...
Table of Contents |
---|
Environment parameters
Those parameters are loaded in the org.apache.directory.server.Service.java class, when the server is started, in the init method :
Code Block | ||||
---|---|---|---|---|
| ||||
Code Block | ||||
xml | xml | <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="properties"> <props>public void init( InstallationLayout install, String[] args ) throws Exception { <!-- JNDI security properties used... to get initial contexts. if ( install != null -->) <prop key="java.naming.security.authentication">simple</prop> { <prop key="java.naming.security.principal">uid=admin,ou=system</prop>log.info( "server: loading settings from ", install.getConfigurationFile() ); <prop key="java.naming.security.credentials">secret</prop> ... <!-- env = ( Properties ) <prop key="java.naming.ldap.attributes.binary"></prop>factory.getBean( "environment" ); --> </props> </property> </bean> |
Parameter | Default value | Description |
---|
...
|
They are used everywhere in the server.
The "environment" bean is read from the Spring configuration file, server.xml, shown below :
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="properties">
<props>
<!-- JNDI security properties used to get initial contexts. -->
<prop key="java.naming.security.authentication">simple</prop>
<prop key="java.naming.security.principal">uid=admin,ou=system</prop>
<prop key="java.naming.security.credentials">secret</prop>
<!--
<prop key="java.naming.ldap.attributes.binary"></prop>
-->
</props>
</property>
</bean>
|
Note |
---|
The bean name ("environement") may be renamed to something more explicit, like "serverEnvironment", IMHO |
Parameter | Default value | Description | Comment |
---|---|---|---|
java.naming.security.authentication | simple | The kind of authentication used for the admin. | Shouldn't it be SASL now ? |
java.naming.security.principal | uid=admin,ou=system | The admin DN | Can be changed to another DN |
java.naming.security.credentials | secret | The principal password | must be changed at startup!!! |
java.naming.ldap.attributes.binary | empty | The list of binary attributes | In LDAP, only a few AT are declared as binary. |
Note |
---|
The admin password should be changed when the server is started. A good thing would be that the server cannot start if this password is kept as is. |
Protocol providers
Parameters common to all protocol providers
...
LDAP-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="ldapConfiguration" class="org.apache.directory.server.ldap.LdapConfiguration"> <!-- The port to run the LDAP protocol on. --> <property name="ipPort" value="389" /> <!-- Whether to allow anonymous access. --> <property name="allowAnonymousAccess" value="false" /> <!-- The list of supported authentication mechanisms. --> <property name="supportedMechanisms"> <list> <value>SIMPLE</value> <value>CRAM-MD5</value> <value>DIGEST-MD5</value> <value>GSSAPI</value> </list> </property> <!-- The FQDN of this SASL host, validated during SASL negotiation. --> <property name="saslHost" value="ldap.example.com" /> <!-- The Kerberos principal name for this LDAP service, used by GSSAPI. --> <property name="saslPrincipal" value="ldap/ldap.example.com@EXAMPLE.COM" /> <!-- The desired quality-of-protection, used by DIGEST-MD5 and GSSAPI. --> <property name="saslQop"> <list> <value>auth</value> <value>auth-int</value> <value>auth-conf</value> </list> </property> <!-- The realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. --> <property name="saslRealms"> <list> <value>example.com</value> <value>apache.org</value> </list> </property> <!-- The base DN containing users that can be SASL authenticated. --> <property name="searchBaseDn" value="ou=users,dc=example,dc=com" /> <!-- SSL CONFIG CAN GO HERE--> <!-- limits searches by non-admin users to a max time of 15000 --> <!-- milliseconds and has a default value of 10000 --> <property name="maxTimeLimit" value="15000" /> <!-- limits searches to max size of 1000 entries: default value is 100 --> <property name="maxSizeLimit" value="1000" /> <!-- the collection of extended operation handlers to install --> <property name="extendedOperationHandlers"> <list> <!--<bean class="org.apache.directory.server.ldap.support.starttls.StartTlsHandler"/>--> <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/> <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/> </list> </property> </bean> |
...
Kerberos-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="kdcConfiguration" class="org.apache.directory.server.kerberos.kdc.KdcConfiguration">
<!-- Whether to enable the Kerberos protocol. -->
<property name="enabled" value="false" />
<!-- The port to run the Kerberos protocol on. -->
<property name="ipPort" value="88" />
</bean>
|
...
Change Password-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration">
<!-- Whether to enable the Change Password protocol. -->
<property name="enabled" value="false" />
<!-- The port to run the Change Password protocol on. -->
<property name="ipPort" value="464" />
</bean>
|
...
Replication
Code Block | ||||
---|---|---|---|---|
| ||||
<bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
<property name="name" value="replicationService" />
<property name="interceptor">
<bean class="org.apache.directory.mitosis.service.ReplicationService">
<property name="configuration">
<bean class="org.apache.directory.mitosis.configuration.ReplicationConfiguration">
<property name="replicaId">
<bean class="org.apache.directory.mitosis.common.ReplicaId">
<constructor-arg>
<value>instance_a</value>
</constructor-arg>
</bean>
</property>
<property name="serverPort" value="10390" />
<property name="peerReplicas" value="instance_b@localhost:10392" />
</bean>
</property>
</bean>
</property>
</bean>
|
...