You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2018/07/12 18:18:09 UTC
directory-fortress-core git commit: a bit more clarifications /
cleanup
Repository: directory-fortress-core
Updated Branches:
refs/heads/master 089bfdf7e -> 59f5b3be0
a bit more clarifications / cleanup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/59f5b3be
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/59f5b3be
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/59f5b3be
Branch: refs/heads/master
Commit: 59f5b3be01503a94ddaf5d2c20ccefb7002b5487
Parents: 089bfdf
Author: Shawn McKinney <sm...@apache.org>
Authored: Thu Jul 12 13:18:07 2018 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Thu Jul 12 13:18:07 2018 -0500
----------------------------------------------------------------------
README-PROPERTIES.md | 5 ++--
build.properties.example | 1 -
slapd.properties.example | 68 +++++++++++++++++++++----------------------
3 files changed, 36 insertions(+), 38 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/59f5b3be/README-PROPERTIES.md
----------------------------------------------------------------------
diff --git a/README-PROPERTIES.md b/README-PROPERTIES.md
index 93eb587..4b82ab3 100644
--- a/README-PROPERTIES.md
+++ b/README-PROPERTIES.md
@@ -110,10 +110,9 @@ This section describes the properties needed to control fortress core.
trust.store.onclasspath=false
trust.store=/fully/qualified/path/and/file/name/to/java/mytruststorename
```
-
+
* Question: Should I access my truststore from classpath or as fully qualified?
- * Answer: It's usually best find on classpath, that way it can be bundled inside the impl's jar or war files.
- * Except, when using SSL in processes where JDBC also is using SSL. Due to limitations in how JDBC works, must specify as fully-qualified name.
+ * Answer: If using for REST/HTTPS or JDBC/SSL - yes, otherwise your option (classpath=true only works with LDAPS).
7. To use REST instead of LDAP. Points to fortress-rest instance.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/59f5b3be/build.properties.example
----------------------------------------------------------------------
diff --git a/build.properties.example b/build.properties.example
index 6edd45f..b0ae677 100644
--- a/build.properties.example
+++ b/build.properties.example
@@ -102,7 +102,6 @@ userous.dn=ou=OS-U,ou=ARBAC,${suffix}
permous.dn=ou=OS-P,ou=ARBAC,${suffix}
adminroles.dn=ou=AdminRoles,ou=ARBAC,${suffix}
adminperms.dn=ou=AdminPerms,ou=ARBAC,${suffix}
-audits.dn=cn=log
groups.dn=ou=Groups,${suffix}
# This specifies the number of default LDAP connections to maintain in the pool:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/59f5b3be/slapd.properties.example
----------------------------------------------------------------------
diff --git a/slapd.properties.example b/slapd.properties.example
index c139034..dde90a3 100644
--- a/slapd.properties.example
+++ b/slapd.properties.example
@@ -54,7 +54,7 @@ suffix=dc=${suffix.name},dc=${suffix.dc}
root.dn=cn=Manager,${suffix}
# Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command:
-root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
+#root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
cfg.root.pw=secret
########################################################################
@@ -105,6 +105,37 @@ log.ops=logops bind writes compare
#tls.cert.file=server-cert.pem
#tls.key.file=server-key.pem
+########################################################################
+# 3. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
+########################################################################
+
+# The following optional HTTP parameters are needed when Fortress core client-side communicates though fortress-rest HTTP proxy (rather than LDAP) server:
+# Thr nav URL to fortress-rest impl: uri = httpProtocol + "://" + httpHost + ":" + httpPort + "/" + "fortress-rest-" + version; + "/";:
+# version is set as system property, i.e. -Dversion=2.0.1
+# Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false':
+# Use interface over REST/HTTP? Default is false (use LDAPv3)
+#enable.mgr.impl.rest=true
+
+# This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml:
+#http.user=demouser4
+#http.pw=password
+#http.host=localhost
+#http.port=8080
+#http.protocol=http
+# For TLs connections:
+#http.port=8443
+#http.protocol=https
+
+########################################################################
+# 4. RFC2307 OBJECT CLASS DEFINITIONS
+########################################################################
+# Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
+rfc2307=false
+
+########################################################################
+# 5. BEGIN OPENLDAP SERVER INSTALLATION SETUP: (Ignore if not calling the 'init-slapd' target to automatically install Symas OpenLDAP packages:
+####################################################################################
+
# OpenLDAP MDB Backend config is default setting for Fortress::
db.type=mdb
dflt.rdrs=maxreaders 64
@@ -135,10 +166,6 @@ dflt.dbnosynch=dbnosync
log.checkpoint=checkpoint 64 5
dflt.checkpoint=checkpoint 64 5
-###########################################################################################
-# 3. BEGIN SYMAS-OPENLDAP INSTALL CONFIGURATION SECTION:
-###########################################################################################
-
# Each of the options are used for a particular Symas-OpenLDAP platform.Debian 64-bit Silver:
#Debian 64-bit Silver:
@@ -159,7 +186,7 @@ slapd.start=${openldap.root}/etc/solserver start -f ${openldap.root}/etc/openlda
#slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
########################################################################
-# 4. RBAC ACCELERATOR OVERLAY PROPS
+# 6. RBAC ACCELERATOR OVERLAY PROPS
########################################################################
rbac.accelerator=false
@@ -173,31 +200,4 @@ db.sess.dir=${db.root}/rbacsess
db.audit.dir=${db.root}/rbacaudit
db.rbac.dir=${db.root}/rbacoverlay
db.bak.audit.dir=${db.root}/backup/rbacaudit
-db.bak.sess.dir=${db.root}/backup/rbacsess
-
-########################################################################
-# 5. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
-########################################################################
-
-# The following optional HTTP parameters are needed when Fortress core client-side communicates though fortress-rest HTTP proxy (rather than LDAP) server:
-# Thr nav URL to fortress-rest impl: uri = httpProtocol + "://" + httpHost + ":" + httpPort + "/" + "fortress-rest-" + version; + "/";:
-# version is set as system property, i.e. -Dversion=2.0.1
-# Setting the enable.mgr.impl.rest to 'true' sets Fortress instance to use HTTP services rather than LDAPv3 protocol. Default value is 'false':
-# Use interface over REST/HTTP? Default is false (use LDAPv3)
-#enable.mgr.impl.rest=true
-
-# This user account is added automatically during deployment of fortress-rest via -Dload.file=./src/main/resources/FortressRestServerPolicy.xml:
-#http.user=demouser4
-#http.pw=password
-#http.host=localhost
-#http.port=8080
-#http.protocol=http
-# For TLs connections:
-#http.port=8443
-#http.protocol=https
-
-########################################################################
-# 6. RFC2307 OBJECT CLASS DEFINITIONS
-########################################################################
-# Boolean value. If true, requires rfc2307bis schema because posixUser and posixGroup must be auxiliary object classes to work with ftRls which is structural..
-rfc2307=false
+db.bak.sess.dir=${db.root}/backup/rbacsess
\ No newline at end of file