Page Operations
Browse Space
Overview
Starting from version 1.2, Penrose bundles OpenDS in the distribution but by default it is not enabled. See also Services.
Configuration
To use OpenDS as the LDAP service for Penrose, modify PENROSE_SERVER_HOME/conf/server.xml and replace the LDAP service as follows:
<service name="LDAP">
<service-class>org.safehaus.penrose.opends.OpenDSLDAPService</service-class>
</service>
OpenDS LDAP service does not have configurable parameters in server.xml. If the LDAP service configuration above contains parameters, they will be ignored. OpenDS configuration is located in PENROSE_SERVER_HOME/config/config.ldif.
To change LDAP port see the following entry:
dn: cn=LDAP Connection Handler,cn=Connection Handlers,cn=config ds-cfg-listen-port: 10389
SSL
See this page for more info on SSL.
If your SSL certificate is stored in a keystore edit the JKS key manager:
dn: cn=JKS,cn=Key Manager Providers,cn=config
ds-cfg-enabled: true
ds-cfg-key-store-file: conf/penrose.keystore
ds-cfg-key-store-pin-file: conf/keystore.pin
If you have a PKCS12 certificate edit the PKCS12 key manager:
dn: cn=PKCS12,cn=Key Manager Providers,cn=config
ds-cfg-enabled: true
ds-cfg-key-store-file: conf/penrose.p12
ds-cfg-key-store-pin-file: conf/keystore.pin
Put the keystore/PKCS12 password in the conf/keystore.pin with a text editor or using the following command:
echo secret > conf/keystore.pin
Enable Blind Trust to accept all client certificates:
dn: cn=Blind Trust,cn=Trust Manager Providers,cn=config
ds-cfg-enabled: true
Find the LDAPS Connection Handler entry, then set the following attributes:
dn: cn=LDAPS Connection Handler,cn=Connection Handlers,cn=config ds-cfg-enabled: true ds-cfg-listen-port: 10636 ds-cfg-allow-start-tls: false ds-cfg-use-ssl: true ds-cfg-ssl-cert-nickname: penrose ds-cfg-key-manager-provider: cn=JKS,cn=Key Manager Providers,cn=config ds-cfg-trust-manager-provider: cn=Blind Trust,cn=Trust Manager Providers,cn=config
Make sure it's pointing to the correct Key Manager/Trust Manager.