From 186bd2316566ca49ccdb96deec27f092782dacfe Mon Sep 17 00:00:00 2001
From: Ludovic Poitou <ludovic.poitou@forgerock.com>
Date: Tue, 06 Sep 2011 15:54:57 +0000
Subject: [PATCH] Fix OPENDJ-269 : Add support for SSL connection between DSML gateway and LDAP server. There are now several new params in the web.xml file to specify: - A DN and Password to provide default authentication between the DSML gateway and the LDAP server. - whether to use SSL (on LDAPS port) or StartTLS (against LDAP port) - whether TLS server certificate must be blindly trust. - Or the truststore and password to trust it

---
 opends/resource/dsml/webapp/web.xml |   51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 50 insertions(+), 1 deletions(-)

diff --git a/opends/resource/dsml/webapp/web.xml b/opends/resource/dsml/webapp/web.xml
index 0ab7ce7..2557a11 100644
--- a/opends/resource/dsml/webapp/web.xml
+++ b/opends/resource/dsml/webapp/web.xml
@@ -9,13 +9,62 @@
     <param-name>ldap.host</param-name>
     <param-value>localhost</param-value>
   </context-param>
-  
+
   <context-param>
     <description>The port number of the OpenDS server; e.g., 389</description>
     <param-name>ldap.port</param-name>
     <param-value>389</param-value>
   </context-param>
 
+<!-- Uncomment and fill if you want a default authentication between the DSML
+     gateway and the LDAP server when DSML request have no Basic HTTP authentication
+  <context-param>
+    <description>The user DN for authentication (optional)</description>
+    <param-name>ldap.userdn</param-name>
+    <param-value>cn=Directory Manager</param-value>
+  </context-param>
+
+  <context-param>
+    <description>The password for authentication (if ldap.userdn is set)</description>
+    <param-name>ldap.userpassword</param-name>
+    <param-value>secret12</param-value>
+  </context-param>
+-->
+
+  <context-param>
+    <description>A flag to specify if the ldap.port is the SSL secured port</description>
+    <param-name>ldap.usessl</param-name>
+    <param-value>false</param-value>
+  </context-param>
+
+  <context-param>
+    <description>A flag to specify if StartTLS should be use to secure connections to the ldap.port</description>
+    <param-name>ldap.usestarttls</param-name>
+    <param-value>false</param-value>
+  </context-param>
+
+  <context-param>
+    <description>A flag to specify is all certificates should be blindly trusted</description>
+    <param-name>ldap.trustall</param-name>
+    <param-value>false</param-value>
+  </context-param>
+
+
+<!-- Uncomment and fill if you enable SSL or StartTLS and want to verify
+     the LDAP server certificate
+  <context-param>
+    <description>The path to the truststore when ssl or starttls is enabled</description>
+    <param-name>ldap.truststore.path</param-name>
+    <param-value></param-value>
+  </context-param>
+
+  <context-param>
+    <description>The password of the truststore when ssl or starttls is enabled</description>
+    <param-name>ldap.truststore.password</param-name>
+    <param-value></param-value>
+  </context-param>
+-->
+
   <servlet>
     <servlet-name>DSMLServlet</servlet-name>
     <servlet-class>org.opends.dsml.protocol.DSMLServlet</servlet-class>

--
Gitblit v1.10.0