From bffaa20d2efe129c2ea4ebdfef7df547978f02a9 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Wed, 21 Feb 2007 19:44:18 +0000
Subject: [PATCH] Redesign the server to support multiple key manager providers, trust manager providers, and certificate mappers, and update the components which need access to those elements so that they can specify which one they want to use.  Among other things, this will provide the ability to use different certificates for different listeners, and provide template configuration entries that make it easier for users to enable SSL and/or StartTLS.

---
 opendj-sdk/opends/resource/schema/02-config.ldif |   15 +++++++++++++--
 1 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opends/resource/schema/02-config.ldif b/opendj-sdk/opends/resource/schema/02-config.ldif
index 9a1ca7b..b04876a 100644
--- a/opendj-sdk/opends/resource/schema/02-config.ldif
+++ b/opendj-sdk/opends/resource/schema/02-config.ldif
@@ -1048,6 +1048,15 @@
 attributeTypes: ( 1.3.6.1.4.1.26027.1.1.308
   NAME 'ds-cfg-default-root-privilege-name'
   SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'OpenDS Directory Server' )
+attributeTypes: ( 1.3.6.1.4.1.26027.1.1.309 NAME 'ds-cfg-certificate-mapper-dn'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE
+  X-ORIGIN 'OpenDS Directory Server' )
+attributeTypes: ( 1.3.6.1.4.1.26027.1.1.310
+  NAME 'ds-cfg-key-manager-provider-dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' )
+attributeTypes: ( 1.3.6.1.4.1.26027.1.1.311
+  NAME 'ds-cfg-trust-manager-provider-dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  SINGLE-VALUE X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.1
   NAME 'ds-cfg-access-control-handler' SUP top STRUCTURAL
   MUST ( cn $ ds-cfg-acl-handler-class $ ds-cfg-acl-handler-enabled )
@@ -1116,7 +1125,8 @@
   ds-cfg-send-rejection-notice $ ds-cfg-max-request-size $
   ds-cfg-num-request-handlers $ ds-cfg-allow-start-tls $ ds-cfg-use-ssl $
   ds-cfg-ssl-client-auth-policy $ ds-cfg-ssl-cert-nickname $
-  ds-cfg-accept-backlog ) X-ORIGIN 'OpenDS Directory Server' )
+  ds-cfg-accept-backlog $ ds-cfg-key-manager-provider-dn $
+  ds-cfg-trust-manager-provider-dn ) X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.15 NAME 'ds-cfg-entry-cache'
   SUP top STRUCTURAL MUST ( cn $ ds-cfg-entry-cache-class $
   ds-cfg-entry-cache-enabled ) X-ORIGIN 'OpenDS Directory Server' )
@@ -1242,7 +1252,8 @@
   ds-cfg-sasl-mechanism-handler-enabled ) X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.44
   NAME 'ds-cfg-external-sasl-mechanism-handler'
-  SUP ds-cfg-sasl-mechanism-handler MAY ( ds-cfg-certificate-attribute $
+  SUP ds-cfg-sasl-mechanism-handler MUST ds-cfg-certificate-mapper-dn
+  MAY ( ds-cfg-certificate-attribute $
   ds-cfg-client-certificate-validation-policy )
   X-ORIGIN 'OpenDS Directory Server' )
 objectClasses: ( 1.3.6.1.4.1.26027.1.2.45

--
Gitblit v1.10.0