Hi guys,
in order to be compatible with the changes we made in the ApacheDS
configuration, I will update the LDAP configration plugin. Here is a
list of changes I'm going to apply (more to come later) :
Overview page
-------------
o Addition of the LDAP and LDAPS addresses (defaulting to 0.0.0.0). It's
likely that the address will be different than 0.0.0.0 on a production
server, so this information is critical.
I'll put it just below the port :
LDAP/LDAPS Servers
[X] Enable LDAP Server
Port : [-----] (Default: 10389)
Address: [-------------------------------] (Default :
0.0.0.0) <-- Here, we should be able to accept any InetAddress (IPV4,
IPV6, host name...)
The very samle for LDAPS.
o I may add an 'advanced' bar under the address where I will allow
anyone to configure for LDAP and LDAPS the following parameters :
- nb threads
- backlog size
Another option would be to move the 'address' box into this 'advanced'
bar (so hidden most of the time).
o LDAPS
There are 4 configuration parameters that has to be exposed for LDAPS/TLS :
- list of enabled ciphers (exposed in the LDAP/LDAPS page)
- list of enabled protocols (tpo be added)
- the needClientAuth flag
- the wantClientAuth flag
I will add them under the "SSL/Start TLS Cipher Suites" bar (and rename
this bar to "SSL/StartTLS advanced parameters".
Note that in the new config, we do have a TcpTransportBean and a
UdpTransportBean, TcpTransport is now an abstractClass (although it
carries all the parameters, the two other classes are just for clarity).
Doing those changes is not that complex, testing them might be. I'm
currently working on Stefan's Tycho branch.
Thanks !
