directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject Re: svn commit: r543905 - /directory/apacheds/trunk/server-main/server.xml
Date Tue, 05 Jun 2007 00:32:59 GMT
On 6/4/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> Enrique Rodriguez a écrit :
> >
> > Where are you putting that value and what exception are you getting?
>
> It's in server.xml :
>
> beans>
>   <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
>     <property name="properties">
>       <props>
>         <!-- JNDI security properties used to get initial contexts.         -->
>         <prop key="java.naming.security.authentication">simple</prop>
>         <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
> ...
> This is a warning, but when you get it in the console, you immediatly
> think that something is wrong (hopefully, this user is bound, because
> later in the chain threr is the handleSimple class which deal with this
> user).

The security.principal set in the props bean is only used for when the
LDAP protocol provider binds to the back-end, ie it is for internal
binds.  The Kerberos service principal in question is for the LDAP
protocol provider to "run as" during secure connections over the wire
to the user's LDAP client, ie the bind from the user's perspective.
Though the security.principal DN can have Kerberos service credentials
and thus be used for the server-side of GSSAPI, it doesn't need to be.
 In fact, in a multi-realm scenario you will want the LDAP protocol to
switch the server-side service principal, in which case you'll have to
have more than one DN with Kerberos credentials, each with its own
service principal name.

Enrique

Mime
View raw message