On Thu, Oct 03, 2013 at 12:09:45PM +0100, Anja Le Blanc wrote: > On 03/10/2013 10:37, helix84 wrote: > > On Thu, Oct 3, 2013 at 11:20 AM, Anja Le Blanc > > <anja.lebl...@manchester.ac.uk> wrote: > >> I belong to 3. "Different Environments" group, which in my opinion > >> overlaps substantial with the minimum set properties. > >> > >> For the content of the 'build.properties' file I would include all the > >> configs where I would object/feel uneasy to commit them into a public > >> git repository (user names, passwords, addresses to some servers, ...). > >> Therefore I have only one file which is not in git. > > > > Hi Anja, > > > > in that case, it's not clear to me what you think about DS-1494. > > search.password is a password, but is not usable without the other > > LDAP options. Also, the LDAP server address might be sensitive by your > > definition. What's your position on build.properties and > > authentication options in general? Should build.properties include > > none, all, only some - which ones? > > Hi Helix, > > Yes, LDAP user name/password I would include in the build.properties > file. The LDAP server address probably not - in most institutions you > can find that one on an web page explaining how to set up LDAP > authentication. Since applications have to talk to it it can't be very > hidden.
For the specific case of LDAP credentials: this is environmental information and ought to be specified from "outside". These could be placed in an application resource file (in the LDAP provider sense: 'jndi.properties' somewhere on the classpath). Don't specify such things in the DSpace configuration at all. We might even be able to abstract the entire LDAP context creation process and leave only the details of how we want DSpace to *use* the initial context. This should be viewed as something similar to the way that the DBMS connection pool and (soon) the email Session can be pulled out to the runtime environment and made no longer DSpace's concern. The DSpace configuration should be configuring how *DSpace* operates, not (where we can separate them) how the infrastructure operates. In general we haven't paid enough attention to the support available from a servlet container and from the Java runtime environment. Connections to the outside world which we laboriously construct for ourselves might be injected instead. Heh, I'm in a ranting mood today.... -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
_______________________________________________ Dspace-devel mailing list Dspace-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-devel
