geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sakari Maaranen (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3812) Geronimo 2.0.2 misses ApacheDS (LDAP) function
Date Wed, 06 Feb 2008 14:15:08 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566134#action_12566134
] 

Sakari Maaranen commented on GERONIMO-3812:
-------------------------------------------

I solved the problem that was caused by missing configuration of trusted certificate authorities
with the LDAP security realm.

First, using Geronimo keystore tools, I created a new keystore and a private key in it. I
signed it using Geronimo CA. Lastly I added my Geronimo CA certificate as a trusted certificate
in the same keystore. I copied that keystore to ApacheDS and configured LDAPS with that.

The "original" copy of the same keystore still remains in the Geronimo var/security/keystores/
directory.

Before starting Geronimo I did the following:
JAVA_OPTS="-Djavax.net.ssl.trustStore=<geronimo-home>/var/security/keystores/<keystore-filename>
-Djavax.net.ssl.trustStorePassword=<password>"
export JAVA_OPTS
cd <geronimo-home>
bin/geronimo.sh start

Now I have fully configured ApacheDS 1.0.2 standalone LDAPS with Geronimo 2.0.2.

Not sure if using JAVA_OPTS is the best place for this configuration though. Geronimo should
have way of setting the trusted certificate authorities keystore from the web console.

> Geronimo 2.0.2 misses ApacheDS (LDAP) function
> ----------------------------------------------
>
>                 Key: GERONIMO-3812
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3812
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: documentation, Plugins
>    Affects Versions: 2.0.2
>         Environment: Debian Linux, java version "1.5.0_14", geronimo-tomcat6-jee5-2.0.2
>            Reporter: Sakari Maaranen
>
> Geronimo documentation at http://cwiki.apache.org/GMOxDOC20/ldap-sample-application.html
talks about org.apache.geronimo.configs/directory in system modules, but that does not exist
in Geronimo 2.0.2.
> There is also a reference to Geronimo plugins. However, when I go to Plugins in the Geronimo
console and search the geronimo-2.0.2 reposityory there is nothing related to ApacheDS or
Directory. Like if the ApacheDS function was completely missing.
> The ApacheDS plugin should be added to the 2.0.2 plugin repository. The documentation
should be updated to give the steps how to install ApacheDS with or without the plugin. The
LDAP demo is useless if ApacheDS is unavailable.
> I found this much earlier discussion on the topic:
> http://www.mail-archive.com/dev@geronimo.apache.org/msg52749.html
> http://www.mail-archive.com/dev@geronimo.apache.org/msg55148.html
> Frankly, I don't think that the forward compatibility is so much an issue, but 2.0.2
completely lacking LDAP server. Would be better have it, even without forward compatibility.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message