You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2016/03/20 03:15:24 UTC
[14/50] incubator-guacamole-manual git commit: GUAC-1166: Document
new ldap-encryption-method property.
GUAC-1166: Document new ldap-encryption-method property.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/commit/25852ccc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/tree/25852ccc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/diff/25852ccc
Branch: refs/heads/master
Commit: 25852cccdee323cdcd3ca18979f78b2688a9b5e1
Parents: f0954c4
Author: Michael Jumper <mi...@guac-dev.org>
Authored: Wed Dec 9 12:58:03 2015 -0800
Committer: Michael Jumper <mi...@guac-dev.org>
Committed: Wed Dec 9 12:59:31 2015 -0800
----------------------------------------------------------------------
src/chapters/ldap-auth.xml | 34 ++++++++++++++++++++++++++++++----
1 file changed, 30 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/blob/25852ccc/src/chapters/ldap-auth.xml
----------------------------------------------------------------------
diff --git a/src/chapters/ldap-auth.xml b/src/chapters/ldap-auth.xml
index b19bf50..3721cbc 100644
--- a/src/chapters/ldap-auth.xml
+++ b/src/chapters/ldap-auth.xml
@@ -247,10 +247,36 @@ dn: cn={4}guacConfigGroup,cn=schema,cn=config
<varlistentry>
<term><property>ldap-port</property></term>
<listitem>
- <para>The port your LDAP server listens on. If omitted, the standard LDAP
- port of 389 will be used. Unless you manually configured your LDAP
- server to do otherwise, your LDAP server probably listens on port
- 389.</para>
+ <para>The port your LDAP server listens on. If omitted, the standard LDAP or
+ LDAPS port will be used, depending on the encryption method specified
+ with <property>ldap-encryption-method</property> (if any). Unencrypted
+ LDAP uses the standard port of 389, while LDAPS uses port 636. Unless
+ you manually configured your LDAP server to do otherwise, your LDAP
+ server probably listens on port 389.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term><property>ldap-encryption-method</property></term>
+ <listitem>
+ <para>The encryption mechanism that Guacamole should use when communicating
+ with your LDAP server. Legal values are "none" for unencrypted LDAP,
+ "ssl" for LDAP over SSL/TLS (commonly known as LDAPS), or "starttls" for
+ STARTTLS. If omitted, encryption will not be used.</para>
+ <para>If you do use encryption when connecting to your LDAP server, you will
+ need to ensure that its certificate chain can be verified using the
+ certificates in Java's trust store, often referred to as
+ <filename>cacerts</filename>. If this is not the case, you will need
+ to use Java's <command>keytool</command> utility to either add the
+ necessary certificates or to create a new trust store containing those
+ certificates.</para>
+ <para>If you will be using your own trust store and not the default
+ <filename>cacerts</filename>, you will need to specify the full path
+ to that trust store using the system property
+ <property>javax.net.ssl.trustStore</property>. Note that this is a
+ system property and <emphasis>not</emphasis> a Guacamole property; it
+ must be specified when starting the JVM using the <option>-D</option>
+ option. Your servlet container will provide some means of specifying
+ startup options for the JVM.</para>
</listitem>
</varlistentry>
<varlistentry>