You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2017/07/16 19:17:42 UTC

directory-fortress-enmasse git commit: add a section to README to describe props

Repository: directory-fortress-enmasse
Updated Branches:
  refs/heads/master c6b389e0c -> e12de394b


add a section to README to describe props


Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/commit/e12de394
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/tree/e12de394
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/diff/e12de394

Branch: refs/heads/master
Commit: e12de394b07bf88df071ac6de335c9f86f060c2b
Parents: c6b389e
Author: Shawn McKinney <sm...@apache.org>
Authored: Sun Jul 16 14:17:36 2017 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Sun Jul 16 14:17:36 2017 -0500

----------------------------------------------------------------------
 README.md                                      | 89 +++++++++++++++++++++
 src/main/resources/fortress.properties.example | 25 ++++--
 2 files changed, 107 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/e12de394/README.md
----------------------------------------------------------------------
diff --git a/README.md b/README.md
index de8a688..217018a 100644
--- a/README.md
+++ b/README.md
@@ -32,6 +32,7 @@
  * SECTION 5. Deploy to Tomcat Server.
  * SECTION 6. Unit Test.
  * SECTION 7. Alternate testing procedures.
+ * SECTION 8. Fortress rest properties
 
 ___________________________________________________________________________________
 ## Document Overview
@@ -244,4 +245,92 @@ To enable Fortress Core test client to route requests through Fortress Rest serv
  All operations should now route through Fortress Rest server.
 
 ___________________________________________________________________________________
+## SECTION 8. Fortress Rest properties
+
+This section describes the properties needed to control fortress web.
+
+1. LDAP Hostname coordinates.  The host name can be specified as a fully qualified domain name or IP address.
+
+ ```
+ # Host name and port of LDAP DIT:
+ host=localhost
+ port=10389
+ ```
+
+2. LDAP Server type.  Each LDAP server impl has different behavior on operations like password policies and audit.  If using a 3rd type of server that isn't formally supported, leave blank or type is other.
+
+ ```
+ # If ApacheDS server:
+ ldap.server.type=apacheds
+ ```
+
+ ```
+ # Else if OpenLDAP server:
+ ldap.server.type=slapd
+ ```
+
+ ```
+ # Else leave blank:
+ #ldap.server.type=other
+ ```
+
+3.  Set the credentials of service account.  Must have read/write privileges over the Fortress LDAP DIT:
+
+ ```
+ # If ApacheDS it will look something like this:
+ admin.user=uid=admin,ou=system
+ admin.pw=secret
+ ```
+
+ ```
+ # Else If OpenLDAP it will look something like this:
+ admin.user=cn=Manager,dc=example,dc=com
+ ```
+
+4. Define the number of LDAP connections to use in the pool  This setting will be proportional to the number of concurrent users but won't be one-to-one.  The number of required ldap connections will be much lower than concurrent users:
+
+ ```
+ # This is min/max settings for LDAP connections.  For testing and low-volume instances this will work:
+ min.admin.conn=1
+ max.admin.conn=10
+ ```
+
+5. Give coordinates to the Config node that contains all of the other Fortress properties.  This will match your LDAP's server's config node per Fortress Core setup.
+
+ ```
+ # This node contains fortress properties stored on behalf of connecting LDAP clients:
+ config.realm=DEFAULT
+ config.root=ou=Config,dc=example,dc=com
+ ```
+
+6. If using LDAPS.
+
+ ```
+ # Used for SSL Connection to LDAP Server:
+ enable.ldap.ssl=true
+ enable.ldap.ssl.debug=true
+ trust.store=/fully/qualified/path/and/file/name/to/java/truststore
+ trust.store.password=changeit
+ trust.store.set.prop=true
+ ```
+
+7. If using ApacheDS and setting password policies, point to the correction location.
+
+ ```
+ # ApacheDS stores its password policies objects here by default:
+ apacheds.pwpolicy.root=ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
+ ```
+
+12. Each instance of a fortress web can be scoped to one and only one tenant.  The default tenant is called HOME.
+
+ ```
+ # This is the default tenant or home context
+ contextId=HOME
+ ```
+
+ ```
+ # If you need to scope to a different tenant, supply its ID here:
+ contextId=mytenantid
+ ```
+___________________________________________________________________________________
 #### END OF README
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse/blob/e12de394/src/main/resources/fortress.properties.example
----------------------------------------------------------------------
diff --git a/src/main/resources/fortress.properties.example b/src/main/resources/fortress.properties.example
index ef88874..e804c8e 100644
--- a/src/main/resources/fortress.properties.example
+++ b/src/main/resources/fortress.properties.example
@@ -18,14 +18,27 @@
 #
 #
 
+# LDAP Server type.  Each LDAP server impl has different behavior on operations like password policies and audit.  If using a 3rd type of server that isn't formally supported, leave blank or type is other.
+# If ApacheDS server:
+ldap.server.type=apacheds
+# Else if OpenLDAP server:
+# ldap.server.type=slapd
+# Else leave blank:
+#ldap.server.type=other
+
 # Host name and port of LDAP DIT:
 host=localhost
 port=10389
 
-# These credentials are used for read/write access to all nodes under suffix:
+# Set the credentials of service account.  Must have read/write privileges over the Fortress LDAP DIT:
+# If ApacheDS it will look something like this:
 admin.user=uid=admin,ou=system
-# LDAP admin root pass is encrypted using 'encrypt' target in build.xml:
 admin.pw=secret
+# Else If OpenLDAP it will look something like this:
+# admin.user=cn=Manager,dc=example,dc=com
+
+# ApacheDS stores its password policies objects here by default:
+apacheds.pwpolicy.root=ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
 
 # This is min/max settings for LDAP administrator pool connections that have read/write access to all nodes under suffix:
 min.admin.conn=1
@@ -49,10 +62,8 @@ debug.ldap.pool=true
 enable.pool.reconnect=true
 
 ehcache.config.file=ehcache.xml
-role1=admin
-role2=role1
+#role1=admin
+#role2=role1
 
 # If for any reason echcache must be DISABLED for DSD, make sure this parameter is set to 'true' which is the default.  Otherwise performance penalty will be incurred during multi-role activations.
-disable.dsd.cache=false
-
-
+disable.dsd.cache=false
\ No newline at end of file