directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <seelm...@apache.org>
Subject Re: [ApacheDS] 1.5.x Configuration
Date Mon, 26 Oct 2009 22:11:49 GMT
Hi Beat,

comments inline...

Beat Burgener | NetSuccess GmbH schrieb:

> -------------------------------------------------------------------------------------
> In ApacheDS 1.0.2,  apacheDS was started using a binary file, in 1.5.5
> it is a
> script ...
> 
> For the binary, I could supply: "/apacheDS/bin/apacheds  -user $DS_USER "
> 
> How could this be achieved with the script / direct java call? Should I
> do a "su -"? This would lead to the problem with the default ports <1023
> ...
> This worked out with 1.0.2, the ports used where the default ones below
> 1023
> and the java process was running as desired user ...

Are you using the 'zip/tar.gz' package?
We provide multiple native packages (deb, rpm, deb, bin). At least the
deb package creates an user 'apacheds' and the /etc/init.d/apacheds
start script runs the server as that user. Please try one of them (or
extract the binary).

> -------------------------------------------------------------------------------------
> Further, I would like to use our self-signed and later "trusted" SSL
> certificate for
> the SSL communication, but the web page doc and the current config are
> different:
> 
> From the web page:
> 
>  <ldapService id="ldapsService"
>              enabled="true"
>              tcpPort="10636"
>              enableLdaps="true"
>              nbTcpThreads="8"
>              keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks"
>              certificatePassword="secret">
>    <directoryService>#directoryService</directoryService>
>  </ldapService>
> 
> 
> From what I see in our config:
> 
> <ldapServer id="ldapServer"
>            allowAnonymousAccess="false"
>            saslHost="ldap.netsuccess.ch"
>            saslPrincipal="ldap/ldap@netsuccess.ch"
>            searchBaseDn="ou=users,ou=system"
>            maxTimeLimit="15000"
>            maxSizeLimit="1000">
>    <transports>
>      <tcpTransport address="0.0.0.0" port="389" nbThreads="8"
> backLog="50" enableSSL="false"/>
>      <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/>
>    </transports>
> 
>    <directoryService>#directoryService</directoryService>
> 
>  </ldapServer>
> 
> 
> This appears quiet different, as some of the attributes in the sample
> config ended up in the <tcpTransport>
> definition ... where should the keystore definition go?

Yes. this has been changed from 1.5.4 to 1.5.5. The right place should
be the 'ldapServer element':

<ldapServer id="ldapServer"
           keystoreFile="..."
           certificatePassword="secret"
           allowAnonymousAccess="false"
           saslHost="ldap.netsuccess.ch"
           saslPrincipal="ldap/ldap@netsuccess.ch"
           searchBaseDn="ou=users,ou=system"
           maxTimeLimit="15000"
           maxSizeLimit="1000">

> -------------------------------------------------------------------------------------
> Also, on the same page, the admin password change is described ...
> Changing the password within LDAP is OK, but where should I put it in
> the config?

Please, forget about that page.

Just use Studio, navigate to the 'uid=admin,ou=system' entry and edit
the 'userPassword' attribute.

> Sorry to ask again for help, but I'm a little bit stuck here ... and to
> search the needle in the
> hew pile, I unfortunately couldn't find time.

No problem, we have to apologize that the documentation is not
up-to-date. However time is also our bottleneck, we just haven't enough
time ;-). If you will find some time sometime you are invited to spend
your time - for the ApacheDS project :-)

Kind Regards,
Stefan



Mime
View raw message