Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 2265 invoked from network); 22 Nov 2010 14:37:14 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 22 Nov 2010 14:37:14 -0000 Received: (qmail 58418 invoked by uid 500); 22 Nov 2010 14:37:46 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 58223 invoked by uid 500); 22 Nov 2010 14:37:45 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 58216 invoked by uid 99); 22 Nov 2010 14:37:45 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Nov 2010 14:37:45 +0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of pajbam@gmail.com designates 74.125.82.44 as permitted sender) Received: from [74.125.82.44] (HELO mail-ww0-f44.google.com) (74.125.82.44) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Nov 2010 14:37:37 +0000 Received: by wwa36 with SMTP id 36so7419173wwa.1 for ; Mon, 22 Nov 2010 06:37:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:content-type :mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; bh=0X6fLs4ieM+csZY+HkpvOZKSRfCNzfrWR1hlnpa4ylk=; b=lDDXUrWXYzg2fsIWGpvQOYVSc+jHH6TYaGW6rLJtHMu6siOQRLBoUouLShZmplAbld iSGOljtGZSDxORDi42Sm9i+JBqASycseX2aU/kZH8g/2xWGElYDQLC5CLyXKoAobj6Eq T2MVv01uX9Jb1C/2wxnnf8ORnv0aD3HyB6XYU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; b=c2fU50BKjeKFnvtCIqaY3In59Kmhq2XDc5bb5avrMRhnybpYreUZ408Uy8wk1Vidip 79OL1LFSLIyFT1HPXbH4To8J5G3R/nustCc1qVthuh4XyvehnAUTgeC3pb/NezGFx44U lkBKIYQjdy6juM10akVSg+HgXpVtcLOWi0x1o= Received: by 10.227.137.17 with SMTP id u17mr6001234wbt.129.1290436635912; Mon, 22 Nov 2010 06:37:15 -0800 (PST) Received: from [192.168.0.52] (lon92-10-78-226-4-211.fbx.proxad.net [78.226.4.211]) by mx.google.com with ESMTPS id l51sm2303089wer.2.2010.11.22.06.37.13 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 22 Nov 2010 06:37:14 -0800 (PST) Sender: Pierre-Arnaud Marcelot Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Apple Message framework v1081) Subject: Re: [ApacheDS] Enablement of LDAPS (SSL) Service in ApacheDS 2.0 configuration From: Pierre-Arnaud Marcelot In-Reply-To: <4CEA7EA6.8010603@gmail.com> Date: Mon, 22 Nov 2010 15:37:12 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <6AABB0C6-5237-4270-BF11-0EF0B5542A9B@marcelot.net> <4CEA7EA6.8010603@gmail.com> To: "Apache Directory Developers List" X-Mailer: Apple Mail (2.1081) Hi Emmanuel, On 22 nov. 2010, at 15:31, Emmanuel Lecharny wrote: > On 11/22/10 3:17 PM, Pierre-Arnaud Marcelot wrote: >> Hi Dev, >>=20 >> A quick question, while I'm writing the configuration editor for = ApacheDS 2.0 configuration. >>=20 >> LDAP and LDAPS servers configuration is shared in the = 'ads-serverId=3DldapServer,ou=3Dservers,ads-directoryServiceId=3Ddefault,o= u=3Dconfig' entry. >> Like other servers (Kerberos, ChangePassword, HTTP, etc.), this entry = has a 'ads-enabled' attribute. >> But how do I know which servers (LDAP and/org LDAPS) should be = enabled? >>=20 >> Should I look at the enablement of the transports to see which ones = are enabled? Should we add a specific 'ads-enable-ldaps' attribute to = the LDAP Server configuration? >>=20 >> WDYT ? > IMO, if the SSL transport is present, then LDAPS should be enabled. No = need for an extra flag. I agree with this (transport being present and enabled). But I propose we make this a consistent behavior all across the servers In that case, how about removing the 'ads-enable' attribute from the = servers entries and look for the value in the transport ? Thanks, Pierre-Arnaud