border='0' align='middle' src='/confluence/images/icons/forwd_16.gif' width='16' height='16'></a></td></tr></table></div>

<h1><a name="1.4.1ConfigurationofApacheDSwithSpring-ConfigurationofApacheDSwithSpring"></a>Configuration of ApacheDS with Spring</h1>

<p>This section describes the overall structure of the server configuration, which uses Spring.</p>
<div>
<ul>
    <li><a href='#1.4.1ConfigurationofApacheDSwithSpring-ApacheDSandSpring'>ApacheDS and Spring</a></li>
    <li><a href='#1.4.1ConfigurationofApacheDSwithSpring-UsingApacheDirectoryStudioforconfiguration'>Using Apache Directory Studio for configuration</a></li>
    <li><a href='#1.4.1ConfigurationofApacheDSwithSpring-ApacheDSconfigurableparameters'>ApacheDS configurable parameters</a></li>
    <li><a href='#1.4.1ConfigurationofApacheDSwithSpring-Resources'>Resources</a></li>
</ul></div>

<h2><a name="1.4.1ConfigurationofApacheDSwithSpring-ApacheDSandSpring"></a>ApacheDS and Spring</h2>

<p>There are several options to configure ApacheDS. For instance you can practically do everything programmatically if you embed the server in a Java component.</p>

<p>For this guide we assume a standard installation of ApacheDS run standalone, and the default mechanism to configure this deployment option is (in almost all cases) changing the file <em>server.xml</em>, which is located in the <em>conf</em> directory of your ApacheDS instance. The file is composed of bean definitions, because configuration in ApacheDS 1.5 is done with the help of the <a href="http://www.springframework.org" title="www.springframework.org" rel="nofollow">Spring Framework</a>.</p>

<p><img src="/confluence/download/attachments/55545/spring.gif" align="absmiddle" border="0" /></p>

<p>Despite the fact that the default <em>server.xml</em> shipped with the product is somewhat long, a quick look with the help of the <a href="http://springide.org/" title="springide.org" rel="nofollow">Spring IDE</a> displays that the structure is rather simple:</p>

<p><img src="/confluence/download/attachments/55545/serverXml_springGraph.png" align="absmiddle" border="0" /></p>

<p>Most configuration tasks can be accomplished by modifying the properties of existing bean definitions, or (e.g. for a new partition) by adding new beans of certain types and wiring them to the configuration.</p>

<p>Note that the picture above does not show all properties available in the configuration. Only those are visible for which the default <em>server.xml</em> contains a value. There are more, and in case of absence the default value is chosen. Feel free to browse the file to get an impression about further options &#8211; several other features controlled by properties are commented out.</p>

<h2><a name="1.4.1ConfigurationofApacheDSwithSpring-UsingApacheDirectoryStudioforconfiguration"></a>Using Apache Directory Studio for configuration</h2>

<p><a href="http://directory.apache.org/studio/" title="Apache Directory Studio" rel="nofollow">Apache Directory Studio</a> supports creation and manipulations of these configurations files. Apache Directory Studio 1.5.0 supports the configuration file format of Apache DS 1.5.5.</p>

<h2><a name="1.4.1ConfigurationofApacheDSwithSpring-ApacheDSconfigurableparameters"></a>ApacheDS configurable parameters</h2>

<p>Apache Directory Server has many different configuration parameters. This page summarize all the possible parameters, and what are the default values for all of them.</p>

<p>The global structure is given here :</p>

<ul>
	<li><span class="error">&#91;apacheDS|&#93;</span>
	<ul>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration">defaultDirectoryService</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-LdapService">ldapService</a></li>
	</ul>
	</li>
</ul>


<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-LdapService">ldapService</a>
	<ul>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration">defaultDirectoryService</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-ExtendedOperationHandlersconfiguration">extendedOperationHandlers</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-SASLMechanismhandlers">saslMechanismHandlers</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-SaslQoPconfiguration">saslQop</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-SaslRealmsconfiguration">saslRealms</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">tcpTransport</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">udpTransport</a></li>
	</ul>
	</li>
</ul>


<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration">defaultDirectoryService</a>
	<ul>
		<li><span class="error">&#91;defaultChangeLog|&#93;</span></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptors">interceptors</a>
		<ul>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">AciAuthorizationInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-AuthenticationInterceptor">AuthenticationInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">ChangeLogInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">CollectiveAttributeInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">DefaultAuthorizationInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">EventInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">ExceptionInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">KeyDerivationInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">NormalizationInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">OperationalAttributeInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">PasswordPolicyInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">ReferralInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-ReplicationInterceptor">ReplicationInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">SchemaInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">SubentryInterceptor</a></li>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters">TriggerInterceptor</a></li>
		</ul>
		</li>
		<li><span class="error">&#91;partitions|&#93;</span>
		<ul>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-JdbmPartition">jdbmPartition</a>
			<ul>
				<li><span class="error">&#91;indexedAttributes|&#93;</span>
				<ul>
					<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-JdbmIndex">jdbmIndex</a></li>
				</ul>
				</li>
			</ul>
			</li>
		</ul>
		</li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-JdbmPartition">systemPartition</a>
		<ul>
			<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-JdbmPartition">jdbmPartition</a>
			<ul>
				<li><span class="error">&#91;indexedAttributes|&#93;</span>
				<ul>
					<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-JdbmIndex">jdbmIndex</a></li>
				</ul>
				</li>
			</ul>
			</li>
		</ul>
		</li>
		<li><span class="error">&#91;testEntries|&#93;</span></li>
	</ul>
	</li>
</ul>


<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-ChangePasswordServer">changePasswordServer</a>
	<ul>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration">defaultDirectoryService</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">tcpTransport</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">udpTransport</a></li>
	</ul>
	</li>
</ul>


<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DnsServer">dnsServer</a>
	<ul>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration">defaultDirectoryService</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">tcpTransport</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">udpTransport</a></li>
	</ul>
	</li>
</ul>


<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-KdcServer">kdcServer</a>
	<ul>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration">defaultDirectoryService</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">tcpTransport</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">udpTransport</a></li>
	</ul>
	</li>
</ul>


<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-NtpServer">ntpServer</a>
	<ul>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">tcpTransport</a></li>
		<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-Protocols">udpTransport</a></li>
	</ul>
	</li>
</ul>


<h3><a name="1.4.1ConfigurationofApacheDSwithSpring-Interceptors"></a>Interceptors</h3>

<p>We have currently 16 possible interceptors we can use in the server. It's important to understand that some of them are mandatory, and other can be activated or disabled. The interceptors order is also very important : most of them can't be moved up or down, without severely impact the server behaviour.</p>

<p>Here is the list of the mandatory interceptors, and the order in which they should appears in the configuration file :</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Interceptor </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Order </th>
</tr>
<tr>
<td class='confluenceTd'> AciAuthorizationInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 4 </td>
</tr>
<tr>
<td class='confluenceTd'> AuthenticationInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 2 </td>
</tr>
<tr>
<td class='confluenceTd'> ChangeLogInterceptor </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 7 </td>
</tr>
<tr>
<td class='confluenceTd'> CollectiveAttributeInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 13 </td>
</tr>
<tr>
<td class='confluenceTd'> DefaultAuthorizationInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 5 </td>
</tr>
<tr>
<td class='confluenceTd'> EventInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 14 </td>
</tr>
<tr>
<td class='confluenceTd'> ExceptionInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 6 </td>
</tr>
<tr>
<td class='confluenceTd'> KeyDerivationInterceptor </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 10 </td>
</tr>
<tr>
<td class='confluenceTd'> NormalizationInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 1 </td>
</tr>
<tr>
<td class='confluenceTd'> OperationalAttributeInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 8 </td>
</tr>
<tr>
<td class='confluenceTd'> PasswordPolicyInterceptor </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 9 </td>
</tr>
<tr>
<td class='confluenceTd'> ReferralInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 3 </td>
</tr>
<tr>
<td class='confluenceTd'> ReplicationInterceptor </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 16 </td>
</tr>
<tr>
<td class='confluenceTd'> SchemaInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 11 </td>
</tr>
<tr>
<td class='confluenceTd'> SubentryInterceptor </td>
<td class='confluenceTd'> Yes </td>
<td class='confluenceTd'> 12 </td>
</tr>
<tr>
<td class='confluenceTd'> TriggerInterceptor </td>
<td class='confluenceTd'> No </td>
<td class='confluenceTd'> 15 </td>
</tr>
</tbody></table>
<p>The following table represents the same interceptor in the order they must appear :</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Interceptor </th>
<th class='confluenceTh'> Mandatory </th>
</tr>
<tr>
<td class='confluenceTd'> NormalizationInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> AuthenticationInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> ReferralInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> AciAuthorizationInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> DefaultAuthorizationInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> ExceptionInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> ChangeLogInterceptor </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> OperationalAttributeInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> PasswordPolicyInterceptor </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> KeyDerivationInterceptor </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> SchemaInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> SubentryInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> CollectiveAttributeInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> EventInterceptor </td>
<td class='confluenceTd'> Yes </td>
</tr>
<tr>
<td class='confluenceTd'> TriggerInterceptor </td>
<td class='confluenceTd'> No </td>
</tr>
<tr>
<td class='confluenceTd'> ReplicationInterceptor </td>
<td class='confluenceTd'> No </td>
</tr>
</tbody></table>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-Interceptorwithoutanyparameters"></a>Interceptor without any parameters</h4>

<p>Most of all the interceptors don't take any paramter. The only possible configuration is to enable or disable them, simply by adding or removing them from the list of interceptors. Here is the list of those interceptors :</p>
<ul>
	<li>AciAuthorizationInterceptor</li>
	<li>AuthenticationInterceptor</li>
	<li>ChangeLogInterceptor</li>
	<li>CollectiveAttributeInterceptor</li>
	<li>DefaultAuthorizationInterceptor</li>
	<li>EventInterceptor</li>
	<li>ExceptionInterceptor</li>
	<li>KeyDerivationInterceptor</li>
	<li>NormalizationInterceptor</li>
	<li>OperationalAttributeInterceptor</li>
	<li>PasswordPolicyInterceptor</li>
	<li>ReferralInterceptor</li>
	<li>SchemaInterceptor</li>
	<li>SubentryInterceptor</li>
	<li>TriggerInterceptor</li>
</ul>


<p>Here is an example of configuration where the <b>aciAuthorizationInterceptor</b> is enabled :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;defaultDirectoryService ...
    ...
    &lt;interceptors&gt;
      ...
      &lt;aciAuthorizationInterceptor/&gt;
      ...
</pre>
</div></div>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-AuthenticationInterceptor%3A"></a>AuthenticationInterceptor :</h4>

<p> Set&lt;Authenticator&gt; : The list of supported <b>Authenticators</b>. Currently, we have <b>Anonymous</b>, <b>Simple</b> and <b>Strong</b> authenticators. We can just list the associated beans in the server.xml file. Here is a sample of such a configuration :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;defaultDirectoryService ...
    ...
    &lt;interceptors&gt;
      ...
      &lt;authenticationInterceptor&gt;
        &lt;s:property name=<span class="code-quote">"authenticators"</span>&gt;
          &lt;s:set&gt;
            &lt;!-- Define a <span class="code-keyword">new</span> Simple authenticator with a cache of 50 elements --&gt;
            &lt;s:bean id=<span class="code-quote">"simpleAuthenticator"</span>
                    class=<span class="code-quote">"org.apache.directory.server.core.authn.SimpleAuthenticator"</span>&gt;
              &lt;s:constructor-arg value=<span class="code-quote">"50"</span>/&gt;
            &lt;/s:bean&gt;

            &lt;!-- Define a Strong authenticator --&gt;
            &lt;s:bean id=<span class="code-quote">"strongAuthenticator"</span>
                    class=<span class="code-quote">"org.apache.directory.server.core.authn.StrongAuthenticator"</span>/&gt;
          &lt;/s:set&gt;
        &lt;/s:property&gt;
      &lt;/authenticationInterceptor&gt;
      ...
</pre>
</div></div>
<p>The possible values are : <b>AnonymousAuthenticator</b>, <b>SimpleAuthenticator</b> and <b>StrongAuthenticator</b>, out of which the <b>SimpleAuthenticator</b> has a possible parameter, the <b>cache size</b> (an integer value)</p>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-ReplicationInterceptor"></a>ReplicationInterceptor</h4>

<p> This interceptor manage the replication. It has many parameters, most of them being defined in a specific clas : ReplicationConfiguration. Let's describe those parameters.</p>

<p> Each instance has a name, which allows multiple instances of the server to be present on the same machine, but with possible replication between them.</p>

<p> First, let see an example :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;defaultDirectoryService ...
    ...
    &lt;replicationInterceptor&gt;
      &lt;configuration&gt;
        &lt;replicationConfiguration logMaxAge=<span class="code-quote">"5"</span>
                                  replicaId=<span class="code-quote">"instance_a"</span>
                                  replicationInterval=<span class="code-quote">"2"</span>
                                  responseTimeout=<span class="code-quote">"10"</span>
                                  serverPort=<span class="code-quote">"10390"</span>&gt;
          &lt;s:property name=<span class="code-quote">"peerReplicas"</span>&gt;
            &lt;s:set&gt;
              &lt;s:value&gt;instance_b@localhost:1234&lt;/s:value&gt;
              &lt;s:value&gt;instance_c@localhost:1234&lt;/s:value&gt;
            &lt;/s:set&gt;
          &lt;/s:property&gt;
        &lt;/replicationConfiguration&gt;
      &lt;/configuration&gt;
    &lt;/replicationInterceptor&gt;
    ...
</pre>
</div></div>
<p>Here, we have set 2 replicas (instance B and C), the current instance is listening on port 10390, and we have modified the default values for <b>logMaxAge</b>, <b>replicationInterval</b> and <b>responseTimeout</b>.</p>

<p> The ReplicationConfiguration bean contains those parameters :</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Name </th>
<th class='confluenceTh'> Type </th>
<th class='confluenceTh'> Default value </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> logMaxAge </td>
<td class='confluenceTd'> int </td>
<td class='confluenceTd'> 7 </td>
<td class='confluenceTd'> Maximum days of change logs stored </td>
</tr>
<tr>
<td class='confluenceTd'> replicaId </td>
<td class='confluenceTd'> String </td>
<td class='confluenceTd'> none </td>
<td class='confluenceTd'> ID of the replica </td>
</tr>
<tr>
<td class='confluenceTd'> replicationInterval </td>
<td class='confluenceTd'> int </td>
<td class='confluenceTd'> 5 </td>
<td class='confluenceTd'> Replication data exchange interval (seconds) between two replicas </td>
</tr>
<tr>
<td class='confluenceTd'> responseTimeout </td>
<td class='confluenceTd'> int </td>
<td class='confluenceTd'> 60 </td>
<td class='confluenceTd'> response timeout value (seconds) for each sent message <br clear="all" />
 during the communication between replicas. </td>
</tr>
<tr>
<td class='confluenceTd'> serverPort </td>
<td class='confluenceTd'> int </td>
<td class='confluenceTd'> 7846 </td>
<td class='confluenceTd'> TCP/IP port number that the interceptor listens to </td>
</tr>
<tr>
<td class='confluenceTd'> <b>peerReplicas</b> </td>
<td class='confluenceTd'> Set&lt;String&gt; </td>
<td class='confluenceTd'> none </td>
<td class='confluenceTd'> The remote peer replica list </td>
</tr>
</tbody></table>
<p>The peerReplicas parameter is a composite one.</p>

<p>This is the list of remote replicas. Each replica is defined by a name, a host address and a port. The syntax must be :<br/>
&lt;replicaid&gt;@&lt;host&gt;:&lt;port&gt;, like ServerAAA@10.1.2.7:1234.</p>

<h3><a name="1.4.1ConfigurationofApacheDSwithSpring-Partition"></a>Partition</h3>

<p>The ADS server can support more than one kind of Partition, but the default is to use JDBM. Here is the associated configuration for this underlying partition.</p>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-JdbmPartition"></a>JdbmPartition</h4>

<p>The main class managing the backend where entries are stored and indexed.</p>

<p>Six kind of parameters can be configured. Here is a table presenting each of them. Only one is a composite parameter, the <b>JdbmIndex</b> list, which is the list of indexes we can set for this partition</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> id </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The Partition identification. </td>
</tr>
<tr>
<td class='confluenceTd'> suffix </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The DN for this partition. </td>
</tr>
<tr>
<td class='confluenceTd'> cacheSize </td>
<td class='confluenceTd'> 10000 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The number of cached objects </td>
</tr>
<tr>
<td class='confluenceTd'> optimizerEnabled </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Tells if the optimizer is on. Unless having some <br clear="all" />
 serious reasons to switch it off, don't &#33; </td>
</tr>
<tr>
<td class='confluenceTd'> syncOnWrite </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Flush data on disk for every written entry. </td>
</tr>
<tr>
<td class='confluenceTd'> <b>indexedAttributes</b> </td>
<td class='confluenceTd'> None </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Gives the list of indexed attributes. (see below) </td>
</tr>
</tbody></table>
<p>Here is an example of a partition configuration</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
...
  &lt;jdbmPartition id=<span class="code-quote">"example"</span>
                 suffix=<span class="code-quote">"dc=example,dc=com"</span>
                 cacheSize=<span class="code-quote">"100"</span>
                 optimizerEnabled=<span class="code-quote">"<span class="code-keyword">true</span>"</span>
                 syncOnWrite=<span class="code-quote">"<span class="code-keyword">true</span>"</span>&gt;
    &lt;indexedAttributes&gt;
      ...
    &lt;/indexedAttributes&gt;
  &lt;/jdbmPartition&gt;
  ...
</pre>
</div></div>
<p>We have created the <b>example</b> partition, described by the "dc=example,dc=com" DN, with a cache of 100 objects.</p>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-JdbmIndex"></a>JdbmIndex</h4>

<p>Each JdbmIndex represent an index set on a specific attributeType. Using index is vital in LDAP if one want to get some performance boost. As a LDAP server is mainly used for reads, index all the AttributeType you will use to retrieve entries from the base.</p>

<p>Here are the parameters you can configure on an index</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> attributeId </td>
<td class='confluenceTd'> NA </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The attributeType to index (see below, [1]) </td>
</tr>
<tr>
<td class='confluenceTd'> cacheSize </td>
<td class='confluenceTd'> 100 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The number of objects stored into the cache </td>
</tr>
<tr>
<td class='confluenceTd'> numDupLimit </td>
<td class='confluenceTd'> 512 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> WARNING : this is a technical parameter, do not <br clear="all" />
 change it without good reasons. This parameter tells the server to switch <br clear="all" />
 from a linear storage of duplicated elements to a B-tree backed storage <br clear="all" />
 (see below, [2]) </td>
</tr>
<tr>
<td class='confluenceTd'> wkDirPath </td>
<td class='confluenceTd'> NA </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> WARNING : this is a technical parameter, do not <br clear="all" />
 change it without good reasons. Sets the working directory path to something <br clear="all" />
 other than the default. Sometimes more performance is gained by locating <br clear="all" />
 indices on separate disk spindles. </td>
</tr>
</tbody></table>
<p>[1] Many indexes must be set on technical attributes. Right now, only OID are used for those technical attributeTypes. In a close future, we will remove them from the indexed attribute list, unless one wants to set another cache size for them<br/>
[2] In some case, an attribute value can point to many entries. For instance, the 'person' ObjectClass will point to potentially millions of entries if we manage millions of users. In this case, we don't store all the references to entries into a big hashmap, but instead we are using a secondary B-Tree to speed-up the search and modification. Usually, 512 elements stored into a page is a good guess.</p>

<p>Here is an example of indexed attribute configuration for a partition</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
...
  &lt;jdbmPartition id=<span class="code-quote">"example"</span>
                 suffix=<span class="code-quote">"dc=example,dc=com"</span>
                 cacheSize=<span class="code-quote">"100"</span>
                 optimizerEnabled=<span class="code-quote">"<span class="code-keyword">true</span>"</span>
                 syncOnWrite=<span class="code-quote">"<span class="code-keyword">true</span>"</span>&gt;
    &lt;indexedAttributes&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.1"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.2"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.3"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.4"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.5"</span> cacheSize=<span class="code-quote">"10"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.6"</span> cacheSize=<span class="code-quote">"10"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"1.3.6.1.4.1.18060.0.4.1.2.7"</span> cacheSize=<span class="code-quote">"10"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"ou"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"uid"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
      &lt;jdbmIndex attributeId=<span class="code-quote">"objectClass"</span> cacheSize=<span class="code-quote">"100"</span>/&gt;
    &lt;/indexedAttributes&gt;
  &lt;/jdbmPartition&gt;
  ...
</pre>
</div></div>
<p>We have define two indexes for the <b>ou</b> and <b>uid</b> attributeType, on top of the technical attributeTypes (all the OIDs), and the ObjectClass, obviously. The cache size is small (from 10 objects to 100 objects).</p>

<h3><a name="1.4.1ConfigurationofApacheDSwithSpring-Protocols"></a>Protocols</h3>

<p>All the supported protocols (except DHCP) are derived from the AbstractProtocolService, and all of those protocols but NTP inherit from the DirectoryBackedService.</p>

<p>It means that we have some common configuration shared by all the protocols. Here is the table of the AbstractProtocolService class shared parameters :</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> Enabled </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Tells if the service is enabled or not </td>
</tr>
<tr>
<td class='confluenceTd'> IpAddress </td>
<td class='confluenceTd'> localhost </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The server IP address we are listening on </td>
</tr>
<tr>
<td class='confluenceTd'> IpBackLog </td>
<td class='confluenceTd'> 50 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The back log for the UDP and TCP acceptors </td>
</tr>
<tr>
<td class='confluenceTd'> IpPort </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The port number the server is listening to, on UDP and TCP </td>
</tr>
<tr>
<td class='confluenceTd'> NbThreads </td>
<td class='confluenceTd'> 3 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The number of threads dedicated to processing the incoming requests </td>
</tr>
</tbody></table>
<p>In some case, we want a protocol to be accepting connection only on UDP or only on TCP, or on both but with a different port. In these cases, we are using the following parameters, in place of the three parameters <b>IpBackLog</b>, <b>IpPort</b>, <b>NbThreads</b> :</p>

<p><ins>TCP specific configuration :</ins></p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> TcpBackLog </td>
<td class='confluenceTd'> 50 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The back log for the TCP acceptor </td>
</tr>
<tr>
<td class='confluenceTd'> TcpPort </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The TCP port number the server is listening to </td>
</tr>
<tr>
<td class='confluenceTd'> NbTcpThreads </td>
<td class='confluenceTd'> 3 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The number of threads dedicated to processing the incoming requests on TCP </td>
</tr>
</tbody></table>
<p><ins>UDP specific configuration :</ins></p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> UdpBackLog </td>
<td class='confluenceTd'> 50 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The back log for the UDP acceptor </td>
</tr>
<tr>
<td class='confluenceTd'> UdpPort </td>
<td class='confluenceTd'> NA </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The UDP port number the server is listening to </td>
</tr>
<tr>
<td class='confluenceTd'> NbUdpThreads </td>
<td class='confluenceTd'> 3 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The number of threads dedicated to processing the incoming requests on UDP </td>
</tr>
</tbody></table>
<p>And here are the DirectoryBackedService shared parameters :</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> catalogBased </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Set to true if this service uses a catalog for searching different <br clear="all" />
 regions of the DIT for its data (used for kerberos, mainly). </td>
</tr>
<tr>
<td class='confluenceTd'> searchBaseDn </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The base DN we will search on when looking for an entry during <br clear="all" />
 an authentication (mainly used for kerberos) </td>
</tr>
</tbody></table>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td><p>Those two parameters are not frequently used. Just ignore them unless you are installing a kKerberos server. They might be moved to another place later.</p></td></tr></table></div>
<p>Each protocol have its own configuration. The following paragraphs will describe those configurations.</p>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-ChangePasswordServer"></a>ChangePasswordServer</h4>

<p>Some documentation is available <a href="http://directory.apache.org/apacheds/1.5/522-configuration-parameters-reference.html" rel="nofollow">here</a></p>
<div class='panelMacro'><table class='noteMacro'><colgroup><col width='24'><col></colgroup><tr><td valign='top'><img src="/confluence/images/icons/emoticons/warning.gif" width="16" height="16" align="absmiddle" alt="" border="0"></td><td><p>This service is <em>not</em> fully documented atm. A complete review must be done before considering this service usable.</p></td></tr></table></div>
<p>The ChangePassword server has the following parameters :</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> allowableClockSkew </td>
<td class='confluenceTd'> 5 minutes </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The allowable clock skew. </td>
</tr>
<tr>
<td class='confluenceTd'> emptyAddressesAllowed </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Whether tickets issued with empty Host Addresses are allowed. </td>
</tr>
<tr>
<td class='confluenceTd'> <b>encryptionTypes</b> </td>
<td class='confluenceTd'> des-cbc-md5 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A list of possible encryption types. See [1] for the possible values </td>
</tr>
<tr>
<td class='confluenceTd'> policyCategoryCount </td>
<td class='confluenceTd'> 3 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The policy for number of character categories required (A - Z), (a - z), (0 - 9),<br clear="all" />
 non-alphanumeric (&#33;, $, #, %, ... ). </td>
</tr>
<tr>
<td class='confluenceTd'> policyPasswordLength </td>
<td class='confluenceTd'> 6 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The policy for minimum password length. </td>
</tr>
<tr>
<td class='confluenceTd'> policyTokenSize </td>
<td class='confluenceTd'> 3 </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The policy for minimum token size. Passwords must not contain tokens smaller <br clear="all" />
 than 'policyTokenSize' that occur in the user's principal name </td>
</tr>
<tr>
<td class='confluenceTd'> primaryRealm </td>
<td class='confluenceTd'> EXAMPLE.COM </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The primary realm. </td>
</tr>
<tr>
<td class='confluenceTd'> servicePrincipal </td>
<td class='confluenceTd'> kadmin/changepw@EXAMPLE.COM </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The service principal name. </td>
</tr>
</tbody></table>
<p>[1] Encryption types values</p>
<ul>
	<li>des-cbc-crc</li>
	<li>des-cbc-md4</li>
	<li>des-cbc-md5</li>
	<li>des3-cbc-md5</li>
	<li>des3-cbc-sha1</li>
	<li>dsaWithSHA1-CmsOID</li>
	<li>md5WithRSAEncryption-CmsOID</li>
	<li>sha1WithRSAEncryption-CmsOID</li>
	<li>rc2CBC-EnvOID</li>
	<li>rsaEncryption-EnvOID</li>
	<li>rsaES-OAEP-ENV-OID</li>
	<li>des-ede3-cbc-Env-OID</li>
	<li>des3-cbc-sha1-kd</li>
	<li>aes128-cts-hmac-sha1-96</li>
	<li>aes256-cts-hmac-sha1-96</li>
	<li>rc4-hmac</li>
	<li>rc4-hmac-exp</li>
	<li>subkey-keymaterial</li>
	<li>rc4-md4</li>
	<li>rc4-hmac-old</li>
	<li>rc4-hmac-old-exp</li>
</ul>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-DnsServer"></a>DnsServer</h4>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-KdcServer"></a>KdcServer</h4>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-LdapService"></a>LdapService</h4>

<p>We have two sets of parameters : some are simple, some are composite. We will expose the full list first, then a description for every composite parameter the composite parameters are bold).</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> allowAnonymousAccess </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A flag to allow or forbid anonymous connections </td>
</tr>
<tr>
<td class='confluenceTd'> certificatePassword </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> If the certificate is stored in an external KeyStore, this is <br clear="all" />
 the certificate password </td>
</tr>
<tr>
<td class='confluenceTd'> confidentialityRequired </td>
<td class='confluenceTd'> false </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the mode for this LdapService to accept requests with or without a <br clear="all" />
 TLS secured connection via either StartTLS extended operations or using LDAPS. </td>
</tr>
<tr>
<td class='confluenceTd'> <b>directoryService</b> </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The reference to the underlying Directory service (see below) </td>
</tr>
<tr>
<td class='confluenceTd'> enableLdaps </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Enable LDAPS </td>
</tr>
<tr>
<td class='confluenceTd'> <b>extendedOperationHandlers</b> </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A list of extended operations supported by the server. It makes <br clear="all" />
 the server extensible, as you can add a new extended operation (see below). </td>
</tr>
<tr>
<td class='confluenceTd'> keystoreFile </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Define the external KeyStore to use, if one don't want to use ADS to <br clear="all" />
 store the certificates </td>
</tr>
<tr>
<td class='confluenceTd'> maxSizeLimit </td>
<td class='confluenceTd'> No limit (0) </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the maximum size limit in number of entries to return for search </td>
</tr>
<tr>
<td class='confluenceTd'> maxTimeLimit </td>
<td class='confluenceTd'> No limit (0) </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the maximum time limit in milliseconds to conduct a search </td>
</tr>
</tbody></table>

<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-SASLconfiguration"></a>SASL configuration</h5>

<p>Those parameters are defined when using SASL Authentication.</p>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> saslHost </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the FQDN of this SASL host, validated during SASL negotiation. </td>
</tr>
<tr>
<td class='confluenceTd'> <b>saslMechanismHandlers</b> </td>
<td class='confluenceTd'> PLAIN, CRAM_MD5, DIGEST_MD5, GSSAPI, NTLM, GSS_SPNEGO </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A map representing the supported authentication mechanisms. </td>
</tr>
<tr>
<td class='confluenceTd'> saslPrincipal </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the Kerberos principal name for this LDAP service, used by GSSAPI. </td>
</tr>
<tr>
<td class='confluenceTd'> <b>saslQop</b> </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the desired quality-of-protection, used by DIGEST-MD5 and GSSAPI. </td>
</tr>
<tr>
<td class='confluenceTd'> <b>saslRealms</b> </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. </td>
</tr>
</tbody></table>

<h6><a name="1.4.1ConfigurationofApacheDSwithSpring-SaslMechanismHandlersconfiguration"></a>SaslMechanismHandlers configuration</h6>

<p>This is a list of parameters describing the supported SASL mechanisms. Currently, the following mechanisms are supported :</p>
<ul>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-SimpleMechanismHandler">SIMPLE</a></li>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-PlainMechanismHandler">PLAIN</a></li>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-CramMd5MechanismHandler">CRAM_MD5</a></li>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-DigestMd5MechanismHandler">DIGEST_MD5</a></li>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-GssapiMechanismHandler">GSSAPI</a></li>
	<li><a href="#1.4.1ConfigurationofApacheDSwithSpring-NtlmMechanismHandler">NTLM</a></li>
</ul>


<p>The configuration file will be something like :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;ldapService&gt;
    ...
    &lt;!-- The list of supported authentication mechanisms. --&gt;
    &lt;saslMechanismHandlers&gt;
      &lt;simpleMechanismHandler mech-name=<span class="code-quote">"SIMPLE"</span>/&gt;
      &lt;cramMd5MechanismHandler mech-name=<span class="code-quote">"CRAM-MD5"</span> /&gt;
      &lt;digestMd5MechanismHandler mech-name=<span class="code-quote">"DIGEST-MD5"</span> /&gt;
      &lt;gssapiMechanismHandler mech-name=<span class="code-quote">"GSSAPI"</span> /&gt;
      &lt;ntlmMechanismHandler mech-name=<span class="code-quote">"NTLM"</span> ntlmProviderFqcn=<span class="code-quote">"com.foo.Bar"</span>/&gt;

    &lt;/saslMechanismHandlers&gt;
  ...
</pre>
</div></div>
<p>The specific parameters for each of those handlers is described <a href="#1.4.1ConfigurationofApacheDSwithSpring-LDAPHandlers">here</a>.</p>

<h6><a name="1.4.1ConfigurationofApacheDSwithSpring-SaslQoPconfiguration"></a>SaslQoP configuration</h6>

<p>This parameter is used when the GSSAPI and DIGEST-MD5 authentication handlers are used (see <a href="http://www.ietf.org/rfc/rfc2831.txt" rel="nofollow">RFC 2831</a>). It contains the possible Quality of Protections :</p>
<ul>
	<li><b>auth</b></li>
	<li><b>auth-int</b></li>
	<li><b>auth-conf</b></li>
</ul>


<p>Here is an example of configuration in the server.xml file :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;ldapService&gt;
    ...
    &lt;!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI.  --&gt;
    &lt;saslQop&gt;
      &lt;s:value&gt;auth&lt;/s:value&gt;
      &lt;s:value&gt;auth-<span class="code-object">int</span>&lt;/s:value&gt;
      &lt;s:value&gt;auth-conf&lt;/s:value&gt;
    &lt;/saslQop&gt;
    ...
</pre>
</div></div>

<h6><a name="1.4.1ConfigurationofApacheDSwithSpring-SaslRealmsconfiguration"></a>SaslRealms configuration</h6>

<p>This parameter lists the realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. It contains a list of host name.</p>

<p>Here is an example in the server.xml file :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;ldapService&gt;
    ...
    &lt;!-- The realms serviced by <span class="code-keyword">this</span> SASL host, used by DIGEST-MD5 and GSSAPI. --&gt;
    &lt;saslRealms&gt;
      &lt;s:value&gt;example.com&lt;/s:value&gt;
      &lt;s:value&gt;apache.org&lt;/s:value&gt;
    &lt;/saslRealms&gt;
    ...
</pre>
</div></div>

<h3><a name="1.4.1ConfigurationofApacheDSwithSpring-DirectoryServiceconfiguration"></a>DirectoryService configuration</h3>

<p>This is the directory service managing all the stored information for many protocols, including <b>LDAP</b>, <b>KDC</b>, <b>DNS</b> and <b>ChangePassword</b>.</p>

<p>It has many parameters which can be tunned. Here is the list of all the available parameters :</p>

<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Parameter </th>
<th class='confluenceTh'> Default </th>
<th class='confluenceTh'> Mandatory </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'> accessControlEnabled </td>
<td class='confluenceTd'> false </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets whether to enable basic access control checks or not </td>
</tr>
<tr>
<td class='confluenceTd'> allowAnonymousAccess </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets whether to allow anonymous access to entries other than the RootDSE </td>
</tr>
<tr>
<td class='confluenceTd'> changeLog </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets the ChangeLog service for this DirectoryService used for tracking changes </td>
</tr>
<tr>
<td class='confluenceTd'> denormalizeOpAttrsEnabled </td>
<td class='confluenceTd'> false </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Sets whether the operational attributes are denormalized when returned </td>
</tr>
<tr>
<td class='confluenceTd'> exitVmOnShutdown </td>
<td class='confluenceTd'> true </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A flag used to shutdown the VM when stopping the server. Useful<br/>
when the server is standalone. If the server is embedded, we don't<br/>
want to shutdown the VM </td>
</tr>
<tr>
<td class='confluenceTd'> interceptors </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> Manage the list of available interceptors. See <a href="#1.4.1ConfigurationofApacheDSwithSpring-Interceptors">Interceptors</a> </td>
</tr>
<tr>
<td class='confluenceTd'> journal </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> Manage the Journaling system. See <a href="#1.4.1ConfigurationofApacheDSwithSpring-Journal">Journal</a> </td>
</tr>
<tr>
<td class='confluenceTd'> maxPDUSize </td>
<td class='confluenceTd'> Integer.MAX </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'>  The maximum size for an incoming PDU </td>
</tr>
<tr>
<td class='confluenceTd'> partitions </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The set of all declared partitions </td>
</tr>
<tr>
<td class='confluenceTd'> passwordHidden </td>
<td class='confluenceTd'> false </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A flag to tell if the userPassword attribute's value must be hidden (NYI) </td>
</tr>
<tr>
<td class='confluenceTd'> replicaId </td>
<td class='confluenceTd'> 0 </td>
<td class='confluenceTd'> false </td>
<td class='confluenceTd'> The directory instance replication ID (must be an integer in [0,999] </td>
</tr>
<tr>
<td class='confluenceTd'> systemPartition </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> yes </td>
<td class='confluenceTd'> The System partition </td>
</tr>
<tr>
<td class='confluenceTd'> testEntries </td>
<td class='confluenceTd'> N/A </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> A list of LDIF entries to inject at startup </td>
</tr>
<tr>
<td class='confluenceTd'> workingDirectory </td>
<td class='confluenceTd'> "server-work" </td>
<td class='confluenceTd'> no </td>
<td class='confluenceTd'> The server working directory </td>
</tr>
</tbody></table>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-Journal"></a>Journal</h4>

<p>Manage the Journaling system. It can be enabled or disabled, and is associated with a Store. Here is an example of configuration :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;journal enabled=<span class="code-quote">"<span class="code-keyword">true</span>"</span>&gt;
  &lt;journalStore fileName=<span class="code-quote">"journal.log"</span> workingDirectory=<span class="code-quote">"/<span class="code-keyword">var</span>/log"</span>&gt;
&lt;/journal&gt;
</pre>
</div></div>

<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-ExtendedOperationHandlersconfiguration"></a>ExtendedOperationHandlers configuration</h5>

<p>This parameter is used to list the supported extended operations. This is a highly technical parameter, and you are not likely to change it, except if you want to remove some of the extended operations for some reasons.</p>

<p>The syntax is simple : it's a list of all the supported classes implementing extended operations. Here is an example in the server.xml file :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;ldapService&gt;
    ...
    &lt;!-- the collection of extended operation handlers to install --&gt;
    &lt;extendedOperationHandlers&gt;
      &lt;startTlsHandler/&gt;
      &lt;gracefulShutdownHandler/&gt;
      &lt;launchDiagnosticUiHandler/&gt;
      &lt;!-- The Stored Procedure Extended Operation is not stable yet and it may cause security risks.--&gt;
      &lt;!--storedProcedureExtendedOperationHandler/--&gt;
    &lt;/extendedOperationHandlers&gt;
  ...
</pre>
</div></div>
<p>As you can see, the last extended operation is commented, it won't be available into this instance of the LDAP server.</p>

<p>Currently, the available extended operations are :</p>
<ul>
	<li>GracefulShutdownHandler : Handle the server shutdown</li>
	<li>LaunchDiagnosticUiHandler : Launch a graphical tool to look at the backend content</li>
	<li>StartTlsHandler : Handle the StartTLS operation (establishes a secured connection between the server and a client)</li>
	<li>StoredProcedureExtendedOperationHandler : Manage StoredProcedured, executing them when received.</li>
</ul>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-NtpServer"></a>NtpServer</h4>

<p>There is no specific parameter for the NtpServer. The <b>AbstractProtocolService</b> parameters have to be used in order to configure this server. Here is an example of configuration :</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="code-java">
&lt;NtpServer ipPort=<span class="code-quote">"60123"</span> nbThreads=<span class="code-quote">"8"</span>/&gt;
</pre>
</div></div>
<p>We have a running NtpServer on localhost, waiting for incomming connection on port 60213, for TCP and UDP transports. 8 processing threads for each of the transport connectors will be used to process the incoming requests.</p>

<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-StandardThreadPool%3F%3F%3F"></a>StandardThreadPool ???</h4>


<h3><a name="1.4.1ConfigurationofApacheDSwithSpring-LDAPHandlers"></a>LDAP Handlers</h3>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-SASLMechanismhandlers"></a>SASL Mechanism handlers</h4>


<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-CramMd5MechanismHandler"></a>CramMd5MechanismHandler</h5>


<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-DigestMd5MechanismHandler"></a>DigestMd5MechanismHandler</h5>


<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-GssapiMechanismHandler"></a>GssapiMechanismHandler</h5>


<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-NtlmMechanismHandler"></a>NtlmMechanismHandler</h5>


<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-PlainMechanismHandler"></a>PlainMechanismHandler</h5>


<h5><a name="1.4.1ConfigurationofApacheDSwithSpring-SimpleMechanismHandler"></a>SimpleMechanismHandler</h5>


<h3><a name="1.4.1ConfigurationofApacheDSwithSpring-ADS"></a>ADS</h3>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-ReplicationConfiguration"></a>ReplicationConfiguration</h4>


<h4><a name="1.4.1ConfigurationofApacheDSwithSpring-ApacheDSJdbmPartition"></a>ApacheDSJdbmPartition</h4>


<h2><a name="1.4.1ConfigurationofApacheDSwithSpring-Resources"></a>Resources</h2>

<ul>
	<li><a href="http://static.springframework.org/spring/docs/1.2.x/reference/index.html" title="www.springframework.org" rel="nofollow">Spring Framework 1.2.x Reference Documentation</a></li>
</ul>

     </div>
     <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action" class="grey">Change Notification Preferences</a>
       </div>

       <a href="http://cwiki.apache.org/confluence/display/DIRxSRVx11/1.4.1+Configuration+of+ApacheDS+with+Spring">View Online</a>
       |
       <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=55545&revisedVersion=24&originalVersion=23">View Change</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message