You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by "quantranhong1999 (via GitHub)" <gi...@apache.org> on 2023/04/24 08:59:18 UTC
[GitHub] [james-project] quantranhong1999 commented on a diff in pull request #1536: JAMES-3904 Support LDAPS
quantranhong1999 commented on code in PR #1536:
URL: https://github.com/apache/james-project/pull/1536#discussion_r1174980105
##########
server/apps/distributed-app/docs/modules/ROOT/pages/configure/usersrepository.adoc:
##########
@@ -62,4 +62,14 @@ Example:
....
<repository name="LocalUsers" class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository" ldapHost="ldap://myldapserver:389"
principal="uid=ldapUser,ou=system" credentials="password" userBase="ou=People,o=myorg.com,ou=system" userIdAttribute="uid"/>;
-....
\ No newline at end of file
+....
+
+SSL can be enabled by using `ldaps` scheme. `trustAllCerts` option can be used to trust all LDAP client certificates.
+
+Example:
+
+....
+<repository name="LocalUsers" class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository" ldapHost="ldaps://myldapserver:389"
Review Comment:
Shouldn't the SSL port of LDAP be 636?
##########
server/data/data-ldap/src/test/java/org/apache/james/user/ldap/LdapGenericContainer.java:
##########
@@ -121,4 +121,11 @@ public String getLdapHost() {
":" +
LdapGenericContainer.DEFAULT_LDAP_PORT;
}
+
+ public String getLdapsHost() {
+ return "ldaps://" +
+ container.getContainerIp() +
+ ":" +
+ LdapGenericContainer.DEFAULT_LDAP_PORT;
Review Comment:
LDAP_SSL_PORT 636?
##########
src/site/xdoc/server/config-users.xml:
##########
@@ -97,6 +97,16 @@
<repository name="LocalUsers" class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository" ldapHost="ldap://myldapserver:389"
principal="uid=ldapUser,ou=system" credentials="password" userBase="ou=People,o=myorg.com,ou=system" userIdAttribute="uid"/></source>
+
+ <p>SSL can be enabled by using <code>ldaps</code> scheme. <code>trustAllCerts</code> option can be used to trust all LDAP client certificates.</p>
+
+ Example:
+
+ <source>
+ <repository name="LocalUsers" class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository" ldapHost="ldaps://myldapserver:389"
Review Comment:
```suggestion
<repository name="LocalUsers" class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository" ldapHost="ldaps://myldapserver:636"
```
##########
server/apps/distributed-app/docs/modules/ROOT/pages/configure/usersrepository.adoc:
##########
@@ -62,4 +62,14 @@ Example:
....
<repository name="LocalUsers" class="org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository" ldapHost="ldap://myldapserver:389"
principal="uid=ldapUser,ou=system" credentials="password" userBase="ou=People,o=myorg.com,ou=system" userIdAttribute="uid"/>;
-....
\ No newline at end of file
+....
+
+SSL can be enabled by using `ldaps` scheme. `trustAllCerts` option can be used to trust all LDAP client certificates.
Review Comment:
Notate default value `false` for `trustAllCerts`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org