directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [Studio] Changes in the Ldap configuration plugin, first pass.
Date Tue, 02 Dec 2014 20:59:11 GMT
On Wed, Dec 3, 2014 at 4:39 AM, Emmanuel L├ęcharny <elecharny@gmail.com>
wrote:

> Hi guys,
>
> in order to be compatible with the changes we made in the ApacheDS
> configuration, I will update the LDAP configration plugin. Here is a
> list of changes I'm going to apply (more to come later) :
>
> Overview page
> -------------
>
> o Addition of the LDAP and LDAPS addresses (defaulting to 0.0.0.0). It's
> likely that the address will be different than 0.0.0.0 on a production
> server, so this information is critical.
>
> I'll put it just below the port :
>
>     LDAP/LDAPS Servers
>     [X] Enable LDAP Server
>           Port : [-----] (Default: 10389)
>           Address: [-------------------------------] (Default :
> 0.0.0.0)  <-- Here, we should be able to accept any InetAddress (IPV4,
> IPV6, host name...)
>
> The very samle for LDAPS.
>
> and for Kerberos server please

>
> o I may add an 'advanced' bar under the address where I will allow
> anyone to configure for LDAP and LDAPS the following parameters :
>  - nb threads
>  - backlog size
>
> Another option would be to move the 'address' box into this 'advanced'
> bar (so hidden most of the time).
>
> o LDAPS
> There are 4 configuration parameters that has to be exposed for LDAPS/TLS :
>  - list of enabled ciphers (exposed in the LDAP/LDAPS page)
>  - list of enabled protocols (tpo be added)
>  - the needClientAuth flag
>  - the wantClientAuth flag
>
> I will add them under the "SSL/Start TLS Cipher Suites" bar (and rename
> this bar to "SSL/StartTLS advanced parameters".
>
>
>
> Note that in the new config, we do have a TcpTransportBean and a
> UdpTransportBean, TcpTransport is now an abstractClass (although it
> carries all the parameters, the two other classes are just for clarity).
>
> Doing those changes is not that complex, testing them might be. I'm
> currently working on Stefan's Tycho branch.
>
> Thanks !
>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message