directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Ibbeken" <Michael_Ibbe...@avid.com>
Subject RE: Using Ldaps With Apacheds 1.5.5
Date Thu, 18 Dec 2008 13:13:01 GMT
We had the same problem and worked around it by
using our own ldapserver class to set up the certificates
the way we need them and use them for ssl configuration.

Overwriting the keys for uid=admin,ou=system did not work out
as expected so that we had to use our own ldapserver class.


-----Original Message-----
From: Emmanuel Lecharny [mailto:elecharny@gmail.com] 
Sent: Donnerstag, 18. Dezember 2008 13:51
To: users@directory.apache.org
Subject: Re: Using Ldaps With Apacheds 1.5.5

Stefan Zoerner wrote:
> Hi William,
>
> William Wilkins wrote:
>> I am attempting to enabled ldaps using the apacheds 1.5.5 revision 
>> 725332. I am unsure of where to specify the external keystore file I 
>> would like to use for secure authentication. The 1.0 branch used 
>> spring with the MutableServerConfuration bean but I cannot find where 
>> that should be set in the 1.5 branch. The apacheds server seems to 
>> have a TlsKeyGenerator now but it does not seem to be configurable 
>> outside of the source code.
>
> In 1.5, ApacheDS creates a Key Pair when it starts the first time, and 
> stores it in the DIT.
>
> To be more concrete the keys are stored in the entry uid=admin,ou=system
>
> It is possible to change the values, but unfortunatly, there is no 
> tooling to support you here.
You can use Studio to do that, as it's a standard attribute. But I think 
we need a specific tool for certificates.
>
>> Does apacheds only support its own keypair sets now? If no where do I 
>> specify my own keystore files? If yes do I have to edit the source to 
>> adjust the key generator parameters or is there an xbean adjustment 
>> for them?
>
> Currently, I assume yes. Does anybody know it better on the list?
I have to check internally.

-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message