Hi Beat, comments inline...
Beat Burgener | NetSuccess GmbH schrieb: > ------------------------------------------------------------------------------------- > In ApacheDS 1.0.2, apacheDS was started using a binary file, in 1.5.5 > it is a > script ... > > For the binary, I could supply: "/apacheDS/bin/apacheds -user $DS_USER " > > How could this be achieved with the script / direct java call? Should I > do a "su -"? This would lead to the problem with the default ports <1023 > ... > This worked out with 1.0.2, the ports used where the default ones below > 1023 > and the java process was running as desired user ... Are you using the 'zip/tar.gz' package? We provide multiple native packages (deb, rpm, deb, bin). At least the deb package creates an user 'apacheds' and the /etc/init.d/apacheds start script runs the server as that user. Please try one of them (or extract the binary). > ------------------------------------------------------------------------------------- > Further, I would like to use our self-signed and later "trusted" SSL > certificate for > the SSL communication, but the web page doc and the current config are > different: > > From the web page: > > <ldapService id="ldapsService" > enabled="true" > tcpPort="10636" > enableLdaps="true" > nbTcpThreads="8" > keystoreFile="C:/java/apacheds-1.5.5/conf/zanzibar.ks" > certificatePassword="secret"> > <directoryService>#directoryService</directoryService> > </ldapService> > > > From what I see in our config: > > <ldapServer id="ldapServer" > allowAnonymousAccess="false" > saslHost="ldap.netsuccess.ch" > saslPrincipal="ldap/[email protected]" > searchBaseDn="ou=users,ou=system" > maxTimeLimit="15000" > maxSizeLimit="1000"> > <transports> > <tcpTransport address="0.0.0.0" port="389" nbThreads="8" > backLog="50" enableSSL="false"/> > <tcpTransport address="0.0.0.0" port="636" enableSSL="true"/> > </transports> > > <directoryService>#directoryService</directoryService> > > </ldapServer> > > > This appears quiet different, as some of the attributes in the sample > config ended up in the <tcpTransport> > definition ... where should the keystore definition go? Yes. this has been changed from 1.5.4 to 1.5.5. The right place should be the 'ldapServer element': <ldapServer id="ldapServer" keystoreFile="..." certificatePassword="secret" allowAnonymousAccess="false" saslHost="ldap.netsuccess.ch" saslPrincipal="ldap/[email protected]" searchBaseDn="ou=users,ou=system" maxTimeLimit="15000" maxSizeLimit="1000"> > ------------------------------------------------------------------------------------- > Also, on the same page, the admin password change is described ... > Changing the password within LDAP is OK, but where should I put it in > the config? Please, forget about that page. Just use Studio, navigate to the 'uid=admin,ou=system' entry and edit the 'userPassword' attribute. > Sorry to ask again for help, but I'm a little bit stuck here ... and to > search the needle in the > hew pile, I unfortunately couldn't find time. No problem, we have to apologize that the documentation is not up-to-date. However time is also our bottleneck, we just haven't enough time ;-). If you will find some time sometime you are invited to spend your time - for the ApacheDS project :-) Kind Regards, Stefan
