On Tue, Jun 9, 2015 at 12:24 PM, Michael Perelman < [email protected]> wrote:
> i agree that access to such file would indicate a much larger security > problem. nevertheless, security files of such nature should not be sitting > around on the disk. other partition do not since they are in the form of a > JdbmPartition, and neither should this one. all the passwords are already > hashed, so that is not my concern. my concern are all the password policies > that are defined within it, both OOTB ones, as well as the additional > custom ones i created for my own interceptor. so is there a way to load a > config.ldif into a JdbmPartition BEFORE starting directory service? thank > you! > it is not supported by the server at the moment, cause the preferred approach is to let users edit the config file. Having said that, the only way is to make this happen is to change the way server is initialized in your code, it is "doable", and should be easy to get it done. > > > Date: Tue, 9 Jun 2015 11:21:46 +0800 > > Subject: Re: config partition as JdbmPartition > > From: [email protected] > > To: [email protected] > > > > On Tue, Jun 9, 2015 at 5:24 AM, brock samson <[email protected]> > > wrote: > > > > > i am running apacheds2-M19 as embedded with some custom interceptors. > up > > > to this point, i have been using SingleFileLdifPartition to load my > > > config.ldif file. since it loads the config.ldif before > > > DefaultDirectoryService.start(), i am also able to manually set the > > > interceptors via DefaultDirectoryService.setInterceptors() before the > start > > > as well. what i do not like about it is that it requires the > config.ldif > > > file to be on the disk in clear text, which is a security risk in my > > > opinion. what i would like is for the config partition to > > > > is your concern about clear text passwords in config.ldif? if yes, the > just > > turn them into salted hashes > > other than this I don't see any other security issues with having config > in > > plain text. (If someone managed > > to reach this far to access your config file then there is a much bigger > > hole in the network/system ;) > > > > look like all other partitions (i.e. system partition), which is a > > > collection of .db and .lg files. i am able to accomplish that by using > > > JdbmPartition class, but i cannot successfully load the config.ldif > file > > > via new LdifFileLoader(DefaultDirectoryService.getAdminSession(), > > > config.ldif, null).execute() until after > DefaultDirectoryService.start(), > > > which makes it too late to set interceptors. is there a way to have > config > > > partition as JdbmPartition AND load its config.ldif before starting the > > > service? or is there a another way to not have config.ldif on the disk > in > > > clear text? thanks! > > > > no, it is not possible to have this config loaded into any other > partition > > type > > > > > > > > -- > > Kiran Ayyagari > > http://keydap.com > > -- Kiran Ayyagari http://keydap.com
