[389-users] Re: Admin Gateway over https
On Tue, 2018-03-13 at 10:55 +1000, William Brown wrote: > On Thu, 2018-03-08 at 05:26 +, Eric Wheeler wrote: > > Thanks for the confirmation regarding secure connections and the > > clarification regarding dsgw. I will focus on other alternatives. I > > would be interested in exploring cli tools and the API. Any > > resources > > to which you could point me would be appreciated. Thanks for the > > help. > > > Sorry for the very late reply, > > The new cli tools with 1.4.x are explained here: > > http://www.port389.org/docs/389ds/design/dsadm-dsconf.html > > These are a thin wrapper on our python library which has > documentation > (and I wish I could rememeber where it is >.>) > > There is a lot of example code, and I would be happy to help you get > some working demos going, and explain how it all works if you want to > pursue this further. The docs are here! https://fedorapeople.org/~spichugi/html/ There are some improvements to still come to this api, but any questions are very welcome :) > > Thanks! > > > > > -Original message- > > > From: William Brown > > > Sent: Wednesday, March 7 2018, 1:47 pm > > > To: General discussion list for the 389 Directory server project. > > > Subject: [389-users] Re: Admin Gateway over https > > > > > > On Wed, 2018-03-07 at 01:18 +, Eric Wheeler wrote: > > > > How does one properly configure the Directory Server Gateway to > > > > > > run > > > > over https? Is such a setup necessary for secure connections if > > > > > > ldaps > > > > over 636 is active? > > > > > > Yes, because you have: > > > > > > client -> https -> ldaps > > > > > > So you have to protect each stage of the communication. > > > > > > > I edited dsgw-httpd.conf until I was able to connect to the > > > > > > gateway > > > > via https, but the setup was pretty buggy. Afterwards, I came > > > > > > across > > > > a page in the documentation stating this file shouldn’t be > > > > > > touched. > > > > > > > > My goal is to use the DS Gateway to edit the directory using > > > > > > secure > > > > connections without resorting to other tools such as > > > > phpLDAPadmin > > > > which I’ve read is really designed for OpenLDAP. > > > > > > While I understand your desire, the dsgw software hasn't been > > > touched > > > by us in a long time - and I highly suspect it won't be supported > > > for > > > much longer. Sadly though, as far as a "web tool" we've had some > > > delays > > > building this up but it is on the way! > > > > > > Instead for 1.4.x we plan to release better cli tools with much > > > more > > > functionality that should be able to do everything you want. > > > > > > If you want to know more about these tools and our API for server > > > interaction, I'm happy to provide you resources about this to > > > help > > > you > > > and get it fit for your requirements, > > > > > > Hope that helps, > > > > > > > > > > ___ > > > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > > > To unsubscribe send an email to 389-users-leave@lists.fedorapro > > > > je > > > > > > ct.o > > > > rg > > > > > > ___ > > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > > To unsubscribe send an email to 389-users-leave@lists.fedoraproje > > > ct > > > .org > > -- > Thanks, > > William Brown > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg -- Thanks, William Brown ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: Admin Gateway over https
On Thu, 2018-03-08 at 05:26 +, Eric Wheeler wrote: > Thanks for the confirmation regarding secure connections and the > clarification regarding dsgw. I will focus on other alternatives. I > would be interested in exploring cli tools and the API. Any resources > to which you could point me would be appreciated. Thanks for the > help. Sorry for the very late reply, The new cli tools with 1.4.x are explained here: http://www.port389.org/docs/389ds/design/dsadm-dsconf.html These are a thin wrapper on our python library which has documentation (and I wish I could rememeber where it is >.>) There is a lot of example code, and I would be happy to help you get some working demos going, and explain how it all works if you want to pursue this further. Thanks! > > -Original message- > > From: William Brown > > Sent: Wednesday, March 7 2018, 1:47 pm > > To: General discussion list for the 389 Directory server project. > > Subject: [389-users] Re: Admin Gateway over https > > > > On Wed, 2018-03-07 at 01:18 +, Eric Wheeler wrote: > > > How does one properly configure the Directory Server Gateway to > > run > > > over https? Is such a setup necessary for secure connections if > > ldaps > > > over 636 is active? > > > > Yes, because you have: > > > > client -> https -> ldaps > > > > So you have to protect each stage of the communication. > > > > > I edited dsgw-httpd.conf until I was able to connect to the > > gateway > > > via https, but the setup was pretty buggy. Afterwards, I came > > across > > > a page in the documentation stating this file shouldn’t be > > touched. > > > > > > My goal is to use the DS Gateway to edit the directory using > > secure > > > connections without resorting to other tools such as phpLDAPadmin > > > which I’ve read is really designed for OpenLDAP. > > > > While I understand your desire, the dsgw software hasn't been > > touched > > by us in a long time - and I highly suspect it won't be supported > > for > > much longer. Sadly though, as far as a "web tool" we've had some > > delays > > building this up but it is on the way! > > > > Instead for 1.4.x we plan to release better cli tools with much > > more > > functionality that should be able to do everything you want. > > > > If you want to know more about these tools and our API for server > > interaction, I'm happy to provide you resources about this to help > > you > > and get it fit for your requirements, > > > > Hope that helps, > > > > > > > ___ > > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > > To unsubscribe send an email to 389-users-leave@lists.fedoraproje > > ct.o > > > rg > > ___ > > 389-users mailing list -- 389-users@lists.fedoraproject.org > > To unsubscribe send an email to 389-users-leave@lists.fedoraproject > > .org -- Thanks, William Brown ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: Admin Gateway over https
Thanks for the confirmation regarding secure connections and the clarification regarding dsgw. I will focus on other alternatives. I would be interested in exploring cli tools and the API. Any resources to which you could point me would be appreciated. Thanks for the help. -Original message- From: William Brown Sent: Wednesday, March 7 2018, 1:47 pm To: General discussion list for the 389 Directory server project. Subject: [389-users] Re: Admin Gateway over https On Wed, 2018-03-07 at 01:18 +, Eric Wheeler wrote: > How does one properly configure the Directory Server Gateway to run > over https? Is such a setup necessary for secure connections if ldaps > over 636 is active? Yes, because you have: client -> https -> ldaps So you have to protect each stage of the communication. > I edited dsgw-httpd.conf until I was able to connect to the gateway > via https, but the setup was pretty buggy. Afterwards, I came across > a page in the documentation stating this file shouldn’t be touched. > > My goal is to use the DS Gateway to edit the directory using secure > connections without resorting to other tools such as phpLDAPadmin > which I’ve read is really designed for OpenLDAP. While I understand your desire, the dsgw software hasn't been touched by us in a long time - and I highly suspect it won't be supported for much longer. Sadly though, as far as a "web tool" we've had some delays building this up but it is on the way! Instead for 1.4.x we plan to release better cli tools with much more functionality that should be able to do everything you want. If you want to know more about these tools and our API for server interaction, I'm happy to provide you resources about this to help you and get it fit for your requirements, Hope that helps, > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > <mailto:389-users@lists.fedoraproject.org> > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg -- Thanks, William Brown ___ 389-users mailing list -- 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org <mailto:389-users-le...@lists.fedoraproject.org> ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
[389-users] Re: Admin Gateway over https
On Wed, 2018-03-07 at 01:18 +, Eric Wheeler wrote: > How does one properly configure the Directory Server Gateway to run > over https? Is such a setup necessary for secure connections if ldaps > over 636 is active? Yes, because you have: client -> https -> ldaps So you have to protect each stage of the communication. > I edited dsgw-httpd.conf until I was able to connect to the gateway > via https, but the setup was pretty buggy. Afterwards, I came across > a page in the documentation stating this file shouldn’t be touched. > > My goal is to use the DS Gateway to edit the directory using secure > connections without resorting to other tools such as phpLDAPadmin > which I’ve read is really designed for OpenLDAP. While I understand your desire, the dsgw software hasn't been touched by us in a long time - and I highly suspect it won't be supported for much longer. Sadly though, as far as a "web tool" we've had some delays building this up but it is on the way! Instead for 1.4.x we plan to release better cli tools with much more functionality that should be able to do everything you want. If you want to know more about these tools and our API for server interaction, I'm happy to provide you resources about this to help you and get it fit for your requirements, Hope that helps, > ___ > 389-users mailing list -- 389-users@lists.fedoraproject.org > To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o > rg -- Thanks, William Brown ___ 389-users mailing list -- 389-users@lists.fedoraproject.org To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
