directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <ste...@labeo.de>
Subject ApacheDS bigbang configuration: allowAnonymousAccess Question
Date Sun, 30 Dec 2007 14:13:44 GMT
Hi all,

currently I rework the Basic User's Guide in cwiki for the upcoming 2.0 
  version of ApacheDS.

Let me first say that the new configuration file server.xml with the 
xbean stuff is much clearer and therefore also easier to document against.

During configuration of authentication option for chapter 3.1 ("Basic 
Security -- Authentication options") I faced a problem with the 
attribute allowAnonymousAccess.

It is allowed in three elements in server.xml (and used in all of them 
in the default file which comes with the installer as well):

(1) apacheDS

   <apacheDS id="apacheDS"
             synchPeriodMillis="15000"
             allowAnonymousAccess="false">
    ...

(2) defaultDirectoryService

   <defaultDirectoryService id="directoryService" instanceId="default"
                            workingDirectory="example.com"
                            allowAnonymousAccess="false"
    ...

(3) <ldapServer id="ldapServer"
               ipPort="10389"
               allowAnonymousAccess="false"
    ...

I am not really sure, which combinations of true and false values in 
these areas are valid, and which behavior they should show.

For instance it is sufficient to enable anonymous access on the apacheDS 
level (allowAnonymousAccess="true"), all other elements can still remain 
false, but anonymous binds work.

Does a configuration on a higher level (apacheDS) overwrite values below 
(ldapServer)? I guess not ...

Any help here is highly welcome. I would like to document legal and 
intended configuration and behavior.

Thanks in advance and greetings from Hamburg,
     Stefan


Mime
View raw message