On 04/10/2013 04:56 AM, suman karki wrote:
Here are the descriptions of the passwords fortress needs to be set during product installation: A. sudo.pw used for local linux system (if sudo priv's required). If you don't know for sure leave it blank. B. http.pw don't worry about this one yet. we can get to it later if/when you try to connect to enmasse via the fortress api. But this is an advanced move and you're not ready for it yet. C. root.pw is inserted into openldap slapd.conf file as password for root access of default db. This is also the password that would be used by any ldap client that needs to hit the server. # C is for openldap server and is the admin root password (the key word being ROOT). It will be automatically be loaded into openldap's slapd.conf file (during execution of init-slapd target). It may be encrypted using openldap's 'slappasswd' command or left unencrypted. This is openldap specific although it is related to fortress because fortress in this case installs and essentially manages the openldap server for you. D. log.root.pw is inserted into openldap slapd.conf as password for access to log db. # D is also bound for openldap server and is the audit log root password. It will also be automatically loaded into openldap's slapd.conf file. It may be encrypted using slapdpasswd or left unencrypted as well. If you don't need to access the openldap audit log remotely just accept the default on this. The takeway here is this is the password for ROOT access to slapd's audit log. E. cfg.log.root.pw this one is different than the others. It is inserted into fortress' fortress.properties (again during init-slapd target) so its management api's can access the default db. # So E is for fortress itself to access the openldap server remotely. It has to match what you have loaded in C. But if you choose to encrypt (as is the default) it must be performed using the fortress encryption utility not the openldap slappasswd command (fortress encryption is also described in the README file). For testing you can have E as plaintext, but you must tell fortress you don't need encryption by commenting out the following property: #crypto.prop=abcd12345 On 04/10/2013 04:56 AM, suman karki wrote:
from Fortress' README.txt: ################################################################################### # SECTION 12. Instructions to encrypt LDAP passwords used in openldap-fortress-core config files. ################################################################################### If you need the passwords for LDAP service accounts to be encrypted before loading into Fortress properties files you can use the 'encrypt' ant target. a. From FORTRESS_BUILDER_HOME root folder, enter the following command from a system prompt: >$ANT_HOME/bin/ant encrypt -Dparam1=secret encrypt: [echo] Encrypt a value [java] Encrypted value=wApnJUnuYZRBTF1zQNxX/Q== BUILD SUCCESSFUL Total time: 1 second b. Copy the Encrypted value and paste it into the corresponding build.properties setting, e.g.: # This OpenLDAP admin root pass is bound for fortress.properties and was encrypted using 'encrypt' target in build.xml: cfg.log.root.pw=wApnJUnuYZRBTF1zQNxX/Q== ################################################################################### On 04/10/2013 04:56 AM, suman karki wrote:
-- root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU -- log.root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU From Zytrax, http://www.zytrax.com/books/ldap/ch14/#slappasswd slappasswdSlappasswd is used to generate password strings - using a variety of algorithms - that can be used in files such as slapd.conf or LDIFs (for population of userPassword or authPassword attributes). This utility may be used to create the rootpw value. See examples below for how to add the password to the file. slappasswd [-v] [-u] [-s secret|-T file] [-h hash] [-c salt-format] On 04/10/2013 04:56 AM, suman karki wrote: fortress' build.properties file is only needed during the installation steps (i.e. init-slapd, install-enmasse-demo). If you are done with install procedures, you can change the values yourself in either the fortress.properties file (which is what fortress uses) or slapd.conf (which is what openldap uses). Cheers, Shawn -- shawn.mckinney@jts.us is my new email address |