[Fedora-directory-commits] directoryconsole/src/com/netscape/admin/dirserv/panel/replication replication.properties, 1.2, 1.3

Tue Dec 2 15:27:40 UTC 2008

Author: rmeggins

Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv764/directoryconsole/src/com/netscape/admin/dirserv/panel/replication

Modified Files:
	replication.properties 
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console chaining, server cleanup
Reviewed by: nkinder (Thanks!)
Fix Description: There are two sets of diffs here.  The first set adds tls, gssapi, and digest to the chaining database (aka database link) panels in the console.  I had to add support for revert to some of the code to make the Reset button work without having to retrieve the values from the server each time.  We already store the original values locally in the _origModel - I added code to allow the use of that in the Reset button.
The second set of diffs is for the server.
1) I had to add support for "SIMPLE" for bindMechanism - this translates to LDAP_SASL_SIMPLE for the actual mechanism.  This value is NULL, so I had to add handling for NULL values in the cb config code (slapi_ch_* work fine with NULL values).
2) Added some more debugging/tracing code
3) The server to server SSL code would only work if the server were configured to be an SSL server.  But for the server to be an SSL client, it only needs NSS initialized and to have the CA cert.  It also needs to configured some of the SSL settings and install the correct policy.  I changed the server code to do this.
Platforms tested: RHEL5
Flag Day: no
Doc impact: Yes



Index: replication.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/replication.properties,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3

--- replication.properties	24 Nov 2008 16:09:23 -0000	1.2
+++ replication.properties	2 Dec 2008 15:27:38 -0000	1.3
@@ -165,14 +165,14 @@
 replication-destination-noEncrypt-label=Use LDAP (no encryption)
 replication-destination-noEncrypt-ttip=Use plain LDAP with no encryption
 replication-destination-sslEncrypt-label=Use TLS/SSL (TLS/SSL encryption with LDAPS)
-replication-destination-sslEncrypt-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port (636)
+replication-destination-sslEncrypt-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port
 replication-destination-startTLS-label=Use StartTLS (TLS/SSL encryption with LDAP)
 replication-destination-startTLS-ttip=Start a TLSv1/SSLv3 encryption session on the LDAP connection
 replication-destination-authUsing-label=Authentication mechanism:
 replication-destination-simpleAuth-label=Simple (Bind DN/Password)
 replication-destination-simpleAuth-ttip=Authenticate using a DN and a password (Simple auth)
 replication-destination-sslClientAuth-label=Server TLS/SSL Certificate (requires TLS/SSL server set up)
-replication-destination-sslClientAuth-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be an SSL server)
+replication-destination-sslClientAuth-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be a TLS/SSL server)
 replication-destination-gssapiAuth-label=SASL/GSSAPI (requires server Kerberos keytab)
 replication-destination-gssapiAuth-ttip=Authenticate using SASL/GSSAPI and the server's Kerberos keytab (supplier and consumer must both support SASL/GSSAPI/Kerberos)
 replication-destination-digestAuth-label=SASL/DIGEST-MD5 (SASL user id and password)


