You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Pierre-Arnaud Marcelot <pa...@marcelot.net> on 2008/05/13 11:40:55 UTC
[Apache DS] Questions about Apache DS 1.5.2 server.xml file
Hi,
I'm updating the Studio's Apache DS Configuration plugin to be able to edit
Apache DS 1.5.2 server.xml file and I'm a little lost since the XBean move.
I have a few questions:
• Back in 1.5.1 (and 1.5.0), we had an "environment" bean where we could set
the admin DN and credentials, as well as a list of binary attributes. It's
not in the 1.5.2 server.xml file... Where has it gone ?
• In the 1.5.2 server.xml file, we have this 'ldapServer' bean
(id='ldapsServer') for the LDAPS configuration, in which we have two boolean
attributes: 'enabled' and 'ldapsEnabled'. When should I consider that LDAPS
is enabled? When both are set to true?
• It seems that each declared protocol must be referenced in the 'apacheDS'
bean. Am I right?
If yes, then if I want to enable the DNS server inside Apache DS, I'll need
to uncomment the 'dnsServer' bean, add an 'id' to it and reference it in the
'apacheDS' bean?
Thanks in advance,
Pierre-Arnaud
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Emmanuel Lecharny <el...@apache.org>.
Pierre-Arnaud Marcelot wrote:
> Hi Alex,
>
> Thanks for your answers. :)
>
> Should I consider opening a Jira for the situation we have with the
> LDAPS enablement?
>
> I also noticed that there are 3 occurences for 'AllowAnonymousAccess':
> 1 in the 'defaultDirectoryService' bean (set to 'true'), 1 in the
> 'ldapServer' bean (set to 'false') and 1 in the 'apacheDS' bean (set
> to 'false').
> Should I do the same thing? Consider it's set to 'true' when they're
> all at 'true'?
> Should I also open a Jira?
Yes, definitively.
Another thing is that we might want to have a general document gathering
alll the configuration, from the 'user' perspective. This is good to
have an 'external' vision, as the server's fellows just are too close to
the code to see how painfull the current config is. A fresh vision could
help !
So feel free to create as many JIRAs as necessary.
Thank !
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi Alex,
Thanks for your answers. :)
Should I consider opening a Jira for the situation we have with the LDAPS
enablement?
I also noticed that there are 3 occurences for 'AllowAnonymousAccess': 1 in
the 'defaultDirectoryService' bean (set to 'true'), 1 in the 'ldapServer'
bean (set to 'false') and 1 in the 'apacheDS' bean (set to 'false').
Should I do the same thing? Consider it's set to 'true' when they're all at
'true'?
Should I also open a Jira?
Thanks,
Pierre-Arnaud
On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu <ak...@apache.org> wrote:
> Hi Pierre,
>
> On Tue, May 13, 2008 at 5:40 AM, Pierre-Arnaud Marcelot <pa...@marcelot.net>
> wrote:
>
> > Hi,
> >
> > I'm updating the Studio's Apache DS Configuration plugin to be able to
> > edit Apache DS 1.5.2 server.xml file and I'm a little lost since the XBean
> > move.
> >
> > I have a few questions:
> >
> > • Back in 1.5.1 (and 1.5.0), we had an "environment" bean where we could
> > set the admin DN and credentials, as well as a list of binary attributes.
> > It's not in the 1.5.2 server.xml file... Where has it gone ?
> >
>
> It's gone forever thankfully. We no longer need to include the Admin
> principal DN and password in the server.xml file.
>
>
> >
> > • In the 1.5.2 server.xml file, we have this 'ldapServer' bean
> > (id='ldapsServer') for the LDAPS configuration, in which we have two boolean
> > attributes: 'enabled' and 'ldapsEnabled'. When should I consider that LDAPS
> > is enabled? When both are set to true?
>
>
> Ohh boy I hate that this is the case. It's just a mess in there with both
> these parameters. You're right though about your conclusion. Both must be
> true for the LDAPS capability to be enabled.
>
>
> >
> >
> > • It seems that each declared protocol must be referenced in the
> > 'apacheDS' bean. Am I right?
> > If yes, then if I want to enable the DNS server inside Apache DS, I'll
> > need to uncomment the 'dnsServer' bean, add an 'id' to it and reference it
> > in the 'apacheDS' bean?
> >
>
> Yep you're right.
>
> Thanks,
> Alex
>
>
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Alex Karasulu <ak...@apache.org>.
Hey Emmanuel,
On Thu, May 15, 2008 at 4:15 AM, Emmanuel Lecharny <el...@apache.org>
wrote:
> Pierre-Arnaud Marcelot wrote:
>
>> Hi again Alex,
>>
>> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu <akarasulu@apache.org<mailto:
>> akarasulu@apache.org>> wrote:
>>
>>
>> • It seems that each declared protocol must be referenced in
>> the 'apacheDS' bean. Am I right?
>> If yes, then if I want to enable the DNS server inside Apache
>> DS, I'll need to uncomment the 'dnsServer' bean, add an 'id'
>> to it and reference it in the 'apacheDS' bean?
>>
>>
>> Yep you're right.
>>
>>
>> Are you sure about that...?
>> Actually, I had a closer look to the ApacheDS class
>> (org.apache.directory.server.configuration.ApacheDS) and I've not seen any
>> dnsServer, kdcServer, changePasswordServer or ntpServer field. I don't see
>> how Spring could make any association...
>> How do I enable these protocols? Maybe by setting an 'enable' attribute
>> set to true to each protocol bean?
>>
> The problem since we "adopted" the xbean+Spring stuff is now pretty
> apparent. These two things gathered just plain sucks.
>
> We definitively have to step back a little, and come back to some srrious -
> although boring - solution. What we have is silly, painfull, error-prone,
> and make the users wondering if we are simply trying to have fun endorsing
> the latest funny buzz around there.
>
> <rant>
> I already ranted about this xbean+spring stuff, but now, I consider that
> was not rant. I was soft. This couple will just produce monsters, not
> babies... We must practice abortion asap, and keep the parent either
> separated or killed !!!
> </rant>
>
> Seriously, we can't keep this situation as is for 2.0.
I'd love to whip together the CiDIT stuff. Follows the same pattern that
OpenLDAP and FedoraDS folks are using with their back-config stuff. With
smart defaults and an LDIF based partition we could load the configuration
into the DIT. It's easy but labor intensive.
It's just a matter of time. Definitely something to consider.
Alex
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Emmanuel Lecharny <el...@apache.org>.
Pierre-Arnaud Marcelot wrote:
> Hi again Alex,
>
> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu <akarasulu@apache.org
> <ma...@apache.org>> wrote:
>
>
> • It seems that each declared protocol must be referenced in
> the 'apacheDS' bean. Am I right?
> If yes, then if I want to enable the DNS server inside Apache
> DS, I'll need to uncomment the 'dnsServer' bean, add an 'id'
> to it and reference it in the 'apacheDS' bean?
>
>
> Yep you're right.
>
>
> Are you sure about that...?
> Actually, I had a closer look to the ApacheDS class
> (org.apache.directory.server.configuration.ApacheDS) and I've not seen
> any dnsServer, kdcServer, changePasswordServer or ntpServer field. I
> don't see how Spring could make any association...
> How do I enable these protocols? Maybe by setting an 'enable'
> attribute set to true to each protocol bean?
The problem since we "adopted" the xbean+Spring stuff is now pretty
apparent. These two things gathered just plain sucks.
We definitively have to step back a little, and come back to some
srrious - although boring - solution. What we have is silly, painfull,
error-prone, and make the users wondering if we are simply trying to
have fun endorsing the latest funny buzz around there.
<rant>
I already ranted about this xbean+spring stuff, but now, I consider that
was not rant. I was soft. This couple will just produce monsters, not
babies... We must practice abortion asap, and keep the parent either
separated or killed !!!
</rant>
Seriously, we can't keep this situation as is for 2.0.
--
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Alex Karasulu <ak...@apache.org>.
Hi Pierre,
2008/5/19 Pierre-Arnaud Marcelot <pa...@marcelot.net>:
> Hi all,
>
> I still need a few other explanations on some parts of the server.xml file
> in order to finish the update for the 1.5.2 version.
>
> I'm wondering what these attributes and tags are for (I guess Kerberos...):
>
> - saslHost
> - saslPrincipal
> - searchBaseDn
> - saslQop
> - saslRealms
>
>
> I believe these parameters should also have an associated UI, shouldn't
> they?
>
Yeah these are parameters for SASL using GSSAPI against Kerberos. Yeah I
guess I would use a specific UI dialog for this content.
Thanks,
Alex
>
> 2008/5/16 Alex Karasulu <ak...@apache.org>:
>
> May be David can give us some insight as to how these properties would be
>> properly encoded in XBean terms.
>>
>> I too have not tried it. Perhaps between Martin and David we can figure
>> this out.
>>
>> Thanks guys,
>> Alex
>>
>> 2008/5/16 Pierre-Arnaud Marcelot <pa...@marcelot.net>:
>>
>> Hi Martin,
>>>
>>> Thanks a lot!
>>> I completely understand the configuration now.
>>>
>>> About the peerReplicas property, you're right and I'm not sure either the
>>> given example would work.
>>> Did anyone tested it?
>>>
>>> But I think we can mix xbean and spring syntaxes to get something that
>>> will work and could look like:
>>>
>>>> <replicationInterceptor>
>>>> <configuration>
>>>> <replicationConfiguration serverPort="10390">
>>>> <spring:property name="peerReplicas">
>>>> <spring:set>
>>>> <spring:value xmlns="
>>>> http://www.springframework.org/schema/beans">
>>>> instance_b@localhost:10392
>>>> </spring:value>
>>>> </spring:set>
>>>> </spring:property>
>>>> <replicaId>
>>>> <replicaId id="instance_a"/>
>>>> </replicaId>
>>>> </replicationConfiguration>
>>>> </configuration>
>>>> </replicationInterceptor>
>>>>
>>>
>>>
>>> Thanks again,
>>> Pierre-Arnaud
>>>
>>>
>>> On Fri, May 16, 2008 at 4:25 PM, Martin Alderson <
>>> Martin.Alderson@salfordsoftware.co.uk> wrote:
>>>
>>>> Hi Pierre,
>>>>
>>>> I haven't tried the new xbean form of the replication configuration -
>>>> I'm not really sure if anyone has!
>>>>
>>>> I'm not sure if peerReplicas="instance_b@localhost:10392" will work,
>>>> since peerReplicas is actually a set. In my old style config I have:
>>>>
>>>> <property name="peerReplicas">
>>>> <set>
>>>> <value>t3st-b@127.0.0.1:11390</value>
>>>> </set>
>>>> </property>
>>>>
>>>> Each ApacheDS replica needs to be given a unique and permanent case
>>>> insensitive ID. It should never change for a given ApacheDS instance
>>>> unless the backend data is wiped out (effectively giving you a fresh
>>>> install). I think that in the future we would want to make this
>>>> auto-generated by default to simplify the configuration. The replica ID
>>>> in your snippet is instance_a - the rest is just necessary cruft that we
>>>> should cut down in the future. The replica ID must match the regular
>>>> expression [-_a-zA-Z0-9]{1,16}.
>>>>
>>>> The replication service listens on the port specified with "serverPort"
>>>> for connections from other replicas. All the other replicas must be
>>>> specified with "peerReplicas". Each peer replica is specified with
>>>> [replicaID]@[serverAddress]:[serverPort].
>>>>
>>>> Hope this helps,
>>>>
>>>> Martin
>>>>
>>>>
>>>> >>> "Pierre-Arnaud Marcelot" <pa...@marcelot.net> 16/05/2008 13:37 >>>
>>>> Hi Alex,
>>>>
>>>> Thanks for your answers.
>>>>
>>>> Another question...
>>>>
>>>> I'd like the configuration editor to be able to edit basic replication
>>>> settings for the replication interceptor.
>>>> Can I get a little explanation on what these lines doplease?
>>>>
>>>> > <replicationInterceptor>
>>>> > <configuration>
>>>> > <replicationConfiguration serverPort="10390"
>>>> > peerReplicas="instance_b@localhost:10392">
>>>> > <replicaId>
>>>> > <replicaId id="instance_a"/>
>>>> > </replicaId>
>>>> > </replicationConfiguration>
>>>> > </configuration>
>>>> > </replicationInterceptor>
>>>> >
>>>> Especially the serverPort, peerReplicas, replacaId attributes or
>>>> tag...
>>>>
>>>> Thanks a lot.
>>>>
>>>> Pierre-Arnaud
>>>> On Thu, May 15, 2008 at 12:19 PM, Alex Karasulu <ak...@apache.org>
>>>> wrote:
>>>>
>>>> > Hey Pierre,
>>>> >
>>>> > Sorry for taking so long to respond on this one.
>>>> >
>>>> > On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot
>>>> <pa...@marcelot.net>
>>>> > wrote:
>>>> >
>>>> >> Hi again Alex,
>>>> >>
>>>> >> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu
>>>> <ak...@apache.org>
>>>> >> wrote:
>>>> >>
>>>> >>>
>>>> >>> ● It seems that each declared protocol must be referenced in the
>>>> >>>> 'apacheDS' bean. Am I right?
>>>> >>>> If yes, then if I want to enable the DNS server inside Apache DS,
>>>> I'll
>>>> >>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and
>>>> reference it
>>>> >>>> in the 'apacheDS' bean?
>>>> >>>>
>>>> >>>
>>>> >>> Yep you're right.
>>>> >>
>>>> >>
>>>> >> Are you sure about that...?
>>>> >> Actually, I had a closer look to the ApacheDS class
>>>> >> (org.apache.directory.server.configuration.ApacheDS) and I've not
>>>> seen any
>>>> >> dnsServer, kdcServer, changePasswordServer or ntpServer field. I
>>>> don't see
>>>> >> how Spring could make any association...
>>>> >>
>>>> >
>>>> > Yeah it was there before. I may have an older version in mind.
>>>> That's
>>>> > where we should keep a reference to all these protocol
>>>> server/services.
>>>> > Must have changed when we did this XBean thing.
>>>> >
>>>> >
>>>> >> How do I enable these protocols? Maybe by setting an 'enable'
>>>> attribute
>>>> >> set to true to each protocol bean?
>>>> >>
>>>> >> I think so but I'd need to look at the code. I think there's a
>>>> start
>>>> > method but it only gets or shoudl only get invoked or startup the
>>>> service
>>>> > when this enabled flag is set. I'd need to look at the logic there.
>>>> >
>>>> > Alex
>>>> >
>>>>
>>>
>>>
>>
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi all,
I still need a few other explanations on some parts of the server.xml file
in order to finish the update for the 1.5.2 version.
I'm wondering what these attributes and tags are for (I guess Kerberos...):
- saslHost
- saslPrincipal
- searchBaseDn
- saslQop
- saslRealms
I believe these parameters should also have an associated UI, shouldn't
they?
Thanks
P-A
2008/5/16 Alex Karasulu <ak...@apache.org>:
> May be David can give us some insight as to how these properties would be
> properly encoded in XBean terms.
>
> I too have not tried it. Perhaps between Martin and David we can figure
> this out.
>
> Thanks guys,
> Alex
>
> 2008/5/16 Pierre-Arnaud Marcelot <pa...@marcelot.net>:
>
> Hi Martin,
>>
>> Thanks a lot!
>> I completely understand the configuration now.
>>
>> About the peerReplicas property, you're right and I'm not sure either the
>> given example would work.
>> Did anyone tested it?
>>
>> But I think we can mix xbean and spring syntaxes to get something that
>> will work and could look like:
>>
>>> <replicationInterceptor>
>>> <configuration>
>>> <replicationConfiguration serverPort="10390">
>>> <spring:property name="peerReplicas">
>>> <spring:set>
>>> <spring:value xmlns="
>>> http://www.springframework.org/schema/beans">
>>> instance_b@localhost:10392
>>> </spring:value>
>>> </spring:set>
>>> </spring:property>
>>> <replicaId>
>>> <replicaId id="instance_a"/>
>>> </replicaId>
>>> </replicationConfiguration>
>>> </configuration>
>>> </replicationInterceptor>
>>>
>>
>>
>> Thanks again,
>> Pierre-Arnaud
>>
>>
>> On Fri, May 16, 2008 at 4:25 PM, Martin Alderson <
>> Martin.Alderson@salfordsoftware.co.uk> wrote:
>>
>>> Hi Pierre,
>>>
>>> I haven't tried the new xbean form of the replication configuration -
>>> I'm not really sure if anyone has!
>>>
>>> I'm not sure if peerReplicas="instance_b@localhost:10392" will work,
>>> since peerReplicas is actually a set. In my old style config I have:
>>>
>>> <property name="peerReplicas">
>>> <set>
>>> <value>t3st-b@127.0.0.1:11390</value>
>>> </set>
>>> </property>
>>>
>>> Each ApacheDS replica needs to be given a unique and permanent case
>>> insensitive ID. It should never change for a given ApacheDS instance
>>> unless the backend data is wiped out (effectively giving you a fresh
>>> install). I think that in the future we would want to make this
>>> auto-generated by default to simplify the configuration. The replica ID
>>> in your snippet is instance_a - the rest is just necessary cruft that we
>>> should cut down in the future. The replica ID must match the regular
>>> expression [-_a-zA-Z0-9]{1,16}.
>>>
>>> The replication service listens on the port specified with "serverPort"
>>> for connections from other replicas. All the other replicas must be
>>> specified with "peerReplicas". Each peer replica is specified with
>>> [replicaID]@[serverAddress]:[serverPort].
>>>
>>> Hope this helps,
>>>
>>> Martin
>>>
>>>
>>> >>> "Pierre-Arnaud Marcelot" <pa...@marcelot.net> 16/05/2008 13:37 >>>
>>> Hi Alex,
>>>
>>> Thanks for your answers.
>>>
>>> Another question...
>>>
>>> I'd like the configuration editor to be able to edit basic replication
>>> settings for the replication interceptor.
>>> Can I get a little explanation on what these lines doplease?
>>>
>>> > <replicationInterceptor>
>>> > <configuration>
>>> > <replicationConfiguration serverPort="10390"
>>> > peerReplicas="instance_b@localhost:10392">
>>> > <replicaId>
>>> > <replicaId id="instance_a"/>
>>> > </replicaId>
>>> > </replicationConfiguration>
>>> > </configuration>
>>> > </replicationInterceptor>
>>> >
>>> Especially the serverPort, peerReplicas, replacaId attributes or
>>> tag...
>>>
>>> Thanks a lot.
>>>
>>> Pierre-Arnaud
>>> On Thu, May 15, 2008 at 12:19 PM, Alex Karasulu <ak...@apache.org>
>>> wrote:
>>>
>>> > Hey Pierre,
>>> >
>>> > Sorry for taking so long to respond on this one.
>>> >
>>> > On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot
>>> <pa...@marcelot.net>
>>> > wrote:
>>> >
>>> >> Hi again Alex,
>>> >>
>>> >> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu
>>> <ak...@apache.org>
>>> >> wrote:
>>> >>
>>> >>>
>>> >>> ● It seems that each declared protocol must be referenced in the
>>> >>>> 'apacheDS' bean. Am I right?
>>> >>>> If yes, then if I want to enable the DNS server inside Apache DS,
>>> I'll
>>> >>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and
>>> reference it
>>> >>>> in the 'apacheDS' bean?
>>> >>>>
>>> >>>
>>> >>> Yep you're right.
>>> >>
>>> >>
>>> >> Are you sure about that...?
>>> >> Actually, I had a closer look to the ApacheDS class
>>> >> (org.apache.directory.server.configuration.ApacheDS) and I've not
>>> seen any
>>> >> dnsServer, kdcServer, changePasswordServer or ntpServer field. I
>>> don't see
>>> >> how Spring could make any association...
>>> >>
>>> >
>>> > Yeah it was there before. I may have an older version in mind.
>>> That's
>>> > where we should keep a reference to all these protocol
>>> server/services.
>>> > Must have changed when we did this XBean thing.
>>> >
>>> >
>>> >> How do I enable these protocols? Maybe by setting an 'enable'
>>> attribute
>>> >> set to true to each protocol bean?
>>> >>
>>> >> I think so but I'd need to look at the code. I think there's a
>>> start
>>> > method but it only gets or shoudl only get invoked or startup the
>>> service
>>> > when this enabled flag is set. I'd need to look at the logic there.
>>> >
>>> > Alex
>>> >
>>>
>>
>>
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Alex Karasulu <ak...@apache.org>.
May be David can give us some insight as to how these properties would be
properly encoded in XBean terms.
I too have not tried it. Perhaps between Martin and David we can figure
this out.
Thanks guys,
Alex
2008/5/16 Pierre-Arnaud Marcelot <pa...@marcelot.net>:
> Hi Martin,
>
> Thanks a lot!
> I completely understand the configuration now.
>
> About the peerReplicas property, you're right and I'm not sure either the
> given example would work.
> Did anyone tested it?
>
> But I think we can mix xbean and spring syntaxes to get something that will
> work and could look like:
>
>> <replicationInterceptor>
>> <configuration>
>> <replicationConfiguration serverPort="10390">
>> <spring:property name="peerReplicas">
>> <spring:set>
>> <spring:value xmlns="
>> http://www.springframework.org/schema/beans">
>> instance_b@localhost:10392
>> </spring:value>
>> </spring:set>
>> </spring:property>
>> <replicaId>
>> <replicaId id="instance_a"/>
>> </replicaId>
>> </replicationConfiguration>
>> </configuration>
>> </replicationInterceptor>
>>
>
>
> Thanks again,
> Pierre-Arnaud
>
>
> On Fri, May 16, 2008 at 4:25 PM, Martin Alderson <
> Martin.Alderson@salfordsoftware.co.uk> wrote:
>
>> Hi Pierre,
>>
>> I haven't tried the new xbean form of the replication configuration -
>> I'm not really sure if anyone has!
>>
>> I'm not sure if peerReplicas="instance_b@localhost:10392" will work,
>> since peerReplicas is actually a set. In my old style config I have:
>>
>> <property name="peerReplicas">
>> <set>
>> <value>t3st-b@127.0.0.1:11390</value>
>> </set>
>> </property>
>>
>> Each ApacheDS replica needs to be given a unique and permanent case
>> insensitive ID. It should never change for a given ApacheDS instance
>> unless the backend data is wiped out (effectively giving you a fresh
>> install). I think that in the future we would want to make this
>> auto-generated by default to simplify the configuration. The replica ID
>> in your snippet is instance_a - the rest is just necessary cruft that we
>> should cut down in the future. The replica ID must match the regular
>> expression [-_a-zA-Z0-9]{1,16}.
>>
>> The replication service listens on the port specified with "serverPort"
>> for connections from other replicas. All the other replicas must be
>> specified with "peerReplicas". Each peer replica is specified with
>> [replicaID]@[serverAddress]:[serverPort].
>>
>> Hope this helps,
>>
>> Martin
>>
>>
>> >>> "Pierre-Arnaud Marcelot" <pa...@marcelot.net> 16/05/2008 13:37 >>>
>> Hi Alex,
>>
>> Thanks for your answers.
>>
>> Another question...
>>
>> I'd like the configuration editor to be able to edit basic replication
>> settings for the replication interceptor.
>> Can I get a little explanation on what these lines doplease?
>>
>> > <replicationInterceptor>
>> > <configuration>
>> > <replicationConfiguration serverPort="10390"
>> > peerReplicas="instance_b@localhost:10392">
>> > <replicaId>
>> > <replicaId id="instance_a"/>
>> > </replicaId>
>> > </replicationConfiguration>
>> > </configuration>
>> > </replicationInterceptor>
>> >
>> Especially the serverPort, peerReplicas, replacaId attributes or
>> tag...
>>
>> Thanks a lot.
>>
>> Pierre-Arnaud
>> On Thu, May 15, 2008 at 12:19 PM, Alex Karasulu <ak...@apache.org>
>> wrote:
>>
>> > Hey Pierre,
>> >
>> > Sorry for taking so long to respond on this one.
>> >
>> > On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot
>> <pa...@marcelot.net>
>> > wrote:
>> >
>> >> Hi again Alex,
>> >>
>> >> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu
>> <ak...@apache.org>
>> >> wrote:
>> >>
>> >>>
>> >>> ● It seems that each declared protocol must be referenced in the
>> >>>> 'apacheDS' bean. Am I right?
>> >>>> If yes, then if I want to enable the DNS server inside Apache DS,
>> I'll
>> >>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and
>> reference it
>> >>>> in the 'apacheDS' bean?
>> >>>>
>> >>>
>> >>> Yep you're right.
>> >>
>> >>
>> >> Are you sure about that...?
>> >> Actually, I had a closer look to the ApacheDS class
>> >> (org.apache.directory.server.configuration.ApacheDS) and I've not
>> seen any
>> >> dnsServer, kdcServer, changePasswordServer or ntpServer field. I
>> don't see
>> >> how Spring could make any association...
>> >>
>> >
>> > Yeah it was there before. I may have an older version in mind.
>> That's
>> > where we should keep a reference to all these protocol
>> server/services.
>> > Must have changed when we did this XBean thing.
>> >
>> >
>> >> How do I enable these protocols? Maybe by setting an 'enable'
>> attribute
>> >> set to true to each protocol bean?
>> >>
>> >> I think so but I'd need to look at the code. I think there's a
>> start
>> > method but it only gets or shoudl only get invoked or startup the
>> service
>> > when this enabled flag is set. I'd need to look at the logic there.
>> >
>> > Alex
>> >
>>
>
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi Martin,
Thanks a lot!
I completely understand the configuration now.
About the peerReplicas property, you're right and I'm not sure either the
given example would work.
Did anyone tested it?
But I think we can mix xbean and spring syntaxes to get something that will
work and could look like:
> <replicationInterceptor>
> <configuration>
> <replicationConfiguration serverPort="10390">
> <spring:property name="peerReplicas">
> <spring:set>
> <spring:value xmlns="
> http://www.springframework.org/schema/beans">
> instance_b@localhost:10392
> </spring:value>
> </spring:set>
> </spring:property>
> <replicaId>
> <replicaId id="instance_a"/>
> </replicaId>
> </replicationConfiguration>
> </configuration>
> </replicationInterceptor>
>
Thanks again,
Pierre-Arnaud
On Fri, May 16, 2008 at 4:25 PM, Martin Alderson <
Martin.Alderson@salfordsoftware.co.uk> wrote:
> Hi Pierre,
>
> I haven't tried the new xbean form of the replication configuration -
> I'm not really sure if anyone has!
>
> I'm not sure if peerReplicas="instance_b@localhost:10392" will work,
> since peerReplicas is actually a set. In my old style config I have:
>
> <property name="peerReplicas">
> <set>
> <value>t3st-b@127.0.0.1:11390</value>
> </set>
> </property>
>
> Each ApacheDS replica needs to be given a unique and permanent case
> insensitive ID. It should never change for a given ApacheDS instance
> unless the backend data is wiped out (effectively giving you a fresh
> install). I think that in the future we would want to make this
> auto-generated by default to simplify the configuration. The replica ID
> in your snippet is instance_a - the rest is just necessary cruft that we
> should cut down in the future. The replica ID must match the regular
> expression [-_a-zA-Z0-9]{1,16}.
>
> The replication service listens on the port specified with "serverPort"
> for connections from other replicas. All the other replicas must be
> specified with "peerReplicas". Each peer replica is specified with
> [replicaID]@[serverAddress]:[serverPort].
>
> Hope this helps,
>
> Martin
>
>
> >>> "Pierre-Arnaud Marcelot" <pa...@marcelot.net> 16/05/2008 13:37 >>>
> Hi Alex,
>
> Thanks for your answers.
>
> Another question...
>
> I'd like the configuration editor to be able to edit basic replication
> settings for the replication interceptor.
> Can I get a little explanation on what these lines doplease?
>
> > <replicationInterceptor>
> > <configuration>
> > <replicationConfiguration serverPort="10390"
> > peerReplicas="instance_b@localhost:10392">
> > <replicaId>
> > <replicaId id="instance_a"/>
> > </replicaId>
> > </replicationConfiguration>
> > </configuration>
> > </replicationInterceptor>
> >
> Especially the serverPort, peerReplicas, replacaId attributes or
> tag...
>
> Thanks a lot.
>
> Pierre-Arnaud
> On Thu, May 15, 2008 at 12:19 PM, Alex Karasulu <ak...@apache.org>
> wrote:
>
> > Hey Pierre,
> >
> > Sorry for taking so long to respond on this one.
> >
> > On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot
> <pa...@marcelot.net>
> > wrote:
> >
> >> Hi again Alex,
> >>
> >> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu
> <ak...@apache.org>
> >> wrote:
> >>
> >>>
> >>> ● It seems that each declared protocol must be referenced in the
> >>>> 'apacheDS' bean. Am I right?
> >>>> If yes, then if I want to enable the DNS server inside Apache DS,
> I'll
> >>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and
> reference it
> >>>> in the 'apacheDS' bean?
> >>>>
> >>>
> >>> Yep you're right.
> >>
> >>
> >> Are you sure about that...?
> >> Actually, I had a closer look to the ApacheDS class
> >> (org.apache.directory.server.configuration.ApacheDS) and I've not
> seen any
> >> dnsServer, kdcServer, changePasswordServer or ntpServer field. I
> don't see
> >> how Spring could make any association...
> >>
> >
> > Yeah it was there before. I may have an older version in mind.
> That's
> > where we should keep a reference to all these protocol
> server/services.
> > Must have changed when we did this XBean thing.
> >
> >
> >> How do I enable these protocols? Maybe by setting an 'enable'
> attribute
> >> set to true to each protocol bean?
> >>
> >> I think so but I'd need to look at the code. I think there's a
> start
> > method but it only gets or shoudl only get invoked or startup the
> service
> > when this enabled flag is set. I'd need to look at the logic there.
> >
> > Alex
> >
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml
file
Posted by Martin Alderson <Ma...@salfordsoftware.co.uk>.
Hi Pierre,
I haven't tried the new xbean form of the replication configuration -
I'm not really sure if anyone has!
I'm not sure if peerReplicas="instance_b@localhost:10392" will work,
since peerReplicas is actually a set. In my old style config I have:
<property name="peerReplicas">
<set>
<value>t3st-b@127.0.0.1:11390</value>
</set>
</property>
Each ApacheDS replica needs to be given a unique and permanent case
insensitive ID. It should never change for a given ApacheDS instance
unless the backend data is wiped out (effectively giving you a fresh
install). I think that in the future we would want to make this
auto-generated by default to simplify the configuration. The replica ID
in your snippet is instance_a - the rest is just necessary cruft that we
should cut down in the future. The replica ID must match the regular
expression [-_a-zA-Z0-9]{1,16}.
The replication service listens on the port specified with "serverPort"
for connections from other replicas. All the other replicas must be
specified with "peerReplicas". Each peer replica is specified with
[replicaID]@[serverAddress]:[serverPort].
Hope this helps,
Martin
>>> "Pierre-Arnaud Marcelot" <pa...@marcelot.net> 16/05/2008 13:37 >>>
Hi Alex,
Thanks for your answers.
Another question...
I'd like the configuration editor to be able to edit basic replication
settings for the replication interceptor.
Can I get a little explanation on what these lines doplease?
> <replicationInterceptor>
> <configuration>
> <replicationConfiguration serverPort="10390"
> peerReplicas="instance_b@localhost:10392">
> <replicaId>
> <replicaId id="instance_a"/>
> </replicaId>
> </replicationConfiguration>
> </configuration>
> </replicationInterceptor>
>
Especially the serverPort, peerReplicas, replacaId attributes or
tag...
Thanks a lot.
Pierre-Arnaud
On Thu, May 15, 2008 at 12:19 PM, Alex Karasulu <ak...@apache.org>
wrote:
> Hey Pierre,
>
> Sorry for taking so long to respond on this one.
>
> On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot
<pa...@marcelot.net>
> wrote:
>
>> Hi again Alex,
>>
>> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu
<ak...@apache.org>
>> wrote:
>>
>>>
>>> ● It seems that each declared protocol must be referenced in the
>>>> 'apacheDS' bean. Am I right?
>>>> If yes, then if I want to enable the DNS server inside Apache DS,
I'll
>>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and
reference it
>>>> in the 'apacheDS' bean?
>>>>
>>>
>>> Yep you're right.
>>
>>
>> Are you sure about that...?
>> Actually, I had a closer look to the ApacheDS class
>> (org.apache.directory.server.configuration.ApacheDS) and I've not
seen any
>> dnsServer, kdcServer, changePasswordServer or ntpServer field. I
don't see
>> how Spring could make any association...
>>
>
> Yeah it was there before. I may have an older version in mind.
That's
> where we should keep a reference to all these protocol
server/services.
> Must have changed when we did this XBean thing.
>
>
>> How do I enable these protocols? Maybe by setting an 'enable'
attribute
>> set to true to each protocol bean?
>>
>> I think so but I'd need to look at the code. I think there's a
start
> method but it only gets or shoudl only get invoked or startup the
service
> when this enabled flag is set. I'd need to look at the logic there.
>
> Alex
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi Alex,
Thanks for your answers.
Another question...
I'd like the configuration editor to be able to edit basic replication
settings for the replication interceptor.
Can I get a little explanation on what these lines doplease?
> <replicationInterceptor>
> <configuration>
> <replicationConfiguration serverPort="10390"
> peerReplicas="instance_b@localhost:10392">
> <replicaId>
> <replicaId id="instance_a"/>
> </replicaId>
> </replicationConfiguration>
> </configuration>
> </replicationInterceptor>
>
Especially the serverPort, peerReplicas, replacaId attributes or tag...
Thanks a lot.
Pierre-Arnaud
On Thu, May 15, 2008 at 12:19 PM, Alex Karasulu <ak...@apache.org>
wrote:
> Hey Pierre,
>
> Sorry for taking so long to respond on this one.
>
> On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot <pa...@marcelot.net>
> wrote:
>
>> Hi again Alex,
>>
>> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu <ak...@apache.org>
>> wrote:
>>
>>>
>>> • It seems that each declared protocol must be referenced in the
>>>> 'apacheDS' bean. Am I right?
>>>> If yes, then if I want to enable the DNS server inside Apache DS, I'll
>>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and reference it
>>>> in the 'apacheDS' bean?
>>>>
>>>
>>> Yep you're right.
>>
>>
>> Are you sure about that...?
>> Actually, I had a closer look to the ApacheDS class
>> (org.apache.directory.server.configuration.ApacheDS) and I've not seen any
>> dnsServer, kdcServer, changePasswordServer or ntpServer field. I don't see
>> how Spring could make any association...
>>
>
> Yeah it was there before. I may have an older version in mind. That's
> where we should keep a reference to all these protocol server/services.
> Must have changed when we did this XBean thing.
>
>
>> How do I enable these protocols? Maybe by setting an 'enable' attribute
>> set to true to each protocol bean?
>>
>> I think so but I'd need to look at the code. I think there's a start
> method but it only gets or shoudl only get invoked or startup the service
> when this enabled flag is set. I'd need to look at the logic there.
>
> Alex
>
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Alex Karasulu <ak...@apache.org>.
Hey Pierre,
Sorry for taking so long to respond on this one.
On Wed, May 14, 2008 at 5:04 AM, Pierre-Arnaud Marcelot <pa...@marcelot.net>
wrote:
> Hi again Alex,
>
> On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu <ak...@apache.org>
> wrote:
>
>>
>> • It seems that each declared protocol must be referenced in the
>>> 'apacheDS' bean. Am I right?
>>> If yes, then if I want to enable the DNS server inside Apache DS, I'll
>>> need to uncomment the 'dnsServer' bean, add an 'id' to it and reference it
>>> in the 'apacheDS' bean?
>>>
>>
>> Yep you're right.
>
>
> Are you sure about that...?
> Actually, I had a closer look to the ApacheDS class
> (org.apache.directory.server.configuration.ApacheDS) and I've not seen any
> dnsServer, kdcServer, changePasswordServer or ntpServer field. I don't see
> how Spring could make any association...
>
Yeah it was there before. I may have an older version in mind. That's
where we should keep a reference to all these protocol server/services.
Must have changed when we did this XBean thing.
> How do I enable these protocols? Maybe by setting an 'enable' attribute set
> to true to each protocol bean?
>
> I think so but I'd need to look at the code. I think there's a start
method but it only gets or shoudl only get invoked or startup the service
when this enabled flag is set. I'd need to look at the logic there.
Alex
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi again Alex,
On Tue, May 13, 2008 at 5:19 PM, Alex Karasulu <ak...@apache.org> wrote:
>
> • It seems that each declared protocol must be referenced in the
> > 'apacheDS' bean. Am I right?
> > If yes, then if I want to enable the DNS server inside Apache DS, I'll
> > need to uncomment the 'dnsServer' bean, add an 'id' to it and reference it
> > in the 'apacheDS' bean?
> >
>
> Yep you're right.
Are you sure about that...?
Actually, I had a closer look to the ApacheDS class
(org.apache.directory.server.configuration.ApacheDS) and I've not seen any
dnsServer, kdcServer, changePasswordServer or ntpServer field. I don't see
how Spring could make any association...
How do I enable these protocols? Maybe by setting an 'enable' attribute set
to true to each protocol bean?
Thanks,
Pierre-Arnaud
Re: [Apache DS] Questions about Apache DS 1.5.2 server.xml file
Posted by Alex Karasulu <ak...@apache.org>.
Hi Pierre,
On Tue, May 13, 2008 at 5:40 AM, Pierre-Arnaud Marcelot <pa...@marcelot.net>
wrote:
> Hi,
>
> I'm updating the Studio's Apache DS Configuration plugin to be able to
> edit Apache DS 1.5.2 server.xml file and I'm a little lost since the XBean
> move.
>
> I have a few questions:
>
> • Back in 1.5.1 (and 1.5.0), we had an "environment" bean where we could
> set the admin DN and credentials, as well as a list of binary attributes.
> It's not in the 1.5.2 server.xml file... Where has it gone ?
>
It's gone forever thankfully. We no longer need to include the Admin
principal DN and password in the server.xml file.
>
> • In the 1.5.2 server.xml file, we have this 'ldapServer' bean
> (id='ldapsServer') for the LDAPS configuration, in which we have two boolean
> attributes: 'enabled' and 'ldapsEnabled'. When should I consider that LDAPS
> is enabled? When both are set to true?
Ohh boy I hate that this is the case. It's just a mess in there with both
these parameters. You're right though about your conclusion. Both must be
true for the LDAPS capability to be enabled.
>
>
> • It seems that each declared protocol must be referenced in the
> 'apacheDS' bean. Am I right?
> If yes, then if I want to enable the DNS server inside Apache DS, I'll
> need to uncomment the 'dnsServer' bean, add an 'id' to it and reference it
> in the 'apacheDS' bean?
>
Yep you're right.
Thanks,
Alex