directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Commented] (DIRSERVER-1816) Unable to enable SSL to the APACHE DS
Date Wed, 22 May 2013 08:33:20 GMT


Emmanuel Lecharny commented on DIRSERVER-1816:

I know this is not the right place to discuss all those interesting points, but still : you
are raising very valid concerns that need to be addressed !

QA is generally overated. As are Insurance ;-) What we have in the software industry is generally
extremely weak : basically, unit tests, integration tests, and user experiences ;-). We do
have something like 5 000 tests in ApacheDS and Ldap API, much less in Studio (I explained
why). We also have around 150 000 downloads of Studio every year (50 000 ApacheDS downloads)
but not all of them convert to real users. However, most of them are Windows users (75% I
would say). 

I must say I'm a bit surprised this '/' vs '\' issue was raised recently, and not before.
Either we have broken something, or users weren't working with SSL and local keystore...

Regardless, we are now leaving a world where software are increasingly connected, with many
complex potential interactions leading to potential breakages and failure. Add to that we
don't anymore live in a world of Windows dominance, as most of the server are on Linux and
many clients are using Mac OSX or iOS/Android systems.

On our side, we don't really care if we don't release on schedule : we don't have schedules
at all ! ApacheDS 2.0 is expected for years now (since 2010, AFAIR), but we do think that
it's better to deliver something that actually *work*, even if it means we have to go through
many milestones and RC. This is not a mistery why we have already released 12 milestones for
ApacheDS 2.0, 6 for Studio 2.0 and 17 for Ldap API 1.0. I like to answer to people asking
when will he next release be cut : "When it's ready"
What drives us when we cut a release is that we consider it's urgent to get out with some
new milestone when we have detected and fixed a major bug. 

Now, it does not preclude that the GA will be perfect : this is impossible. Each new feature
adds some new bugs, and the only thing we can guarantee is that we will do our best to fix

That being said, we are volunteers, most of us (talking about Apache in general). And it's
refreshing - and somehow mind blowing - to realize that we produce software which is by all
measure as good as many close source equivalent. Sometime better... But we also sometime deliver
crap ;-) At least, we don't pretend that twe will make money out of this crap ;-)

One last thing : It's now 25 years I'm in the software industry, and I can assure you that
your complain about lack of quality, and lack of interest around this issue, has always been
a frequent moto. We, human beings, have a tendency to believe that "it was better when we
were young", and that "we could do better if only we had time/money/people". Sadly, this is
not true, to any extend...

> Unable to enable SSL to the APACHE DS 
> --------------------------------------
>                 Key: DIRSERVER-1816
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Task
>          Components: ldap
>    Affects Versions: 2.0.0-M10
>         Environment: Windows 
>            Reporter: RakeshAcharya
>            Priority: Blocker
>              Labels: security
>   Original Estimate: 24h
>  Remaining Estimate: 24h
> Below are steps taken to enable SSL
> 1. Created a new valid Key pair using Portecle.
> 2. Placed the KeyStore in the conf directory 
> 3. Added the below entry in the conf.ldif file
> ads-ldapServerCertificatePassword
> ads-ldapServerKeystoreFile
> also tried below entries
> keystoreFile ,certificatePassword 
> ads-ldapServerKeystoreFile,ads-ldapServerCertificatePassword
> Facing below error while starting the server
> Error:
> ERR_04447_CANNOT_NORMALIZE_VALUE Cannot normalize the wrapped value ERR_04473_NOT_VALID_VALUE
Not a valid value 'C:\Users\rakeshacharya\.ApacheDirectoryStudio\.metadata\.plugins\\servers\f9ed386b-f8a9-4a79-be12-b5cfabf362be\conf\localhost.jks'
for the AttributeType 'ATTRIBUTE_TYPE (
>  NAME 'ads-keystoreFile'
>  DESC The keystore file to use to store certificates
>  EQUALITY caseExactMatch
>  ORDERING caseExactOrderingMatch
>  SUBSTR caseExactSubstringsMatch
>  USAGE userApplications
> ERR_04269 ATTRIBUTE_TYPE for OID certificatepassword does not exist

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message