[Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv dirserv.properties, 1.8, 1.9

Richard Allen Megginson rmeggins at fedoraproject.org
Tue Dec 2 15:27:39 UTC 2008 

Author: rmeggins

Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv764/directoryconsole/src/com/netscape/admin/dirserv

Modified Files:
	dirserv.properties 
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console chaining, server cleanup
Reviewed by: nkinder (Thanks!)
Fix Description: There are two sets of diffs here.  The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console.  I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time.  We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button.
The second set of diffs is for the server.
1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism.  This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values).
2) Added some more debugging/tracing code
3) The server to server SSL code would only work if the server were configured to be an SSL server.  But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert.  It also needs to configured some of the SSL settings and install the correct policy.  I changed the server code to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes



Index: dirserv.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/dirserv.properties,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- dirserv.properties	17 Oct 2007 18:04:33 -0000	1.8
+++ dirserv.properties	2 Dec 2008 15:27:37 -0000	1.9
@@ -1164,8 +1164,26 @@
 newchaining-new-mapping-title=Associate database with a suffix
 newchaining-instance-name-label=Database link name:
 newchaining-instance-name-ttip=Unique name of your new database link
+newchaining-authmech-label=Authentication mechanism:
+newchaining-authmech-ttip=How the server will authenticate to the remote server
+newchaining-authmech-simple-label=Simple (Bind DN/Password)
+newchaining-authmech-simple-ttip=Authenticate using a DN and a password (Simple auth)
+newchaining-authmech-sslcert-label=Server TLS/SSL Certificate (requires TLS/SSL server set up)
+newchaining-authmech-sslcert-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be an SSL server)
+newchaining-authmech-gssapi-label=SASL/GSSAPI (requires server Kerberos keytab)
+newchaining-authmech-gssapi-ttip=Authenticate using SASL/GSSAPI and the server's Kerberos keytab (supplier and consumer must both support SASL/GSSAPI/Kerberos)
+newchaining-authmech-digest-label=SASL/DIGEST-MD5 (SASL user id and password)
+newchaining-authmech-digest-ttip=Authenticate using SASL/DIGEST-MD5 - requires consumer support for digest password and identity mapping
 
+newchaining-conntype-label=Connection Type:
+newchaining-conntype-ttip=Type of connection to use to remote server (LDAP, LDAPS, LDAP with StartTLS)
 newchaining-url-title=LDAP URL
+newchaining-url-ldap-label=Use LDAP (no encryption)
+newchaining-url-ldap-ttip=Use plain LDAP with no encryption
+newchaining-url-ldaps-label=Use TLS/SSL (TLS/SSL encryption with LDAPS)
+newchaining-url-ldaps-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port
+newchaining-url-starttls-label=Use StartTLS (TLS/SSL encryption with LDAP)
+newchaining-url-starttls-ttip=Start a TLSv1/SSLv3 encryption session on the LDAP connection
 newchaining-ldap-url-secu-label=Use a secure LDAP connection between servers
 newchaining-ldap-url-secu-ttip=Use SSL connection between remote and local servers
 newchaining-ldap-url-host-label=Remote server
@@ -3090,6 +3108,10 @@
 chaining-instance-auth-update-passwd-error-msg=Error updating :%0 \n %1
 chaining-instance-auth-update-url-error-title=Failed to Update URL
 chaining-instance-auth-update-url-error-msg==Error updating :%0 \n %1
+chaining-instance-auth-update-starttls-error-title=Failed to Update StartTLS setting
+chaining-instance-auth-update-starttls-error-msg=Error updating :%0 \n %1
+chaining-instance-auth-update-bindmech-error-title=Failed to Update Authentication Mechanism
+chaining-instance-auth-update-bindmech-error-msg=Error updating :%0 \n %1
 
 #
 # Account Inactivation

More information about the Fedora-directory-commits mailing list