directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Beat Burgener | NetSuccess GmbH <beat.burge...@netsuccess.ch>
Subject [ApacheDS] 1.5.x Configuration
Date Mon, 26 Oct 2009 11:44:18 GMT
Dear apacheDS fellows

I managed with the help of Stefan to transfer my data from ApacheDS 
1.0.2. to 1.5.5.

Now, there are a few things I would like to modify on the ApacheDS 1.5.5 
configuration,
where I didn't find sufficient guidance on the net ... okey, maybe I 
missed the relevant
resources ...

Anyway, what I would like to achieve is

- run ApacheDS as non-root user
- supply a custom SSL certificate
- change the admin passwort

-------------------------------------------------------------------------------------

In ApacheDS 1.0.2,  apacheDS was started using a binary file, in 1.5.5 
it is a
script ...

For the binary, I could supply: "/apacheDS/bin/apacheds  -user $DS_USER "

How could this be achieved with the script / direct java call? Should I
do a "su -"? This would lead to the problem with the default ports <1023 ...
This worked out with 1.0.2, the ports used where the default ones below 1023
and the java process was running as desired user ...

-------------------------------------------------------------------------------------

Further, I would like to use our self-signed and later "trusted" SSL 
certificate for
the SSL communication, but the web page doc and the current config are 
different:

 From the web page:

  <ldapService id="ldapsService"
              enabled="true"
              tcpPort="10636"
              enableLdaps="true"
              nbTcpThreads="8"
              keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks"
              certificatePassword="secret">
    <directoryService>#directoryService</directoryService>
  </ldapService>


 From what I see in our config:

<ldapServer id="ldapServer"
            allowAnonymousAccess="false"
            saslHost="ldap.netsuccess.ch"
            saslPrincipal="ldap/ldap@netsuccess.ch"
            searchBaseDn="ou=users,ou=system"
            maxTimeLimit="15000"
            maxSizeLimit="1000">
    <transports>
      <tcpTransport address="0.0.0.0" port="389" nbThreads="8" 
backLog="50" enableSSL="false"/>
      <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/>
    </transports>

    <directoryService>#directoryService</directoryService>

  </ldapServer>


This appears quiet different, as some of the attributes in the sample 
config ended up in the <tcpTransport>
definition ... where should the keystore definition go?


-------------------------------------------------------------------------------------

Also, on the same page, the admin password change is described ...
Changing the password within LDAP is OK, but where should I put it in 
the config?
Non of the specified "anchors" could be found where to put that:

<bean id="environment" 
      class="org.springframework.beans.factory.config.PropertiesFactoryBean">
  <property name="properties">
    <props>
      <prop key="java.naming.security.authentication">simple</prop>
      <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
      <prop key="java.naming.security.credentials">secret</prop>



Also, I could only find two occurrences of "secret", the default 
password, in the supplied
configuration file, which are related to the replication, which is 
disabled in my configuration.


Sorry to ask again for help, but I'm a little bit stuck here ... and to 
search the needle in the
hew pile, I unfortunately couldn't find time.

So if someone could point me in the right direction, I would highly 
appreciate that.

Best regards

Beat











Mime
View raw message