directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] Enablement of LDAPS (SSL) Service in ApacheDS 2.0 configuration
Date Mon, 22 Nov 2010 15:17:57 GMT
On Mon, Nov 22, 2010 at 4:37 PM, Pierre-Arnaud Marcelot <pa@marcelot.net> wrote:
> Hi Emmanuel,
>
> On 22 nov. 2010, at 15:31, Emmanuel Lecharny wrote:
>
>> On 11/22/10 3:17 PM, Pierre-Arnaud Marcelot wrote:
>>> Hi Dev,
>>>
>>> A quick question, while I'm writing the configuration editor for ApacheDS 2.0
configuration.
>>>
>>> LDAP and LDAPS servers configuration is shared in the 'ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config'
entry.
>>> Like other servers (Kerberos, ChangePassword, HTTP, etc.), this entry has a 'ads-enabled'
attribute.
>>> But how do I know which servers (LDAP and/org LDAPS) should be enabled?
>>>
>>> Should I look at the enablement of the transports to see which ones are enabled?
Should we add a specific 'ads-enable-ldaps' attribute to the LDAP Server configuration?
>>>
>>> WDYT ?
>> IMO, if the SSL transport is present, then LDAPS should be enabled. No need for an
extra flag.
>
> I agree with this (transport being present and enabled).
>
> But I propose we make this a consistent behavior all across the servers
> In that case, how about removing the 'ads-enable' attribute from the servers entries
and look for the value in the transport ?
>
this requires an entirely different logic to find out if a server is
enabled or not, i.e a server will be
treated as enabled only if at least one transport is enabled. If we
take care of this in
the ServiceBuilder then +1

-- 
Kiran Ayyagari

Mime
View raw message