directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: [Studio] Validation of server configuration against schema
Date Mon, 09 Mar 2009 17:27:52 GMT

On Mar 9, 2009, at 6:28 AM, Felix Knecht wrote:

> Thanks Stefan
>
> Stefan Zoerner schrieb:
>> Hi Felix!
>> Felix Knecht wrote:
>>> - What is meant by 'another bean I didn't convert'?
>>>  extract from server.xml:
>>>  <!-- another bean I didn't convert -->
>>>  <spring:bean  
>>> class 
>>> ="org.springframework.beans.factory.config.CustomEditorConfigurer">
>>>    <spring:property name="customEditors">
>>>      <spring:map>
>>>        <spring:entry key="javax.naming.directory.Attributes">
>>>          <spring:bean  
>>> class 
>>> = 
>>> "org 
>>> .apache 
>>> .directory.server.core.configuration.AttributesPropertyEditor"/>
>>>        </spring:entry>
>>>      </spring:map>
>>>    </spring:property>
>>>  </spring:bean>
>> In the old Spring configuration it was possible to inject the  
>> context entry in LDIF format, this was done with the property  
>> editor feature. It is not needed any more from my point of view,  
>> and can be removed.
>
> So I suppose that the spring namespace isn't needed anymore in the  
> configuration file. So a configuration file will look like  attached  
> one.
> It's building and passing integration tests (mvn cleaninstall - 
> Dintegration).
>
> Can the apacheds gurus confirm that removing spring namespace and  
> CustomEditorConfigurer bean is ok? If so I'll commit the changed  
> files in the server-xml module of apacheds.

xbean-spring happily coexists with regular spring configuration.  I  
would keep the spring namespace in the document even if you don't have  
any plain spring bean configurations in case someone wants to  
customize the server.xml with a spring bean that doesn't have xbean  
configuration -- for instance they wrote it themselves or its a base  
spring bean (like this one).

I don't understand what this bean is doing -- it looks like a basic  
spring bean, so I couldn't really provide xbean annotations for it.

thanks
david jencks

>
>
> Thanks
> Felix
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!--
>  Licensed to the Apache Software Foundation (ASF) under one
>  or more contributor license agreements.  See the NOTICE file
>  distributed with this work for additional information
>  regarding copyright ownership.  The ASF licenses this file
>  to you under the Apache License, Version 2.0 (the
>  "License"); you may not use this file except in compliance
>  with the License.  You may obtain a copy of the License at
>
>  http://www.apache.org/licenses/LICENSE-2.0
>
>  Unless required by applicable law or agreed to in writing,
>  software distributed under the License is distributed on an
>  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>  KIND, either express or implied.  See the License for the
>  specific language governing permissions and limitations
>  under the License.
> -->
>
>
> <beans xmlns="http://apacheds.org/config/1.5.5-SNAPSHOT"
>       xmlns:s="http://www.springframework.org/schema/beans">
>
>  <defaultDirectoryService id="directoryService" instanceId="default"
>                           replicaId="1"
>                           workingDirectory="example.com"
>                           allowAnonymousAccess="true"
>                           accessControlEnabled="false"
>                           denormalizeOpAttrsEnabled="false"
>                           maxPDUSize="2000000">
>    <systemPartition>
>      <!-- use the following partitionConfiguration to override  
> defaults for -->
>      <!-- the system  
> partition                                              -->
>      <jdbmPartition id="system" cacheSize="100" suffix="ou=system"  
> optimizerEnabled="true" syncOnWrite="true">
>        <indexedAttributes>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.1"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.2"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.3"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.4"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.5"  
> cacheSize="10"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.6"  
> cacheSize="10"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.7"  
> cacheSize="10"/>
>          <jdbmIndex attributeId="ou" cacheSize="100"/>
>          <jdbmIndex attributeId="uid" cacheSize="100"/>
>          <jdbmIndex attributeId="objectClass" cacheSize="100"/>
>        </indexedAttributes>
>      </jdbmPartition>
>    </systemPartition>
>
>    <partitions>
>      <!-- NOTE: when specifying new partitions you need not include  
> those   -->
>      <!-- attributes below with OID's which are the system indices,  
> if left -->
>      <!-- out they will be automatically configured for you with  
> defaults.  -->
>      <jdbmPartition id="example" cacheSize="100"  
> suffix="dc=example,dc=com" optimizerEnabled="true"
>                     syncOnWrite="true">
>        <indexedAttributes>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.1"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.2"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.3"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.4"  
> cacheSize="100"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.5"  
> cacheSize="10"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.6"  
> cacheSize="10"/>
>          <jdbmIndex attributeId="1.3.6.1.4.1.18060.0.4.1.2.7"  
> cacheSize="10"/>
>          <jdbmIndex attributeId="dc" cacheSize="100"/>
>          <jdbmIndex attributeId="ou" cacheSize="100"/>
>          <jdbmIndex attributeId="krb5PrincipalName" cacheSize="100"/>
>          <jdbmIndex attributeId="uid" cacheSize="100"/>
>          <jdbmIndex attributeId="objectClass" cacheSize="100"/>
>        </indexedAttributes>
>      </jdbmPartition>
>    </partitions>
>
>    <interceptors>
>      <normalizationInterceptor/>
>      <authenticationInterceptor/>
>      <referralInterceptor/>
>      <aciAuthorizationInterceptor/>
>      <defaultAuthorizationInterceptor/>
>      <exceptionInterceptor/>
>      <operationalAttributeInterceptor/>
>
>      <!-- Uncomment to enable the password policy interceptor
>      <passwordPolicyInterceptor/>
>      <keyDerivationInterceptor/>
>      -->
>
>      <schemaInterceptor/>
>      <subentryInterceptor/>
>      <collectiveAttributeInterceptor/>
>      <eventInterceptor/>
>      <triggerInterceptor/>
>
>      <!-- Uncomment to enable replication interceptor
>      <replicationInterceptor>
>        <configuration>
>          <replicationConfiguration serverPort="10390"  
> peerReplicas="instance_b@localhost:10392">
>            <replicaId>
>              <replicaId id="instance_a"/>
>            </replicaId>
>          </replicationConfiguration>
>        </configuration>
>      </replicationInterceptor>
>      -->
>    </interceptors>
>  </defaultDirectoryService>
>
>  <!--
>  +============================================================+
>  | ChangePassword server configuration                        |
>  +============================================================+
>  -->
>  <!--  missing  atou=users,dc=example,dc=com
>  <changePasswordServer>
>    <tcpTransport>
>      <tcpTransport port="60464" nbThreads="2" backLog="50"/>
>    </tcpTransport>
>    <udpTransport>
>      <udpTransport port="60464" nbThreads="2" backLog="50"/>
>    </udpTransport>
>    <directoryService>#directoryService</directoryService>
>  </changePasswordServer>
> -->
>
>  <!--
>  +============================================================+
>  | Kerberos server configuration                              |
>  +============================================================+
>  -->
>  <!--  missing atou=users,dc=example,dc=com
>  <kdcServer>
>    <tcpTransport>
>      <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>    </tcpTransport>
>    <udpTransport>
>      <udpTransport port="60088" nbThreads="4" backLog="50"/>
>    </udpTransport>
>    <directoryService>#directoryService</directoryService>
>  </kdcServer>
> -->
>
>  <!--
>  +============================================================+
>  | NtpServer configuration                                    |
>  +============================================================+
>  -->
>  <ntpServer>
>    <tcpTransport>
>      <tcpTransport port="60123"/>
>    </tcpTransport>
>    <udpTransport>
>      <udpTransport port="60123" nbThreads="1"/>
>    </udpTransport>
>  </ntpServer>
>
>  <!--
>  +============================================================+
>  | DnsServer configuration                                    |
>  +============================================================+
>  -->
>
>  <!--  missing atou=users,dc=example,dc=com
>  <dnsServer>
>    <tcpTransport>
>      <tcpTransport port="8053"/>
>    </tcpTransport>
>    <udpTransport>
>      <udpTransport port="8053"/>
>    </udpTransport>
>    <directoryService>#directoryService</directoryService>
>  </dnsServer>
> -->
>
>  <!--
>  +============================================================+
>  | LDAPS Service configuration                                 |
>  +============================================================+
>  -->
>  <ldapService id="ldapsService"
>              enabled="true"
>              enableLdaps="true">
>    <tcpTransport>
>      <tcpTransport port="10686"/>
>    </tcpTransport>
>    <directoryService>#directoryService</directoryService>
>  </ldapService>
>
>  <!--
>  +============================================================+
>  | LDAP Service configuration                                 |
>  +============================================================+
>  -->
>  <ldapService id="ldapService"
>              allowAnonymousAccess="false"
>              saslHost="ldap.example.com"
>              saslPrincipal="ldap/ldap.example.com@EXAMPLE.COM"
>              searchBaseDn="ou=users,ou=system"
>              maxTimeLimit="15000"
>              maxSizeLimit="1000">
>    <tcpTransport>
>      <tcpTransport port="10389" nbThreads="8" backLog="50"/>
>    </tcpTransport>
>
>    <directoryService>#directoryService</directoryService>
>
>    <!-- The list of supported authentication  
> mechanisms.                   -->
>    <saslMechanismHandlers>
>      <simpleMechanismHandler mech-name="SIMPLE"/>
>      <cramMd5MechanismHandler mech-name="CRAM-MD5" />
>      <digestMd5MechanismHandler mech-name="DIGEST-MD5" />
>      <gssapiMechanismHandler mech-name="GSSAPI" />
>      <ntlmMechanismHandler mech-name="NTLM"  
> ntlmProviderFqcn="com.foo.Bar"/>
>      <ntlmMechanismHandler mech-name="GSS-SPNEGO"  
> ntlmProviderFqcn="com.foo.Bar"/>
>    </saslMechanismHandlers>
>
>    <!-- The desired quality-of-protection, used by DIGEST-MD5 and  
> GSSAPI.  -->
>    <saslQop>
>      <s:value>auth</s:value>
>      <s:value>auth-int</s:value>
>      <s:value>auth-conf</s:value>
>    </saslQop>
>
>    <!-- The realms serviced by this SASL host, used by DIGEST-MD5  
> and GSSAPI. -->
>    <saslRealms>
>      <s:value>example.com</s:value>
>      <s:value>apache.org</s:value>
>    </saslRealms>
>
>    <!-- the collection of extended operation handlers to  
> install           -->
>    <extendedOperationHandlers>
>      <startTlsHandler/>
>      <gracefulShutdownHandler/>
>      <launchDiagnosticUiHandler/>
>      <!-- The Stored Procedure Extended Operation is not stable yet  
> and it may cause security risks.-->
>      <!--storedProcedureExtendedOperationHandler/-->
>    </extendedOperationHandlers>
>  </ldapService>
>
>
>  <apacheDS id="apacheDS"
>            synchPeriodMillis="15000"
>            allowAnonymousAccess="false">
>
>    <directoryService>#directoryService</directoryService>
>    <ldapService>#ldapService</ldapService>
>    <ldapsService>#ldapsService</ldapsService>
>  </apacheDS>
> </beans>


Mime
View raw message