|
Hello Suman, Congrats on your successful installation of openldap-fortress-enmasse demo. Before I can answer your question let's review what has been accomplished to get to this point: 1. Symas openldap 2.4.33 is installed, configured and running on your machine as a native program. 2. Base load of test users, roles, permissions and more have been loaded into the openldap server using openldap-fortress-core management apis. 3. Apache Tomcat 7 has been installed. 4. openldap-fortress-sentry has been installed as security realm to do all JEE security checks on your Tomcat server's security policy. 5. openldap-fortress-enmasse RESTful policy server has been deployed to Apache Tomcat server. This enables you to call the 100+ fortress APIs using over HTTP. These are the parts we must understand before knowing what passwords to set within the build.properties file. Different passwords go to different servers: A. sudo.pw used for local linux system (if sudo priv's required). If you don't know for sure leave it blank. B. http.pw don't worry about this one yet. we can get to it later if/when you try to connect to enmasse via the fortress api. But this is an advanced move and you're not ready for it yet. C. root.pw is inserted into openldap slapd.conf file as password for root access of default db. This is also the password that would be used by any ldap client that needs to hit the server. # C is for openldap server and is the admin root password (the key word being ROOT). It will be automatically be loaded into openldap's slapd.conf file (during execution of init-slapd target). It may be encrypted using openldap's 'slappasswd' command or left unencrypted. This is openldap specific although it is related to fortress because fortress in this case installs and essentially manages the openldap server for you. D. log.root.pw is inserted into openldap slapd.conf as password for access to log db. # D is also bound for openldap server and is the audit log root password. It will also be automatically loaded into openldap's slapd.conf file. It may be encrypted using slapdpasswd or left unencrypted as well. If you don't need to access the openldap audit log remotely just accept the default on this. The takeway here is this is the password for ROOT access to slapd's audit log. E. cfg.log.root.pw this one is different than the others. It is inserted into fortress' fortress.properties (again during init-slapd target) so its management api's can access the default db. # So E is for fortress itself to access the openldap server remotely. It has to match what you have loaded in C. But if you choose to encrypt (as is the default) it must be performed using the fortress encryption utility not the openldap slappasswd command (fortress encryption is also described in the README file). For testing you can have E as plaintext, but you must tell fortress you don't need encryption by commenting out the following property: #crypto.prop=abcd12345 Now that we understand a little bit about what's going on let's get back to your original question. You are asking what is the default user/password for the browser to hit http://localhost:8080. The answer is you shouldn't have to as this isn't actually a secured link. I just tested on fresh RC24 install and was not challenged. What you should see is Tomcat's home page. So we will have to treat this as a 'bug' although since I don't see this behavior on RC24 I will encourage you to upgrade. If/when you try to access a secured link to a web app that is installed to local tomcat server (like Tomcat's manager app) you would enter these (default) creds: <user userId="tcmanager" password="m@nager123" description="Tomcat Manager User" ou="demousrs1" cn="tcmanager" sn="manager" pwPolicy="Test1" beginTime="0000" endTime="0000" beginDate="20090101" endDate="20990101" beginLockDate="none" endLockDate="none" dayMask="1234567" timeout="0"/> For more info on default policy look at this file which is loaded during step 2: FortressDemoUsers.xml Of course you can add/update users as you wish using the Fortress console, CLI or ant admin utilities as described in the README. Cheers, Shawn On 04/10/2013 05:01 AM, suman karki wrote:
-- shawn.mckinney@jts.us is my new email address |