On Wed, Dec 3, 2014 at 4:39 AM, Emmanuel Lécharny <[email protected]> wrote:
> Hi guys, > > in order to be compatible with the changes we made in the ApacheDS > configuration, I will update the LDAP configration plugin. Here is a > list of changes I'm going to apply (more to come later) : > > Overview page > ------------- > > o Addition of the LDAP and LDAPS addresses (defaulting to 0.0.0.0). It's > likely that the address will be different than 0.0.0.0 on a production > server, so this information is critical. > > I'll put it just below the port : > > LDAP/LDAPS Servers > [X] Enable LDAP Server > Port : [-----] (Default: 10389) > Address: [-------------------------------] (Default : > 0.0.0.0) <-- Here, we should be able to accept any InetAddress (IPV4, > IPV6, host name...) > > The very samle for LDAPS. > > and for Kerberos server please > > o I may add an 'advanced' bar under the address where I will allow > anyone to configure for LDAP and LDAPS the following parameters : > - nb threads > - backlog size > > Another option would be to move the 'address' box into this 'advanced' > bar (so hidden most of the time). > > o LDAPS > There are 4 configuration parameters that has to be exposed for LDAPS/TLS : > - list of enabled ciphers (exposed in the LDAP/LDAPS page) > - list of enabled protocols (tpo be added) > - the needClientAuth flag > - the wantClientAuth flag > > I will add them under the "SSL/Start TLS Cipher Suites" bar (and rename > this bar to "SSL/StartTLS advanced parameters". > > > > Note that in the new config, we do have a TcpTransportBean and a > UdpTransportBean, TcpTransport is now an abstractClass (although it > carries all the parameters, the two other classes are just for clarity). > > Doing those changes is not that complex, testing them might be. I'm > currently working on Stefan's Tycho branch. > > Thanks ! > > -- Kiran Ayyagari http://keydap.com
