directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot ...@marcelot.net>
Subject Re: [ApacheDS] Enablement of LDAPS (SSL) Service in ApacheDS 2.0 configuration
Date Mon, 22 Nov 2010 14:37:12 GMT
Hi Emmanuel,

On 22 nov. 2010, at 15:31, Emmanuel Lecharny wrote:

> On 11/22/10 3:17 PM, Pierre-Arnaud Marcelot wrote:
>> Hi Dev,
>> 
>> A quick question, while I'm writing the configuration editor for ApacheDS 2.0 configuration.
>> 
>> LDAP and LDAPS servers configuration is shared in the 'ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config'
entry.
>> Like other servers (Kerberos, ChangePassword, HTTP, etc.), this entry has a 'ads-enabled'
attribute.
>> But how do I know which servers (LDAP and/org LDAPS) should be enabled?
>> 
>> Should I look at the enablement of the transports to see which ones are enabled?
Should we add a specific 'ads-enable-ldaps' attribute to the LDAP Server configuration?
>> 
>> WDYT ?
> IMO, if the SSL transport is present, then LDAPS should be enabled. No need for an extra
flag.

I agree with this (transport being present and enabled).

But I propose we make this a consistent behavior all across the servers
In that case, how about removing the 'ads-enable' attribute from the servers entries and look
for the value in the transport ?

Thanks,
Pierre-Arnaud


Mime
View raw message