Versions Compared

Old Version 4

changes.mady.by.user Christine Koppelt

Saved on

compared with

New Version 5

changes.mady.by.user Emmanuel Lécharny

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

Environment parameters

Those parameters are loaded in the org.apache.directory.server.Service.java class, when the server is started, in the init method :

Code Block
java
java
Code Block
xmlxml

  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="properties">
      <props>public void init( InstallationLayout install, String[] args ) throws Exception
    {
    <!-- JNDI security properties used...

 to get initial contexts.    if ( install != null -->)
        <prop key="java.naming.security.authentication">simple</prop>
{
            <prop key="java.naming.security.principal">uid=admin,ou=system</prop>log.info( "server: loading settings from ", install.getConfigurationFile() );
        <prop key="java.naming.security.credentials">secret</prop>    ...
        <!-- 
   env = ( Properties ) <prop key="java.naming.ldap.attributes.binary"></prop>factory.getBean( "environment" );
        -->
      </props>
    </property>
  </bean>

Parameter

Default value

Description 

...

They are used everywhere in the server.
The "environment" bean is read from the Spring configuration file, server.xml, shown below :

Code Block
xml
xml

<bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
    <property name="properties">
      <props>
        <!-- JNDI security properties used to get initial contexts.         -->
        <prop key="java.naming.security.authentication">simple</prop>
        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
        <prop key="java.naming.security.credentials">secret</prop>
        <!--
        <prop key="java.naming.ldap.attributes.binary"></prop>
        -->
      </props>
    </property>
  </bean>
Note

The bean name ("environement") may be renamed to something more explicit, like "serverEnvironment", IMHO

Parameter

Default value

Description

Comment

java.naming.security.authentication

simple

The kind of authentication used for the admin.

Shouldn't it be SASL now ?

java.naming.security.principal

uid=admin,ou=system

The admin DN

Can be changed to another DN

java.naming.security.credentials

secret

The principal password

must be changed at startup!!!

java.naming.ldap.attributes.binary

empty

The list of binary attributes

In LDAP, only a few AT are declared as binary.
This is were we should describe the other ones

Note

The admin password should be changed when the server is started. A good thing would be that the server cannot start if this password is kept as is.

Protocol providers

Parameters common to all protocol providers

...

LDAP-Specific Configuration Parameters

Code Block
xml
xml
  <bean id="ldapConfiguration" class="org.apache.directory.server.ldap.LdapConfiguration">
    <!-- The port to run the LDAP protocol on.                              -->
    <property name="ipPort" value="389" />
    <!-- Whether to allow anonymous access.                                 -->
    <property name="allowAnonymousAccess" value="false" />
    
    <!-- The list of supported authentication mechanisms.                   -->
    <property name="supportedMechanisms">
      <list>
        <value>SIMPLE</value>
        <value>CRAM-MD5</value>
        <value>DIGEST-MD5</value>
        <value>GSSAPI</value>
      </list>
    </property>
    
    <!-- The FQDN of this SASL host, validated during SASL negotiation.     -->
    <property name="saslHost" value="ldap.example.com" />
    
    <!-- The Kerberos principal name for this LDAP service, used by GSSAPI. -->
    <property name="saslPrincipal" value="ldap/ldap.example.com@EXAMPLE.COM" />
    
    <!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI.  -->
    <property name="saslQop">
      <list>
        <value>auth</value>
        <value>auth-int</value>
        <value>auth-conf</value>
      </list>
    </property>
    
    <!-- The realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. -->
    <property name="saslRealms">
      <list>
        <value>example.com</value>
        <value>apache.org</value>
      </list>
    </property>
    
    <!-- The base DN containing users that can be SASL authenticated.       -->
    <property name="searchBaseDn" value="ou=users,dc=example,dc=com" />
    
    <!-- SSL CONFIG CAN GO HERE-->
    
    <!-- limits searches by non-admin users to a max time of 15000          -->
    <!-- milliseconds and has a default value of 10000                      -->
    <property name="maxTimeLimit" value="15000" />
    <!-- limits searches to max size of 1000 entries: default value is 100  -->
    <property name="maxSizeLimit" value="1000" />
    <!-- the collection of extended operation handlers to install           -->
    <property name="extendedOperationHandlers">
      <list>
        <!--<bean class="org.apache.directory.server.ldap.support.starttls.StartTlsHandler"/>-->
        <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
        <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
      </list>
    </property>
  </bean>

...

Kerberos-Specific Configuration Parameters

Code Block
xml
xml
  <bean id="kdcConfiguration" class="org.apache.directory.server.kerberos.kdc.KdcConfiguration">
    <!-- Whether to enable the Kerberos protocol.                           -->
    <property name="enabled" value="false" />
    <!-- The port to run the Kerberos protocol on.                          -->
    <property name="ipPort" value="88" />
  </bean>

...

Change Password-Specific Configuration Parameters

Code Block
xml
xml
  <bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration">
    <!-- Whether to enable the Change Password protocol.                    -->
    <property name="enabled" value="false" />
    <!-- The port to run the Change Password protocol on.                   -->
    <property name="ipPort" value="464" />
  </bean>

...

Replication

Code Block
xml
xml
        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
          <property name="name" value="replicationService" />
          <property name="interceptor">
            <bean class="org.apache.directory.mitosis.service.ReplicationService">
              <property name="configuration">
                <bean class="org.apache.directory.mitosis.configuration.ReplicationConfiguration">
                  <property name="replicaId">
                    <bean class="org.apache.directory.mitosis.common.ReplicaId">
                      <constructor-arg>
                        <value>instance_a</value>
                      </constructor-arg>
                    </bean>
                  </property>
                  <property name="serverPort" value="10390" />
                  <property name="peerReplicas" value="instance_b@localhost:10392" />
                </bean>
              </property>
            </bean>
          </property>
        </bean>

...