external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: ea39e752 | patch | commit | ignore whitespace

Backport documentation fixes r9052, r9059, r9060, r9061

Mark Craig

26.40.2013 949e80d7b6b1b0603385ca2280bb8010ed81b7e7

Backport documentation fixes r9052, r9059, r9060, r9061

5 files modified

	src/main/docbkx/admin-guide/appendix-file-layout.xml	12 ●●●●● patch \| view \| raw \| blame \| history
	src/main/docbkx/admin-guide/chap-connection-handlers.xml	62 ●●●●● patch \| view \| raw \| blame \| history
	src/main/docbkx/admin-guide/chap-monitoring.xml	4 ●●●●● patch \| view \| raw \| blame \| history
	src/main/docbkx/install-guide/chap-install-cli.xml	6 ●●●●● patch \| view \| raw \| blame \| history
	src/main/docbkx/install-guide/chap-upgrade.xml	8 ●●●●● patch \| view \| raw \| blame \| history

 src/main/docbkx/admin-guide/appendix-file-layout.xml

@@ -162,18 +162,6 @@
   </listitem>
  </varlistentry>
  <varlistentry>
   <term><filename>install.html</filename></term>
   <listitem>
    <para>Quick installation instructions in case you are offline</para>
   </listitem>
  </varlistentry>
  <varlistentry>
   <term><filename>install.txt</filename></term>
   <listitem>
    <para>Text version of <filename>install.html</filename></para>
   </listitem>
  </varlistentry>
  <varlistentry>
   <term><filename>instance.loc</filename></term>
   <listitem>
    <para>Pointer to OpenDJ on the file system, useful in installations where

 src/main/docbkx/admin-guide/chap-connection-handlers.xml

@@ -449,11 +449,29 @@

  <procedure xml:id="new-self-signed-cert">
   <title>To Create &amp; Install a Self-Signed Certificate</title>
   
   <para>First you create and sign a server certificate that you place in
   a Java Key Store. Then you set up the Key Manager Provider and Trust Manager
   Provider to rely on your new server certificate in its key store.</para>
   

   <para>If you choose to configure LDAP Secure Access when setting up OpenDJ
   directory server, the setup program generates a key pair in the Java Key
   Store <filename>/path/to/opendj/config/keystore</filename>, and self-signs
   the public key certificate, which has the alias <literal>server-cert</literal>.
   The password for the key store and the private key is stored in clear text
   in the file <filename>/path/to/opendj/config/keystore.pin</filename>.</para>

   <para>If you want to secure communications, but did not chose to configure
   LDAP Secure Access at setup time, this procedure can help. The following
   steps explain how to create and install a key pair with a self-signed
   certificate in preparation to configure LDAPS or HTTPS. First you create a
   key pair in a new Java Key Store, and then self-sign the certificate. Next,
   you set up the Key Manager Provider and Trust Manager Provider to access
   the new server certificate in the new key store.</para>

   <para>If instead you want to <emphasis>replace the existing server key pair
   with self-signed certificate</emphasis>, then first use <command>keytool
   -delete -alias server-cert</command> to delete the existing keys before you
   generate a new key pair with the same alias. You can also either reuse the
   existing password in <filename>keystore.pin</filename>, or use a new password
   as shown in the steps below.</para>

   <step>
    <para>Generate the server certificate using the Java
    <command>keytool</command> command.</para>
@@ -465,6 +483,7 @@
 -keystore /path/to/opendj/config/keystore
 -storepass changeit
 -keypass changeit</screen>

    <para>In this example, OpenDJ is running on a system with fully qualified
    host name <literal>opendj.example.com</literal>. The Java Key Store (JKS)
    is created in the <filename>config</filename> directory where OpenDJ is
@@ -476,6 +495,9 @@
     OpenDJ requires that you use the same password to protect both the
     key store and also the private key.</para>
    </note>

    <para>Keep track of the password provided to the <option>-storepass</option>
    and <option>-keypass</option> options.</para>
   </step>
   <step>
    <para>Self-sign the server certificate.</para>
@@ -486,10 +508,19 @@
 -storepass changeit</screen>
   </step>
   <step>
    <para>Configure the File Based Key Manager Provider for JKS to use the
    file name and key store PIN that you set up with the
    <command>keytool</command> command.</para>
    <screen>$ dsconfig
    <para>Configure the File Based Key Manager Provider for JKS to access the
    Java Key Store with key store/private key password.</para>

    <para>In this example, the alias is <literal>server-cert</literal> and the
    password is <literal>changeit</literal>.</para>

    <para>If you are replacing a key pair with a self-signed certificate,
    reusing the <literal>server-cert</literal> alias and password stored in
    <filename>keystore.pin</filename>, then you can skip this step.</para>

    <screen>$ echo changeit > /path/to/opendj/config/keystore.pin
$ chmod 600 /path/to/opendj/config/keystore.pin
$ dsconfig
 set-key-manager-provider-prop
 --hostname opendj.example.com
 --port 4444
@@ -497,14 +528,17 @@
 --bindPassword password
 --provider-name JKS
 --set enabled:true
 --set key-store-pin:changeit
 --remove key-store-pin-file:config/keystore.pin
 --set key-store-file:config/keystore
 --set key-store-pin-file:config/keystore.pin
 --trustAll
 --no-prompt</screen>
   </step>
   <step>
    <para>Configure the File Based Trust Manager Provider for JKS to use the
    key store and PIN as well.</para>

    <para>If you skipped the previous step, you can also skip this step.</para>

    <screen>$ dsconfig
 set-trust-manager-provider-prop
 --hostname opendj.example.com
@@ -514,11 +548,13 @@
 --provider-name JKS
 --set enabled:true
 --set trust-store-file:config/keystore
 --set trust-store-pin:changeit
 --set trust-store-pin-file:config/keystore.pin
 --trustAll
 --no-prompt</screen>

    <para>At this point, OpenDJ directory server can use your new self-signed
    certificate, for example for StartTLS and LDAPS connection handlers.</para>
    certificate, for example for StartTLS and LDAPS or HTTPS connection
    handlers.</para>
   </step>
  </procedure>
 </section>

 src/main/docbkx/admin-guide/chap-monitoring.xml

@@ -28,7 +28,7 @@
         xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
         xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'
         xmlns:xlink='http://www.w3.org/1999/xlink'
        >
         xmlns:xinclude='http://www.w3.org/2001/XInclude'>
 <title>Monitoring, Logging, &amp; Alerts</title>
 
 <para>This chapter describes the monitoring capabilities that OpenDJ
@@ -37,7 +37,7 @@
 <indexterm><primary>Monitoring</primary></indexterm>
 
 <para>OpenDJ Control Panel provides basic monitoring capabilities under
 Monitoring &gt; Connection Handler, Monitoring &gt; Connection Handler, and
 Monitoring &gt; General Information, Monitoring &gt; Connection Handler, and
 Monitoring &gt; Manage Tasks. This chapter covers the other options for
 monitoring OpenDJ.</para>
 

 src/main/docbkx/install-guide/chap-install-cli.xml

@@ -503,9 +503,9 @@
   <para>Before you install OpenDJ, install a Java runtime environment if none
   is installed yet.</para>

   <screen>$ java -version
java version ...
OpenJDK Runtime Environment ...</screen>
   <screen>$ su
Password:
# rpm -ivh jdk-*.rpm</screen>
  </step>

  <step>

 src/main/docbkx/install-guide/chap-upgrade.xml

@@ -34,13 +34,11 @@
 
 <para>This chapter covers upgrade from OpenDJ 2.4.5 and later versions.</para>

 <para>For upgrades from earlier versions, upgrade first to OpenDJ
 <?eval ${stableServerVersion}?>, and then follow the procedures in this
 chapter. See <link xlink:show="new"
 <para>For upgrades from earlier versions, upgrade first to at least OpenDJ
 2.4.5, and then follow the procedures in this chapter. See <link xlink:show="new"
 xlink:href="https://wikis.forgerock.org/confluence/display/OPENDJ/OpenDJ+Installation+Guide#OpenDJInstallationGuide-UpgradingOpenDJDirectoryServer"
 >Upgrading OpenDJ Directory Server</link> in the OpenDJ Wiki for details on
 upgrading to OpenDJ <?eval ${stableServerVersion}?> from earlier
 versions.</para>
 upgrading to OpenDJ 2.4.5 from earlier versions.</para>

 <procedure xml:id="before-you-upgrade">
  <title>Before You Upgrade</title>

			@@ -162,18 +162,6 @@
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><filename>install.html</filename></term>
			<listitem>
			<para>Quick installation instructions in case you are offline</para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><filename>install.txt</filename></term>
			<listitem>
			<para>Text version of <filename>install.html</filename></para>
			</listitem>
			</varlistentry>
			<varlistentry>
			<term><filename>instance.loc</filename></term>
			<listitem>
			<para>Pointer to OpenDJ on the file system, useful in installations where

			@@ -449,11 +449,29 @@

			<procedure xml:id="new-self-signed-cert">
			<title>To Create & Install a Self-Signed Certificate</title>

			<para>First you create and sign a server certificate that you place in
			a Java Key Store. Then you set up the Key Manager Provider and Trust Manager
			Provider to rely on your new server certificate in its key store.</para>


			<para>If you choose to configure LDAP Secure Access when setting up OpenDJ
			directory server, the setup program generates a key pair in the Java Key
			Store <filename>/path/to/opendj/config/keystore</filename>, and self-signs
			the public key certificate, which has the alias <literal>server-cert</literal>.
			The password for the key store and the private key is stored in clear text
			in the file <filename>/path/to/opendj/config/keystore.pin</filename>.</para>

			<para>If you want to secure communications, but did not chose to configure
			LDAP Secure Access at setup time, this procedure can help. The following
			steps explain how to create and install a key pair with a self-signed
			certificate in preparation to configure LDAPS or HTTPS. First you create a
			key pair in a new Java Key Store, and then self-sign the certificate. Next,
			you set up the Key Manager Provider and Trust Manager Provider to access
			the new server certificate in the new key store.</para>

			<para>If instead you want to <emphasis>replace the existing server key pair
			with self-signed certificate</emphasis>, then first use <command>keytool
			-delete -alias server-cert</command> to delete the existing keys before you
			generate a new key pair with the same alias. You can also either reuse the
			existing password in <filename>keystore.pin</filename>, or use a new password
			as shown in the steps below.</para>

			<step>
			<para>Generate the server certificate using the Java
			<command>keytool</command> command.</para>
			@@ -465,6 +483,7 @@
			-keystore /path/to/opendj/config/keystore
			-storepass changeit
			-keypass changeit</screen>

			<para>In this example, OpenDJ is running on a system with fully qualified
			host name <literal>opendj.example.com</literal>. The Java Key Store (JKS)
			is created in the <filename>config</filename> directory where OpenDJ is
			@@ -476,6 +495,9 @@
			OpenDJ requires that you use the same password to protect both the
			key store and also the private key.</para>
			</note>

			<para>Keep track of the password provided to the <option>-storepass</option>
			and <option>-keypass</option> options.</para>
			</step>
			<step>
			<para>Self-sign the server certificate.</para>
			@@ -486,10 +508,19 @@
			-storepass changeit</screen>
			</step>
			<step>
			<para>Configure the File Based Key Manager Provider for JKS to use the
			file name and key store PIN that you set up with the
			<command>keytool</command> command.</para>
			<screen>$ dsconfig
			<para>Configure the File Based Key Manager Provider for JKS to access the
			Java Key Store with key store/private key password.</para>

			<para>In this example, the alias is <literal>server-cert</literal> and the
			password is <literal>changeit</literal>.</para>

			<para>If you are replacing a key pair with a self-signed certificate,
			reusing the <literal>server-cert</literal> alias and password stored in
			<filename>keystore.pin</filename>, then you can skip this step.</para>

			<screen>$ echo changeit > /path/to/opendj/config/keystore.pin
			$ chmod 600 /path/to/opendj/config/keystore.pin
			$ dsconfig
			set-key-manager-provider-prop
			--hostname opendj.example.com
			--port 4444
			@@ -497,14 +528,17 @@
			--bindPassword password
			--provider-name JKS
			--set enabled:true
			--set key-store-pin:changeit
			--remove key-store-pin-file:config/keystore.pin
			--set key-store-file:config/keystore
			--set key-store-pin-file:config/keystore.pin
			--trustAll
			--no-prompt</screen>
			</step>
			<step>
			<para>Configure the File Based Trust Manager Provider for JKS to use the
			key store and PIN as well.</para>

			<para>If you skipped the previous step, you can also skip this step.</para>

			<screen>$ dsconfig
			set-trust-manager-provider-prop
			--hostname opendj.example.com
			@@ -514,11 +548,13 @@
			--provider-name JKS
			--set enabled:true
			--set trust-store-file:config/keystore
			--set trust-store-pin:changeit
			--set trust-store-pin-file:config/keystore.pin
			--trustAll
			--no-prompt</screen>

			<para>At this point, OpenDJ directory server can use your new self-signed
			certificate, for example for StartTLS and LDAPS connection handlers.</para>
			certificate, for example for StartTLS and LDAPS or HTTPS connection
			handlers.</para>
			</step>
			</procedure>
			</section>

			@@ -28,7 +28,7 @@
			xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
			xsi:schemaLocation='http://docbook.org/ns/docbook http://docbook.org/xml/5.0/xsd/docbook.xsd'
			xmlns:xlink='http://www.w3.org/1999/xlink'
			>
			xmlns:xinclude='http://www.w3.org/2001/XInclude'>
			<title>Monitoring, Logging, & Alerts</title>

			<para>This chapter describes the monitoring capabilities that OpenDJ
			@@ -37,7 +37,7 @@
			<indexterm><primary>Monitoring</primary></indexterm>

			<para>OpenDJ Control Panel provides basic monitoring capabilities under
			Monitoring > Connection Handler, Monitoring > Connection Handler, and
			Monitoring > General Information, Monitoring > Connection Handler, and
			Monitoring > Manage Tasks. This chapter covers the other options for
			monitoring OpenDJ.</para>

			@@ -503,9 +503,9 @@
			<para>Before you install OpenDJ, install a Java runtime environment if none
			is installed yet.</para>

			<screen>$ java -version
			java version ...
			OpenJDK Runtime Environment ...</screen>
			<screen>$ su
			Password:
			# rpm -ivh jdk-*.rpm</screen>
			</step>

			<step>

			@@ -34,13 +34,11 @@

			<para>This chapter covers upgrade from OpenDJ 2.4.5 and later versions.</para>

			<para>For upgrades from earlier versions, upgrade first to OpenDJ
			<?eval ${stableServerVersion}?>, and then follow the procedures in this
			chapter. See <link xlink:show="new"
			<para>For upgrades from earlier versions, upgrade first to at least OpenDJ
			2.4.5, and then follow the procedures in this chapter. See <link xlink:show="new"
			xlink:href="https://wikis.forgerock.org/confluence/display/OPENDJ/OpenDJ+Installation+Guide#OpenDJInstallationGuide-UpgradingOpenDJDirectoryServer"
			>Upgrading OpenDJ Directory Server</link> in the OpenDJ Wiki for details on
			upgrading to OpenDJ <?eval ${stableServerVersion}?> from earlier
			versions.</para>
			upgrading to OpenDJ 2.4.5 from earlier versions.</para>

			<procedure xml:id="before-you-upgrade">
			<title>Before You Upgrade</title>