[389-users] Re: Admin Gateway over https

On Tue, 2018-03-13 at 10:55 +1000, William Brown wrote:
> On Thu, 2018-03-08 at 05:26 +0000, Eric Wheeler wrote:
> > Thanks for the confirmation regarding secure connections and the
> > clarification regarding dsgw. I will focus on other alternatives. I
> > would be interested in exploring cli tools and the API. Any
> > resources
> > to which you could point me would be appreciated. Thanks for the
> > help.
>
>
> Sorry for the very late reply,
>
> The new cli tools with 1.4.x are explained here:
>
> http://www.port389.org/docs/389ds/design/dsadm-dsconf.html
>
> These are a thin wrapper on our python library which has
> documentation
> (and I wish I could rememeber where it is >.>)
>
> There is a lot of example code, and I would be happy to help you get
> some working demos going, and explain how it all works if you want to
> pursue this further.

The docs are here! https://fedorapeople.org/~spichugi/html/

There are some improvements to still come to this api, but any
questions are very welcome :)


>
> Thanks!
>
>
> > > -----Original message-----
> > > From: William Brown
> > > Sent: Wednesday, March 7 2018, 1:47 pm
> > > To: General discussion list for the 389 Directory server project.
> > > Subject: [389-users] Re: Admin Gateway over https
> > >
> > > On Wed, 2018-03-07 at 01:18 +0000, Eric Wheeler wrote:
> > > > How does one properly configure the Directory Server Gateway to
> > >
> > > run
> > > > over https? Is such a setup necessary for secure connections if
> > >
> > > ldaps
> > > > over 636 is active?
> > >
> > > Yes, because you have:
> > >
> > > client -> https -> ldaps
> > >
> > > So you have to protect each stage of the communication.
> > >
> > > > I edited dsgw-httpd.conf until I was able to connect to the
> > >
> > > gateway
> > > > via https, but the setup was pretty buggy. Afterwards, I came
> > >
> > > across
> > > > a page in the documentation stating this file shouldn't be
> > >
> > > touched.
> > > >
> > > > My goal is to use the DS Gateway to edit the directory using
> > >
> > > secure
> > > > connections without resorting to other tools such as
> > > > phpLDAPadmin
> > > > which I've read is really designed for OpenLDAP.
> > >
> > > While I understand your desire, the dsgw software hasn't been
> > > touched
> > > by us in a long time - and I highly suspect it won't be supported
> > > for
> > > much longer. Sadly though, as far as a "web tool" we've had some
> > > delays
> > > building this up but it is on the way!
> > >
> > > Instead for 1.4.x we plan to release better cli tools with much
> > > more
> > > functionality that should be able to do everything you want.
> > >
> > > If you want to know more about these tools and our API for server
> > > interaction, I'm happy to provide you resources about this to
> > > help
> > > you
> > > and get it fit for your requirements,
> > >
> > > Hope that helps,
> > >
> > >
> > > > _______________________________________________
> > > > 389-users mailing list -- 389-users@lists.fedoraproject.org
> > > > To unsubscribe send an email to 389-users-leave@lists.fedorapro
> > > > je
> > >
> > > ct.o
> > > > rg
> > >
> > > _______________________________________________
> > > 389-users mailing list -- 389-users@lists.fedoraproject.org
> > > To unsubscribe send an email to 389-users-leave@lists.fedoraproje
> > > ct
> > > .org
>
> --
> Thanks,
>
> William Brown
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.o
> rg
--
Thanks,

William Brown
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org