GUAC-1166: Document new ldap-encryption-method property.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/commit/25852ccc Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/tree/25852ccc Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/diff/25852ccc Branch: refs/heads/master Commit: 25852cccdee323cdcd3ca18979f78b2688a9b5e1 Parents: f0954c4 Author: Michael Jumper <[email protected]> Authored: Wed Dec 9 12:58:03 2015 -0800 Committer: Michael Jumper <[email protected]> Committed: Wed Dec 9 12:59:31 2015 -0800 ---------------------------------------------------------------------- src/chapters/ldap-auth.xml | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-manual/blob/25852ccc/src/chapters/ldap-auth.xml ---------------------------------------------------------------------- diff --git a/src/chapters/ldap-auth.xml b/src/chapters/ldap-auth.xml index b19bf50..3721cbc 100644 --- a/src/chapters/ldap-auth.xml +++ b/src/chapters/ldap-auth.xml @@ -247,10 +247,36 @@ dn: cn={4}guacConfigGroup,cn=schema,cn=config <varlistentry> <term><property>ldap-port</property></term> <listitem> - <para>The port your LDAP server listens on. If omitted, the standard LDAP - port of 389 will be used. Unless you manually configured your LDAP - server to do otherwise, your LDAP server probably listens on port - 389.</para> + <para>The port your LDAP server listens on. If omitted, the standard LDAP or + LDAPS port will be used, depending on the encryption method specified + with <property>ldap-encryption-method</property> (if any). Unencrypted + LDAP uses the standard port of 389, while LDAPS uses port 636. Unless + you manually configured your LDAP server to do otherwise, your LDAP + server probably listens on port 389.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><property>ldap-encryption-method</property></term> + <listitem> + <para>The encryption mechanism that Guacamole should use when communicating + with your LDAP server. Legal values are "none" for unencrypted LDAP, + "ssl" for LDAP over SSL/TLS (commonly known as LDAPS), or "starttls" for + STARTTLS. If omitted, encryption will not be used.</para> + <para>If you do use encryption when connecting to your LDAP server, you will + need to ensure that its certificate chain can be verified using the + certificates in Java's trust store, often referred to as + <filename>cacerts</filename>. If this is not the case, you will need + to use Java's <command>keytool</command> utility to either add the + necessary certificates or to create a new trust store containing those + certificates.</para> + <para>If you will be using your own trust store and not the default + <filename>cacerts</filename>, you will need to specify the full path + to that trust store using the system property + <property>javax.net.ssl.trustStore</property>. Note that this is a + system property and <emphasis>not</emphasis> a Guacamole property; it + must be specified when starting the JVM using the <option>-D</option> + option. Your servlet container will provide some means of specifying + startup options for the JVM.</para> </listitem> </varlistentry> <varlistentry>
