You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2014/10/23 23:08:24 UTC
git commit: Add switch to turn on/off connection pool of slapd access
log connections
Repository: directory-fortress-core
Updated Branches:
refs/heads/master feb558975 -> 45a8ed9b3
Add switch to turn on/off connection pool of slapd access log connections
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/45a8ed9b
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/45a8ed9b
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/45a8ed9b
Branch: refs/heads/master
Commit: 45a8ed9b39cbf006a82bc1eb43ca464abd38575f
Parents: feb5589
Author: Shawn McKinney <sm...@apache.org>
Authored: Thu Oct 23 16:08:07 2014 -0500
Committer: Shawn McKinney <sm...@apache.org>
Committed: Thu Oct 23 16:08:07 2014 -0500
----------------------------------------------------------------------
.../core/ldap/ApacheDsDataProvider.java | 64 +++++++++++---------
1 file changed, 34 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/45a8ed9b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
index 38d36c0..15cf330 100644
--- a/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/apache/directory/fortress/core/ldap/ApacheDsDataProvider.java
@@ -167,10 +167,10 @@ public abstract class ApacheDsDataProvider
config.setLdapPort( port );
config.setName( Config.getProperty( LDAP_ADMIN_POOL_UID, "" ) );
- // added by smckinney for TLS/SSL config:
config.setUseSsl( IS_SSL );
//config.setTrustManagers( new NoVerificationTrustManager() );
+ // validate certificates but allow self-signed certs if within this truststore:
config.setTrustManagers( new LdapClientTrustStoreManager(
TRUST_STORE,
TRUST_STORE_PW.toCharArray() , null, true ) );
@@ -226,37 +226,41 @@ public abstract class ApacheDsDataProvider
userPool.setMaxActive( max );
userPool.setMinIdle( min );
- // Create the Log pool
- // TODO: Initializing the log pool in static block requires static props set within fortress.properties.
- // To make this dynamic requires moving this code outside of static block AND storing the connection metadata inside fortress config node (in ldap).
- LdapConnectionConfig logConfig = new LdapConnectionConfig();
- logConfig.setLdapHost( host );
- logConfig.setLdapPort( port );
- logConfig.setName( Config.getProperty( LDAP_ADMIN_POOL_UID, "" ) );
-
- // added by smckinney for TLS/SSL config:
- logConfig.setUseSsl( IS_SSL );
- logConfig.setTrustManagers( new LdapClientTrustStoreManager(
- TRUST_STORE,
- TRUST_STORE_PW.toCharArray() , null, true ) );
-
- logConfig.setName( Config.getProperty( LDAP_LOG_POOL_UID, "" ) );
- String logPw;
- if ( EncryptUtil.isEnabled() )
- {
- logPw = EncryptUtil.decrypt( Config.getProperty( LDAP_ADMIN_POOL_PW ) );
- }
- else
+ // This pool of access log connections is used by {@link org.apache.directory.fortress.AuditMgr}.
+ // To enable, set {@code log.admin.user} && {@code log.admin.pw} inside fortress.properties file:
+ if(VUtil.isNotNullOrEmpty( LDAP_LOG_POOL_UID ) && VUtil.isNotNullOrEmpty( LDAP_LOG_POOL_PW ))
{
- logPw = Config.getProperty( LDAP_LOG_POOL_PW );
+ // TODO: Initializing the log pool in static block requires static props set within fortress.properties.
+ // To make this dynamic requires moving this code outside of static block AND storing the connection metadata inside fortress config node (in ldap).
+ LdapConnectionConfig logConfig = new LdapConnectionConfig();
+ logConfig.setLdapHost( host );
+ logConfig.setLdapPort( port );
+ logConfig.setName( Config.getProperty( LDAP_ADMIN_POOL_UID, "" ) );
+
+ logConfig.setUseSsl( IS_SSL );
+ // validate certificates but allow self-signed certs if within this truststore:
+ logConfig.setTrustManagers( new LdapClientTrustStoreManager(
+ TRUST_STORE,
+ TRUST_STORE_PW.toCharArray() , null, true ) );
+
+ logConfig.setName( Config.getProperty( LDAP_LOG_POOL_UID, "" ) );
+ String logPw;
+ if ( EncryptUtil.isEnabled() )
+ {
+ logPw = EncryptUtil.decrypt( Config.getProperty( LDAP_LOG_POOL_PW ) );
+ }
+ else
+ {
+ logPw = Config.getProperty( LDAP_LOG_POOL_PW );
+ }
+ logConfig.setCredentials( logPw );
+ factory = new PoolableLdapConnectionFactory( logConfig );
+ logPool = new LdapConnectionPool( factory );
+ logPool.setTestOnBorrow( true );
+ logPool.setWhenExhaustedAction( GenericObjectPool.WHEN_EXHAUSTED_GROW );
+ logPool.setMaxActive( logmax );
+ logPool.setMinIdle( logmin );
}
- logConfig.setCredentials( logPw );
- factory = new PoolableLdapConnectionFactory( logConfig );
- logPool = new LdapConnectionPool( factory );
- logPool.setTestOnBorrow( true );
- logPool.setWhenExhaustedAction( GenericObjectPool.WHEN_EXHAUSTED_GROW );
- logPool.setMaxActive( logmax );
- logPool.setMinIdle( logmin );
}