Author: rmeggins
Update of /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23221/directoryconsole/src/com/netscape/admin/dirserv/panel/replication
Modified Files:
ActiveDirectoryAgreement.java AgreementDestinationPanel.java
AgreementPanel.java AgreementWizard.java
AgreementWizardInfo.java IReplicationAgreement.java
MMRAgreement.java ReplicationAgreement.java
ReplicationTool.java WAgreementDestinationPanel.java
WAgreementSummaryPanel.java
WindowsAgreementDestinationPanel.java
WindowsAgreementWizard.java WindowsAgreementWizardInfo.java
replication.properties
Log Message:
Resolves: bug 469261
Bug Description: Support server-to-server SASL - console replication changes
Reviewed by: nkinder (Thanks!)
Fix Description: This adds support for starttls, gssapi, and digest to the console for setting up replication agreements.
1) Instead of a checkbox for use ssl, I added 3 radio buttons - no ssl, regular ldaps, starttls - note: active directory supports starttls
2) To the ssl auth and simple auth radio buttons, I added gssapi and digest. The way the logic works is that gssapi is only allowed when using regular ldap, digest and simple bind are allowed always, ssl auth is only allowed with one of the ssl options. gssapi allows an empty bind dn and password, but digest and simple require a bind dn and password. NOTE: we do not support anything other than simple bind with active directory in the GUI
I also changed the wording a little bit, and added tool tips (which will hopefully not be too annoying)
I did not add additional checking e.g. the console cannot verify that kerberos is set up properly
Platforms tested: RHEL5
Flag Day: no
Doc impact: oh yes
Index: ActiveDirectoryAgreement.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/ActiveDirectoryAgreement.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ActiveDirectoryAgreement.java 18 Jul 2005 00:56:06 -0000 1.1.1.1
+++ ActiveDirectoryAgreement.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -149,6 +149,7 @@
} else if (attr.getName().equalsIgnoreCase(
ReplicationTool.REPLICA_TRANSPORT_ATTR)) {
setUseSSL(val);
+ setUseStartTLS(val);
} else if (attr.getName().equalsIgnoreCase(
ReplicationTool.MMR_NAME_ATTR)) {
cn = val;
@@ -248,13 +249,18 @@
newAttrs.add(attr);
}
- if( useSSL ) {
- attr = new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
- ReplicationTool.REPLICA_TRANSPORT_SSL );
+ if( useSSL || useStartTLS ) {
+ if (useStartTLS) {
+ attr = new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_TLS );
+ } else {
+ attr = new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_SSL );
+ }
newAttrs.add(attr);
}
- if( useSSL && useSSLAuth ) {
+ if( (useSSL || useStartTLS) && useSSLAuth ) {
attr = new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
ReplicationTool.REPLICA_BINDMETHOD_SSLCLIENTAUTH );
newAttrs.add(attr);
Index: AgreementDestinationPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/AgreementDestinationPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- AgreementDestinationPanel.java 18 Jul 2005 00:56:06 -0000 1.1.1.1
+++ AgreementDestinationPanel.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -82,20 +82,55 @@
_myPanel.setLayout(new GridBagLayout());
_myPanel.setBackground(getBackground());
+ //connection radio buttons
+ ButtonGroup connGroup = new ButtonGroup();
+ //plain old ldap button
+ _noEncrypt = makeJRadioButton(_resource.getString(
+ "replication-destination-noEncrypt","label"));
+ _noEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-noEncrypt","ttip"));
+ connGroup.add(_noEncrypt);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.NONE;
+ gbc.weightx = 1.0;
+ _myPanel.add(_noEncrypt, gbc);
+
//ssl check box
- _sslEncrypt = makeJCheckBox(_resource.getString(
+ _sslEncrypt = makeJRadioButton(_resource.getString(
"replication-destination-sslEncrypt","label"));
+ _sslEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-sslEncrypt","ttip"));
+ connGroup.add(_sslEncrypt);
ReplicationTool.resetGBC(gbc);
- gbc.anchor = gbc.WEST;
+ gbc.anchor = gbc.WEST;
gbc.gridwidth = gbc.REMAINDER;
gbc.fill = gbc.NONE;
gbc.weightx=1.0;
_myPanel.add(_sslEncrypt, gbc);
+ //tls check box
+ _tlsEncrypt = makeJRadioButton(_resource.getString(
+ "replication-destination-startTLS","label"));
+ _tlsEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-startTLS","ttip"));
+ connGroup.add(_tlsEncrypt);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.NONE;
+ gbc.weightx=1.0;
+ _myPanel.add(_tlsEncrypt, gbc);
+
/* add DSEntry to correctly update field
coloring and buttons enabling/disabling */
+ _ldapDSEntry = new DSEntryBoolean ("on", _noEncrypt);
+ setComponentTable(_noEncrypt, _ldapDSEntry);
_sslDSEntry = new DSEntryBoolean ("off", _sslEncrypt);
setComponentTable(_sslEncrypt, _sslDSEntry);
+ _tlsDSEntry = new DSEntryBoolean ("off", _tlsEncrypt);
+ setComponentTable(_tlsEncrypt, _tlsDSEntry);
//auth using label
JLabel auth = makeJLabel(_resource.getString(
@@ -116,40 +151,80 @@
gbc.insets = new Insets(0,0,0,0);
_myPanel.add(authModePanel, gbc);
- //ssl auth radio button
- ButtonGroup authGroup = new ButtonGroup();
- _sslAuth = makeJRadioButton(_resource.getString(
- "replication-destination-sslClientAuth","label"));
- authGroup.add(_sslAuth);
- ReplicationTool.resetGBC(gbc);
- gbc.anchor = gbc.WEST;
- gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
- gbc.weightx=1.0;
- authModePanel.add(_sslAuth, gbc);
-
- /* add DSEntry to correctly update field
- coloring and buttons enabling/disabling */
- _sslAuthDSEntry = new DSEntryBoolean ("off", _sslAuth);
- setComponentTable(_sslAuth, _sslAuthDSEntry);
+ if(_agreement.getAgreementType() != ReplicationAgreement.AGREEMENT_TYPE_AD) {
+ //ssl auth radio button
+ ButtonGroup authGroup = new ButtonGroup();
+ _sslAuth = makeJRadioButton(_resource.getString(
+ "replication-destination-sslClientAuth","label"));
+ _sslAuth.setToolTipText(_resource.getString(
+ "replication-destination-sslClientAuth","ttip"));
+ authGroup.add(_sslAuth);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.NONE;
+ gbc.weightx=1.0;
+ authModePanel.add(_sslAuth, gbc);
+
+ /* add DSEntry to correctly update field
+ coloring and buttons enabling/disabling */
+ _sslAuthDSEntry = new DSEntryBoolean ("off", _sslAuth);
+ setComponentTable(_sslAuth, _sslAuthDSEntry);
+
+ //gssapi auth radio button
+ _gssapiAuth = makeJRadioButton(_resource.getString(
+ "replication-destination-gssapiAuth","label"));
+ _gssapiAuth.setToolTipText(_resource.getString(
+ "replication-destination-gssapiAuth","ttip"));
+ authGroup.add(_gssapiAuth);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.NONE;
+ gbc.weightx = 1.0;
+ authModePanel.add(_gssapiAuth, gbc);
- //simple auth radio button
- _simpAuth = makeJRadioButton(_resource.getString(
- "replication-destination-simpleAuth","label"));
- authGroup.add(_simpAuth);
- ReplicationTool.resetGBC(gbc);
- gbc.insets.top = 0;
- gbc.anchor = gbc.WEST;
- gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
- gbc.weightx=1.0;
- authModePanel.add(_simpAuth, gbc);
+ /* add DSEntry to correctly update field
+ coloring and buttons enabling/disabling */
+ _gssapiAuthDSEntry = new DSEntryBoolean ("off", _gssapiAuth);
+ setComponentTable(_gssapiAuth, _gssapiAuthDSEntry);
+
+ //digest auth radio button
+ _digestAuth = makeJRadioButton(_resource.getString(
+ "replication-destination-digestAuth","label"));
+ _digestAuth.setToolTipText(_resource.getString(
+ "replication-destination-digestAuth","ttip"));
+ authGroup.add(_digestAuth);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.NONE;
+ gbc.weightx = 1.0;
+ authModePanel.add(_digestAuth, gbc);
- /* add DSEntry to correctly update field
- coloring and buttons enabling/disabling */
- _simpAuthDSEntry = new DSEntryBoolean ("on", _simpAuth);
- setComponentTable(_simpAuth, _simpAuthDSEntry);
+ /* add DSEntry to correctly update field
+ coloring and buttons enabling/disabling */
+ _digestAuthDSEntry = new DSEntryBoolean ("off", _digestAuth);
+ setComponentTable(_digestAuth, _digestAuthDSEntry);
+
+ //simple auth radio button
+ _simpAuth = makeJRadioButton(_resource.getString(
+ "replication-destination-simpleAuth","label"));
+ authGroup.add(_simpAuth);
+ ReplicationTool.resetGBC(gbc);
+ gbc.insets.top = 0;
+ gbc.anchor = gbc.WEST;
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.NONE;
+ gbc.weightx=1.0;
+ authModePanel.add(_simpAuth, gbc);
+ /* add DSEntry to correctly update field
+ coloring and buttons enabling/disabling */
+ _simpAuthDSEntry = new DSEntryBoolean ("on", _simpAuth);
+ setComponentTable(_simpAuth, _simpAuthDSEntry);
+ }
+
//simp panel
JPanel simpPanel = new JPanel(new GridBagLayout());
ReplicationTool.resetGBC(gbc);
@@ -202,7 +277,7 @@
/* add DSEntry to correctly update field
coloring and buttons enabling/disabling */
- _pwdDSEntry = new DSEntryTextStrict ("", _pwdText, _pwd);
+ _pwdDSEntry = new pwdDSEntry ("", _pwdText, _pwd);
setComponentTable(_pwdText, _pwdDSEntry);
if(_agreement.getAgreementType() == ReplicationAgreement.AGREEMENT_TYPE_AD){
@@ -275,9 +350,13 @@
}
private void enableFields(){
- _sslEncrypt.setEnabled(false);
- _sslAuth.setEnabled(_sslEncrypt.isSelected());
- _simpAuth.setEnabled(_sslEncrypt.isSelected());
+ boolean ssl = _sslEncrypt.isSelected() || _tlsEncrypt.isSelected();
+ if (_sslAuth != null) {
+ _sslAuth.setEnabled(ssl);
+ }
+ if (_gssapiAuth != null) {
+ _gssapiAuth.setEnabled(!ssl);
+ }
}
@@ -298,35 +377,81 @@
}
//========= ACTIONLISTENER =================
- public void actionPerformed(ActionEvent e) {
- if (e.getSource().equals(_sslAuth)) {
- if (_sslAuth.isSelected()) {
- //disable
- enableSimpleAuth (false);
- }
- }
- if (e.getSource().equals(_simpAuth)) {
- if (_simpAuth.isSelected()) {
- //enable
- enableSimpleAuth (true);
- }
+ public void actionPerformed(ActionEvent e) {
+ _bindDSEntry.setSkipCheck(false);
+ _pwdDSEntry.setSkipCheck(false);
+ if (e.getSource().equals(_sslAuth) && _sslAuth.isSelected()) {
+ setDirtyFlag();
+ //disable
+ enableSimpleAuth (false);
+ }
+ if (e.getSource().equals(_gssapiAuth) && _gssapiAuth.isSelected()) {
+ setDirtyFlag();
+ // enable
+ enableSimpleAuth (true);
+ // requires ldap
+ _noEncrypt.setSelected(true);
+ /* set to use non-SSL port LDAP */
+ _portAttr = ATTR_PORT;
+ _bindDSEntry.setSkipCheck(true);
+ _pwdDSEntry.setSkipCheck(true);
+ }
+ if (e.getSource().equals(_simpAuth) && _simpAuth.isSelected()) {
+ setDirtyFlag();
+ //enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_digestAuth) && _digestAuth.isSelected()) {
+ setDirtyFlag();
+ //enable
+ enableSimpleAuth (true);
+ }
+
+ if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) {
+ setDirtyFlag();
+ //disable
+ if (_sslAuth != null) {
+ _sslAuth.setEnabled(false);
+ }
+ //enable
+ if ((_sslAuth != null) && _sslAuth.isSelected() && (_simpAuth != null)) {
+ // have to select something else
+ _simpAuth.setSelected(true);
+ }
+ enableSimpleAuth(true);
+ if (_gssapiAuth != null) {
+ _gssapiAuth.setEnabled(true);
+ }
+ if (_digestAuth != null) {
+ _digestAuth.setEnabled(true);
+ }
+
+ /* set to use non-SSL port */
+ _portAttr = ATTR_PORT;
+ }
+ boolean ssl_selected = false;
+ if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) {
+ /* set to use SSL port */
+ _portAttr = ATTR_SSL_PORT;
+ ssl_selected = true;
}
- if (e.getSource().equals(_sslEncrypt)) {
- setDirtyFlag();
- if (_sslEncrypt.isSelected()) {
- //enable
- _sslAuth.setEnabled(true);
-
- _portAttr = ATTR_SSL_PORT;
- } else {
- //disable
- _sslAuth.setEnabled(false);
- //enable
- _simpAuth.setSelected(true);
- enableSimpleAuth (true);
-
- _portAttr = ATTR_PORT;
- }
+ if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) {
+ /* set to use non-SSL port for startTLS */
+ _portAttr = ATTR_PORT;
+ ssl_selected = true;
+ }
+ if (ssl_selected) {
+ if (_sslAuth != null) {
+ _sslAuth.setEnabled(true);
+ }
+ if (_gssapiAuth != null) {
+ _gssapiAuth.setEnabled(false);
+ if (_gssapiAuth.isSelected()) {
+ // have to select something else
+ _simpAuth.setSelected(true);
+ enableSimpleAuth(true);
+ }
+ }
}
super.actionPerformed (e);
}
@@ -351,34 +476,30 @@
public void getUpdateInfo( Object inf ) {
AgreementWizardInfo info = (AgreementWizardInfo)inf;
- if (_sslEncrypt.isSelected())
- info.setSSL(true);
- else
- info.setSSL(false);
+ info.setStartTLS(_tlsEncrypt.isSelected());
+ info.setSSL(_sslEncrypt.isSelected());
+ info.setSSLAuth( (_sslAuth != null) && _sslAuth.isSelected() );
+ info.setGSSAPIAuth( (_gssapiAuth != null) && _gssapiAuth.isSelected() );
+ info.setDigestAuth( (_digestAuth != null) && _digestAuth.isSelected() );
- if (!_sslAuth.isSelected()) {
- info.setBindDN(_bindText.getText());
- info.setBindPWD(_pwdText.getText());
- info.setSSLAuth( false );
- if(_agreement.getAgreementType() == ReplicationAgreement.AGREEMENT_TYPE_AD)
- {
- if(_newWinUserSyncCB.isSelected())
- {
- info.setNewWinUserSync("on");
- }else{
- info.setNewWinUserSync("off");
- }
- if(_newWinGroupSyncCB.isSelected())
- {
- info.setNewWinGroupSync("on");
- }else{
- info.setNewWinGroupSync("off");
- }
- }
- } else {
+ if (info.getSSLAuth()) {
info.setBindDN("");
info.setBindPWD("");
- info.setSSLAuth( true );
+ } else {
+ info.setBindDN(_bindText.getText());
+ info.setBindPWD(_pwdText.getText());
+ }
+ if(_agreement.getAgreementType() == ReplicationAgreement.AGREEMENT_TYPE_AD) {
+ if(_newWinUserSyncCB.isSelected()) {
+ info.setNewWinUserSync("on");
+ }else{
+ info.setNewWinUserSync("off");
+ }
+ if(_newWinGroupSyncCB.isSelected()) {
+ info.setNewWinGroupSync("on");
+ }else{
+ info.setNewWinGroupSync("off");
+ }
}
}
@@ -409,29 +530,35 @@
_origPwd = _agreement.getBindCredentials();
_origBindDN = _agreement.getBindDN();
}
- if (_agreement.getUseSSL()) {
- _sslDSEntry.fakeInitModel ("on");
- _sslEncrypt.setSelected(true);
- _portAttr = ATTR_SSL_PORT;
-
- if (_agreement.getUseSSLAuth()) {
- //SSL client Auth
- enableSimpleAuth (false);
- _sslAuth.setEnabled(true);
- _sslAuthDSEntry.fakeInitModel ("on");
- _simpAuthDSEntry.fakeInitModel ("off");
-
- } else {
- //Simple Auth with SSL
- _sslAuth.setEnabled(true);
- _simpAuth.setSelected(true);
- _simpAuthDSEntry.fakeInitModel ("on");
- enableSimpleAuth (true);
- }
- } else {
- _portAttr = ATTR_PORT;
- setSimpAuth();
+ boolean ssl = _agreement.getUseSSL() || _agreement.getUseStartTLS();
+ _ldapDSEntry.fakeInitModel(ssl ? "off" : "on");
+ _noEncrypt.setSelected(!ssl);
+ _sslEncrypt.setSelected(_agreement.getUseSSL());
+ _sslDSEntry.fakeInitModel(_agreement.getUseSSL() ? "on" : "off");
+ _tlsEncrypt.setSelected(_agreement.getUseStartTLS());
+ _tlsDSEntry.fakeInitModel(_agreement.getUseStartTLS() ? "on" : "off");
+ _portAttr = _agreement.getUseSSL() ? ATTR_SSL_PORT : ATTR_PORT;
+
+ if (_sslAuth != null) {
+ _sslAuth.setEnabled(ssl);
+ _sslAuth.setSelected(_agreement.getUseSSLAuth());
+ _sslAuthDSEntry.fakeInitModel (_agreement.getUseSSLAuth() ? "on" : "off");
+ enableSimpleAuth (!_agreement.getUseSSLAuth());
+ }
+ if (_gssapiAuth != null) {
+ _gssapiAuth.setEnabled(!ssl);
+ _gssapiAuth.setSelected(_agreement.getUseGSSAPIAuth());
+ _gssapiAuthDSEntry.fakeInitModel (_agreement.getUseGSSAPIAuth() ? "on" : "off");
+ }
+ if (_digestAuth != null) {
+ _digestAuth.setSelected(_agreement.getUseDigestAuth());
+ _digestAuthDSEntry.fakeInitModel (_agreement.getUseDigestAuth() ? "on" : "off");
+ }
+ if (_simpAuth != null) {
+ _simpAuth.setEnabled(!_agreement.getUseSSLAuth());
+ _simpAuthDSEntry.fakeInitModel (_agreement.getUseSSLAuth() ? "on" : "off");
}
+
if(_agreement.getAgreementType() == ReplicationAgreement.AGREEMENT_TYPE_AD){
if(((ActiveDirectoryAgreement)_agreement).getNewWinUserSync().compareTo("on") == 0){
_newWinUserSyncCB.setSelected(true);
@@ -450,16 +577,6 @@
}
}
- /**
- * Set simple auth selection
- */
- private void setSimpAuth() {
- //Simple Auth no SSL
- _sslDSEntry.fakeInitModel ("off");
- _sslAuth.setEnabled(false);
- _simpAuthDSEntry.fakeInitModel ("on");
- }
-
private void enableSimpleAuth (boolean enable){
_bind.setEnabled(enable);
_bind.repaint(1);
@@ -485,6 +602,8 @@
class bindDSEntry extends DSEntryTextStrict
{
+ private boolean skipCheck = false;
+
bindDSEntry(String model, JComponent view1, JComponent view2) {
super (model, view1, view2);
}
@@ -496,15 +615,50 @@
/* disabled field is always valid */
if (!tf.isEnabled ())
return 0;
+
+ if (skipCheck) {
+ return 0;
+ }
if (!dn.equals ("") && DSUtil.isValidDN (dn))
return 0;
else
return 1;
}
+
+ public void setSkipCheck(boolean val) {
+ skipCheck = val;
+ }
}
- /*==========================================================
+ class pwdDSEntry extends DSEntryTextStrict
+ {
+ private boolean skipCheck = false;
+
+ pwdDSEntry(String model, JComponent view1, JComponent view2) {
+ super (model, view1, view2);
+ }
+
+ public int validate (){
+ JTextField tf = (JTextField) getView (0);
+ String dn = tf.getText ();
+
+ /* disabled field is always valid */
+ if (!tf.isEnabled ())
+ return 0;
+
+ if (skipCheck) {
+ return 0;
+ }
+ return super.validate();
+ }
+
+ public void setSkipCheck(boolean val) {
+ skipCheck = val;
+ }
+ }
+
+ /*==========================================================
* variables
*==========================================================*/
private ConsoleInfo _serverInfo;
@@ -517,20 +671,25 @@
private boolean refreshed = false;
JTextField _bindText;
- private JCheckBox _sslEncrypt, _newWinUserSyncCB, _newWinGroupSyncCB;
- private JRadioButton _simpAuth, _sslAuth;
+ private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt;
+ private JCheckBox _newWinUserSyncCB, _newWinGroupSyncCB;
+ private JRadioButton _simpAuth = null, _sslAuth = null, _gssapiAuth = null, _digestAuth = null;
JPasswordField _pwdText;
private JLabel _bind, _pwd, _newWinUserSync, _newWinGroupSync;
private JFrame _frame;
private ImageIcon _icon;
private bindDSEntry _bindDSEntry;
- private DSEntryTextStrict _pwdDSEntry;
+ private pwdDSEntry _pwdDSEntry;
private DSEntryBoolean _newUserDSEntry;
private DSEntryBoolean _newGroupDSEntry;
+ private DSEntryBoolean _ldapDSEntry;
private DSEntryBoolean _sslDSEntry;
- private DSEntryBoolean _sslAuthDSEntry;
- private DSEntryBoolean _simpAuthDSEntry;
+ private DSEntryBoolean _tlsDSEntry;
+ private DSEntryBoolean _sslAuthDSEntry = null;
+ private DSEntryBoolean _simpAuthDSEntry = null;
+ private DSEntryBoolean _gssapiAuthDSEntry = null;
+ private DSEntryBoolean _digestAuthDSEntry = null;
private String _origBindDN;
private String _origPwd;
Index: AgreementPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/AgreementPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- AgreementPanel.java 18 Jul 2005 00:56:06 -0000 1.1.1.1
+++ AgreementPanel.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -131,6 +131,7 @@
// Determine whether SSL is used and what type.
info.setSSL(_adAgreement.getUseSSL());
+ info.setStartTLS(_adAgreement.getUseStartTLS());
info.setSSLAuth(_adAgreement.getUseSSLAuth());
// Set the description.
@@ -254,8 +255,11 @@
_agreement.setReplicatedSubtree(info.getSubtree());
_agreement.setUpdateSchedule(info.getDate());
_agreement.setUseSSL(info.getSSL());
+ _agreement.setUseStartTLS(info.getStartTLS());
_agreement.setUseSSLAuth( info.getSSLAuth());
-
+ _agreement.setUseGSSAPIAuth( info.getGSSAPIAuth());
+ _agreement.setUseDigestAuth( info.getDigestAuth());
+
if (info.getBindDN().equals("")) {
_agreement.setBindDN(null);
} else {
Index: AgreementWizard.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/AgreementWizard.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- AgreementWizard.java 18 Jul 2005 00:56:07 -0000 1.1.1.1
+++ AgreementWizard.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -20,6 +20,7 @@
package com.netscape.admin.dirserv.panel.replication;
import java.awt.*;
+
import com.netscape.admin.dirserv.wizard.*;
import javax.swing.*;
import com.netscape.management.client.util.*;
@@ -37,7 +38,7 @@
public class AgreementWizard extends WizardWidget {
public AgreementWizard(JFrame parent, AgreementWizardInfo info) {
- super(parent, _resource.getString("replication-agreementWizard","label"));
+ super(parent, _resource.getString("replication-agreementWizard","label"), new Dimension(460,550));
getAccessibleContext().setAccessibleDescription(_resource.getString("replication-agreementWizard",
"description"));
//parent.setIconImage(ReplicationTool.getImage(_resource.getString("replication-agreementWizard","frameIcon")).getImage());
@@ -62,6 +63,7 @@
}
info.setSubtree(info.getCopyAgreement().getReplicatedSubtree());
info.setSSL(info.getCopyAgreement().getUseSSL());
+ info.setStartTLS(info.getCopyAgreement().getUseStartTLS());
if (info.getCopyAgreement().getBindDN()!= null) {
info.setBindDN(info.getCopyAgreement().getBindDN());
} else {
Index: AgreementWizardInfo.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/AgreementWizardInfo.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- AgreementWizardInfo.java 18 Jul 2005 00:56:07 -0000 1.1.1.1
+++ AgreementWizardInfo.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -213,6 +213,18 @@
return false;
}
+ //ssl
+ void setStartTLS(boolean type) {
+ _content.put(AGREEMENT_EXTENSION+"startTLS", new Boolean(type));
+ }
+
+ boolean getStartTLS() {
+ if (_content.get(AGREEMENT_EXTENSION+"startTLS")!= null)
+ return ((Boolean)_content.get(AGREEMENT_EXTENSION+"startTLS")).booleanValue();
+ else
+ return false;
+ }
+
//Auth type
void setSSLAuth(boolean type) {
_content.put(AGREEMENT_EXTENSION+"sslauth", new Boolean(type));
@@ -225,6 +237,30 @@
return false;
}
+ //Auth type
+ void setGSSAPIAuth(boolean type) {
+ _content.put(AGREEMENT_EXTENSION+"gssapi", new Boolean(type));
+ }
+
+ boolean getGSSAPIAuth() {
+ if (_content.get(AGREEMENT_EXTENSION+"gssapi")!= null)
+ return ((Boolean)_content.get(AGREEMENT_EXTENSION+"gssapi")).booleanValue();
+ else
+ return false;
+ }
+
+ //Auth type
+ void setDigestAuth(boolean type) {
+ _content.put(AGREEMENT_EXTENSION+"digest", new Boolean(type));
+ }
+
+ boolean getDigestAuth() {
+ if (_content.get(AGREEMENT_EXTENSION+"digest")!= null)
+ return ((Boolean)_content.get(AGREEMENT_EXTENSION+"digest")).booleanValue();
+ else
+ return false;
+ }
+
//bindDN
void setBindDN(String dn) {
if (dn != null) {
@@ -390,12 +426,20 @@
buf.append(" ");
buf.append(_resource.getString("replication-destination-sslEncrypt","label")+"\n");
}
+ if (getStartTLS()) {
+ buf.append(" ");
+ buf.append(_resource.getString("replication-destination-startTLS","label")+"\n");
+ }
//bind info
buf.append(" ");
buf.append(_resource.getString("replication-destination-authUsing","label")+" ");
if (getSSL() && getSSLAuth()) {
buf.append(_resource.getString("replication-destination-sslClientAuth","label")+"\n");
+ } else if (getGSSAPIAuth()) {
+ buf.append(_resource.getString("replication-destination-gssapiAuth","label")+"\n");
+ } else if (getDigestAuth()) {
+ buf.append(_resource.getString("replication-destination-digestAuth","label")+"\n");
} else {
buf.append(_resource.getString("replication-destination-simpleAuth","label")+"\n");
}
Index: IReplicationAgreement.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/IReplicationAgreement.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- IReplicationAgreement.java 18 Jul 2005 00:56:07 -0000 1.1.1.1
+++ IReplicationAgreement.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -157,6 +157,21 @@
public String[] getUpdateScheduleStrings();
/**
+ * Set the useStartTLS flag
+ */
+ public void setUseStartTLS(String val);
+
+ /**
+ * Set the useSSL flag
+ */
+ public void setUseStartTLS(boolean val);
+
+ /**
+ * Get the useSSL flag
+ */
+ public boolean getUseStartTLS();
+
+ /**
* Set the useSSL flag
*/
public void setUseSSL(String val);
@@ -172,6 +187,51 @@
public boolean getUseSSL();
/**
+ * Set the sslAuth flag
+ */
+ public void setUseSSLAuth(String val);
+
+ /**
+ * Set the sslAuth flag
+ */
+ public void setUseSSLAuth(boolean val);
+
+ /**
+ * Get the sslAuth flag
+ */
+ public boolean getUseSSLAuth();
+
+ /**
+ * Set the GSSAPIAuth flag
+ */
+ public void setUseGSSAPIAuth(String val);
+
+ /**
+ * Set the GSSAPIAuth flag
+ */
+ public void setUseGSSAPIAuth(boolean val);
+
+ /**
+ * Get the GSSAPIAuth flag
+ */
+ public boolean getUseGSSAPIAuth();
+
+ /**
+ * Set the DigestAuth flag
+ */
+ public void setUseDigestAuth(String val);
+
+ /**
+ * Set the DigestAuth flag
+ */
+ public void setUseDigestAuth(boolean val);
+
+ /**
+ * Get the DigestAuth flag
+ */
+ public boolean getUseDigestAuth();
+
+ /**
* Get the CN (common name) of this entry
*/
public String getEntryCN();
Index: MMRAgreement.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/MMRAgreement.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- MMRAgreement.java 18 Jul 2005 00:56:07 -0000 1.1.1.1
+++ MMRAgreement.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -20,6 +20,7 @@
package com.netscape.admin.dirserv.panel.replication;
import netscape.ldap.*;
+
import com.netscape.management.client.util.Debug;
import com.netscape.management.client.util.ResourceSet;
import com.netscape.management.client.console.ConsoleInfo;
@@ -156,12 +157,15 @@
} else if (attr.getName().equalsIgnoreCase(
ReplicationTool.REPLICA_TRANSPORT_ATTR)) {
setUseSSL(val);
+ setUseStartTLS(val);
} else if (attr.getName().equalsIgnoreCase(
ReplicationTool.MMR_NAME_ATTR)) {
cn = val;
} else if (attr.getName().equalsIgnoreCase(
ReplicationTool.REPLICA_BINDMETHOD_ATTR)) {
setUseSSLAuth(val);
+ setUseGSSAPIAuth(val);
+ setUseDigestAuth(val);
} else if (attr.getName().equalsIgnoreCase(
ReplicationTool.REPLICA_REFRESH_ATTR)) {
setORCValue(val);
@@ -224,22 +228,30 @@
newAttrs.add(attr);
}
- if( useSSL ) {
- attr = new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
- ReplicationTool.REPLICA_TRANSPORT_SSL );
- newAttrs.add(attr);
-
- }
- if( useSSL && useSSLAuth ) {
- attr = new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
- ReplicationTool.REPLICA_BINDMETHOD_SSLCLIENTAUTH );
- newAttrs.add(attr);
+ if ( useStartTLS ) {
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_TLS ));
+ } else if ( useSSL ) {
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_SSL ));
+ } else {
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_LDAP ));
+ }
+
+ if ( useSSLAuth ) {
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SSLCLIENTAUTH ));
+ } else if ( useGSSAPIAuth ) {
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SASL_GSSAPI ));
+ } else if ( useDigestAuth ) {
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SASL_DIGEST_MD5 ));
} else {
- attr = new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
- ReplicationTool.REPLICA_BINDMETHOD_SIMPLE );
- newAttrs.add(attr);
+ newAttrs.add(new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SIMPLE ));
}
-
// XXXggood filtered and selective attribute attributes would
// get written
@@ -327,14 +339,30 @@
}
Debug.println("MMRAgreement.writeToServer: useSSLAuth="+ useSSLAuth );
- if( useSSLAuth ) {
- attr = new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
- ReplicationTool.REPLICA_BINDMETHOD_SSLCLIENTAUTH );
- } else {
- attr = new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
- ReplicationTool.REPLICA_BINDMETHOD_SIMPLE );
- }
- mods.add(LDAPModification.REPLACE, attr);
+ if ( useStartTLS ) {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_TLS ));
+ } else if ( useSSL ) {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_SSL ));
+ } else {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_TRANSPORT_ATTR,
+ ReplicationTool.REPLICA_TRANSPORT_LDAP ));
+ }
+
+ if ( useSSLAuth ) {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SSLCLIENTAUTH ));
+ } else if ( useGSSAPIAuth ) {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SASL_GSSAPI ));
+ } else if ( useDigestAuth ) {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SASL_DIGEST_MD5 ));
+ } else {
+ mods.add(LDAPModification.REPLACE, new LDAPAttribute(ReplicationTool.REPLICA_BINDMETHOD_ATTR,
+ ReplicationTool.REPLICA_BINDMETHOD_SIMPLE ));
+ }
String[] sched = getUpdateScheduleStrings();
attr = new LDAPAttribute(ReplicationTool.REPLICA_SCHEDULE_ATTR);
Index: ReplicationAgreement.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/ReplicationAgreement.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- ReplicationAgreement.java 2 Jul 2007 19:44:09 -0000 1.2
+++ ReplicationAgreement.java 24 Nov 2008 16:09:23 -0000 1.3
@@ -337,6 +337,34 @@
return useSSL;
}
+ /**
+ * Set the useStartTLS flag
+ */
+ public void setUseStartTLS(String val) {
+ Debug.println(8,"ReplicationAgreement.useStartTLS() val = " + val);
+ if ((val != null) && val.equals(ReplicationTool.REPLICA_TRANSPORT_TLS)) {
+ useStartTLS = true;
+ useSSL = false;
+ } else {
+ useStartTLS = false;
+ }
+ Debug.println(8,"ReplicationAgreement.useStartTLS() = " + useStartTLS );
+ }
+
+ /**
+ * Set the useSSL flag
+ */
+ public void setUseStartTLS(boolean val) {
+ useStartTLS = val;
+ }
+
+ /**
+ * Get the useSSL flag
+ */
+ public boolean getUseStartTLS() {
+ return useStartTLS;
+ }
+
/**
* Set the setUseSSLAuth flag
*/
@@ -364,6 +392,59 @@
return useSSLAuth;
}
+ /**
+ * Set the setUseGSSAPIAuth flag
+ */
+ public void setUseGSSAPIAuth(String val) {
+ if (val.equalsIgnoreCase("true")) {
+ useGSSAPIAuth = true;
+ } else if (val.equals(ReplicationTool.REPLICA_BINDMETHOD_SASL_GSSAPI)) {
+ useGSSAPIAuth = true;
+ } else {
+ useGSSAPIAuth = false;
+ }
+ }
+
+ /**
+ * Set the setUseGSSAPIAuth flag
+ */
+ public void setUseGSSAPIAuth(boolean val) {
+ useGSSAPIAuth = val;
+ }
+
+ /**
+ * Get the setUseGSSAPIAuth flag
+ */
+ public boolean getUseGSSAPIAuth() {
+ return useGSSAPIAuth;
+ }
+
+ /**
+ * Set the setUseDigestAuth flag
+ */
+ public void setUseDigestAuth(String val) {
+ if (val.equalsIgnoreCase("true")) {
+ useDigestAuth = true;
+ } else if (val.equals(ReplicationTool.REPLICA_BINDMETHOD_SASL_DIGEST_MD5)) {
+ useDigestAuth = true;
+ } else {
+ useDigestAuth = false;
+ }
+ }
+
+ /**
+ * Set the setUseDigestAuth flag
+ */
+ public void setUseDigestAuth(boolean val) {
+ useDigestAuth = val;
+ }
+
+ /**
+ * Get the setUseDigestAuth flag
+ */
+ public boolean getUseDigestAuth() {
+ return useDigestAuth;
+ }
/**
* Set the type of agreement.
@@ -1265,10 +1346,16 @@
ReplicationTool.REPLICA_CRED_ATTR);
setUseSSL(DSUtil.getAttrValue(entry,
- ReplicationTool.REPLICA_TRANSPORT_ATTR));
+ ReplicationTool.REPLICA_TRANSPORT_ATTR));
+ setUseStartTLS(DSUtil.getAttrValue(entry,
+ ReplicationTool.REPLICA_TRANSPORT_ATTR));
setUseSSLAuth(DSUtil.getAttrValue(entry,
ReplicationTool.REPLICA_BINDMETHOD_ATTR));
+ setUseGSSAPIAuth(DSUtil.getAttrValue(entry,
+ ReplicationTool.REPLICA_BINDMETHOD_ATTR));
+ setUseDigestAuth(DSUtil.getAttrValue(entry,
+ ReplicationTool.REPLICA_BINDMETHOD_ATTR));
String[] schedule = DSUtil.getAttrValues(entry,
ReplicationTool.REPLICA_SCHEDULE_ATTR);
@@ -1713,7 +1800,12 @@
ret += "\n";
ret += "Host: " + getRemoteHost() + "\n";
ret += "Port: " + getRemotePort() + "\n";
- ret += "Subtree: " + replicatedSubtree;
+ ret += "Subtree: " + replicatedSubtree + "\n";
+ ret += "SSL: " + useSSL + "\n";
+ ret += "TLS: " + useStartTLS + "\n";
+ ret += "SSL Client Auth: " + useSSLAuth + "\n";
+ ret += "SASL/GSSAPI Auth: " + useGSSAPIAuth + "\n";
+ ret += "SASL/Digest-MD5 Auth: " + useDigestAuth + "\n";
return ret;
}
@@ -1837,8 +1929,11 @@
protected String bindCredentials; // The credentials (password) used when connectin to the consumer.
protected Vector updateSchedule; // Schedule(s) for updates
//protected ReplicationAgreementEditor editor; // Reference to repl agrmt editor window. If null, no window is open
- protected boolean useSSL; // true if SSL should be used when connecting to replote server
- protected boolean useSSLAuth; // true if useSSL and strong auth by SSL required
+ protected boolean useSSL; // true if SSL should be used when connecting to remote server
+ protected boolean useStartTLS; // true if startTLS should be used when connecting to remote server
+ protected boolean useSSLAuth; // true if useSSL and strong auth by SSL required
+ protected boolean useGSSAPIAuth; // true if using SASL/GSSAPI for auth
+ protected boolean useDigestAuth; // true if using SASL/Digest-MD5 for auth
protected int agreementType; // mmr or legacyr
//protected Vector namingContexts; // Naming contexts supported by the server
protected String orcValue; // non-null if replica is being reinitialized
Index: ReplicationTool.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/ReplicationTool.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- ReplicationTool.java 18 Jul 2005 00:56:09 -0000 1.1.1.1
+++ ReplicationTool.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -105,13 +105,15 @@
final static String REPLICA_PORT_ATTR = "nsDS5ReplicaPort";
final static String REPLICA_TRANSPORT_ATTR = "nsDS5ReplicaTransportInfo";
final static String REPLICA_TRANSPORT_SSL = "SSL";
- final static String REPLICA_TRANSPORT_STARTTLS = "startTLS";
+ final static String REPLICA_TRANSPORT_TLS = "TLS";
final static String REPLICA_TRANSPORT_LDAP= "LDAP";
final static String REPLICA_CRED_ATTR = "nsDS5ReplicaCredentials";
final static String REPLICA_BINDMETHOD_ATTR = "nsDS5ReplicaBindMethod";
final static String REPLICA_REPLATTRS_ATTR = "nsDS5ReplicatedAttributeList";
final static String REPLICA_BINDMETHOD_SIMPLE = "SIMPLE";
final static String REPLICA_BINDMETHOD_SSLCLIENTAUTH = "SSLCLIENTAUTH";
+ final static String REPLICA_BINDMETHOD_SASL_GSSAPI = "SASL/GSSAPI";
+ final static String REPLICA_BINDMETHOD_SASL_DIGEST_MD5 = "SASL/DIGEST-MD5";
final static String REPLICA_SCHEDULE_ATTR = "nsDS5ReplicaUpdateSchedule";
final static String REPLICA_REFRESH_ATTR = "nsds5BeginReplicaRefresh";
final static String MMR_NAME_ATTR = "cn";
Index: WAgreementDestinationPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/WAgreementDestinationPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- WAgreementDestinationPanel.java 18 Jul 2005 00:56:10 -0000 1.1.1.1
+++ WAgreementDestinationPanel.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -147,77 +147,143 @@
gbc.weightx = 1.0;
add(authPanel, gbc);
- //ssl check box
- _sslEncrypt = new JCheckBox(_resource.getString(
+ //connection radio buttons
+ ButtonGroup connGroup = new ButtonGroup();
+ //plain old ldap button
+ _noEncrypt = new JRadioButton(_resource.getString(
+ "replication-destination-noEncrypt","label"));
+ _noEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-noEncrypt","ttip"));
+ _noEncrypt.setSelected(true); // default is on
+ _noEncrypt.addActionListener(this);
+ connGroup.add(_noEncrypt);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.insets = new Insets(0, space, 0, different);
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.HORIZONTAL;
+ gbc.weightx = 1.0;
+ authPanel.add(_noEncrypt, gbc);
+
+ //ssl button
+ _sslEncrypt = new JRadioButton(_resource.getString(
"replication-destination-sslEncrypt","label"));
+ _sslEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-sslEncrypt","ttip"));
_sslEncrypt.addActionListener(this);
+ connGroup.add(_sslEncrypt);
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0, space, different, different);
+ gbc.insets = new Insets(0, space, 0, different);
gbc.gridwidth = gbc.REMAINDER;
gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
authPanel.add(_sslEncrypt, gbc);
+ //tls button
+ _tlsEncrypt = new JRadioButton(_resource.getString(
+ "replication-destination-startTLS","label"));
+ _tlsEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-startTLS","ttip"));
+ _tlsEncrypt.addActionListener(this);
+ connGroup.add(_tlsEncrypt);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.insets = new Insets(0, space, space, different);
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.HORIZONTAL;
+ gbc.weightx = 1.0;
+ authPanel.add(_tlsEncrypt, gbc);
+
//auth using label
JLabel auth = new JLabel(_resource.getString(
"replication-destination-authUsing","label"));
- JPanel authModePanel = new JPanel(new GridBagLayout());
- gbc.insets = new Insets(0,0,0,0);
- authPanel.add(authModePanel, gbc);
- auth.setLabelFor(authModePanel);
-
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0,large,space,different);
+ gbc.insets = new Insets(0,space,0,different);
gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
+ gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
- authModePanel.add(auth, gbc);
+ authPanel.add(auth, gbc);
//ssl auth radio button
ButtonGroup authGroup = new ButtonGroup();
_sslAuth = new JRadioButton(_resource.getString(
"replication-destination-sslClientAuth","label"));
+ _sslAuth.setToolTipText(_resource.getString(
+ "replication-destination-sslClientAuth","ttip"));
_sslAuth.addActionListener(this);
authGroup.add(_sslAuth);
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0,large,0,different);
+ gbc.insets = new Insets(0,space,0,different);
gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
+ gbc.fill = gbc.HORIZONTAL;
+ gbc.weightx = 1.0;
+ authPanel.add(_sslAuth, gbc);
+
+ //gssapi auth radio button
+ _gssapiAuth = new JRadioButton(_resource.getString(
+ "replication-destination-gssapiAuth","label"));
+ _gssapiAuth.setToolTipText(_resource.getString(
+ "replication-destination-gssapiAuth","ttip"));
+ _gssapiAuth.addActionListener(this);
+ authGroup.add(_gssapiAuth);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.insets = new Insets(0,space,0,different);
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.HORIZONTAL;
+ gbc.weightx = 1.0;
+ authPanel.add(_gssapiAuth, gbc);
+
+ //digest auth radio button
+ _digestAuth = new JRadioButton(_resource.getString(
+ "replication-destination-digestAuth","label"));
+ _digestAuth.setToolTipText(_resource.getString(
+ "replication-destination-digestAuth","ttip"));
+ _digestAuth.addActionListener(this);
+ authGroup.add(_digestAuth);
+ ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.WEST;
+ gbc.insets = new Insets(0,space,0,different);
+ gbc.gridwidth = gbc.REMAINDER;
+ gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
- authModePanel.add(_sslAuth, gbc);
+ authPanel.add(_digestAuth, gbc);
//simple auth radio button
_simpAuth = new JRadioButton(_resource.getString(
"replication-destination-simpleAuth","label"));
+ _simpAuth.setToolTipText(_resource.getString(
+ "replication-destination-simpleAuth","ttip"));
_simpAuth.addActionListener(this);
authGroup.add(_simpAuth);
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0,large,0,different);
+ gbc.insets = new Insets(0,space,0,different);
gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
+ gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
- authModePanel.add(_simpAuth, gbc);
+ authPanel.add(_simpAuth, gbc);
//simp panel
JPanel simpPanel = new JPanel();
simpPanel.setLayout(new GridBagLayout());
simpPanel.setBackground(getBackground());
ReplicationTool.resetGBC(gbc);
+ gbc.anchor = gbc.NORTH;
gbc.gridwidth = gbc.REMAINDER;
gbc.weightx=1.0;
gbc.insets = new Insets(0,0,0,0);
- authModePanel.add(simpPanel, gbc);
+ authPanel.add(simpPanel, gbc);
//bind as
_bind = new JLabel(_resource.getString(
"replication-destination-bindAs","label"));
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.EAST;
- gbc.insets = new Insets(0,70,space,different);
+ gbc.insets = new Insets(0,space+10,space,different);
gbc.fill = gbc.NONE;
simpPanel.add(_bind, gbc);
@@ -237,7 +303,7 @@
"replication-destination-bindPwd","label"));
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.EAST;
- gbc.insets = new Insets(0,70,space,different);
+ gbc.insets = new Insets(0,space+10,space,different);
gbc.fill = gbc.NONE;
simpPanel.add(_pwd, gbc);
@@ -336,42 +402,69 @@
_toBox.setSelectedIndex(_toModel.getSize()-1);
//no need to get new context
}
- if (e.getSource().equals(_sslAuth)) {
- if (_sslAuth.isSelected()) {
- //disable
- enableSimpleAuth (false);
- }
- }
- if (e.getSource().equals(_simpAuth)) {
- if (_simpAuth.isSelected()) {
- //enable
- enableSimpleAuth (true);
- }
- }
- if (e.getSource().equals(_sslEncrypt)) {
- if (_sslEncrypt.isSelected()) {
- //enable
- _sslAuth.setEnabled(true);
+ if (e.getSource().equals(_sslAuth) && _sslAuth.isSelected()) {
+ //disable
+ enableSimpleAuth (false);
+ }
+ if (e.getSource().equals(_gssapiAuth) && _gssapiAuth.isSelected()) {
+ // enable
+ enableSimpleAuth (true);
+ // requires ldap
+ _noEncrypt.setSelected(true);
+ /* set to use non-SSL port LDAP */
+ _portAttr = ATTR_PORT;
+ }
+ if (e.getSource().equals(_simpAuth) && _simpAuth.isSelected()) {
+ //enable
+ enableSimpleAuth (true);
+ }
+ if (e.getSource().equals(_digestAuth) && _digestAuth.isSelected()) {
+ //enable
+ enableSimpleAuth (true);
+ }
+
+ if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) {
+ /* set to use non-SSL port LDAP */
+ _portAttr = ATTR_PORT;
+ //disable
+ _sslAuth.setEnabled(false);
+ //enable
+ if (_sslAuth.isSelected()) {
+ // have to select something else
+ _simpAuth.setSelected(true);
+ }
+ enableSimpleAuth(true);
+ _gssapiAuth.setEnabled(true);
+ _digestAuth.setEnabled(true);
- /* set to use SSL port */
- _portAttr = ATTR_SECURE_PORT;
-
- } else {
- //disable
- _sslAuth.setEnabled(false);
- //enable
- _simpAuth.setSelected(true);
- enableSimpleAuth(true);
-
- /* set to use non-SSL port */
- _portAttr = ATTR_PORT;
- }
+ /* set to use non-SSL port */
+ _portAttr = ATTR_PORT;
/* set appropriate to and from servers */
populateInstanceModel(_consoleInfo);
_toText.setText(_server.getKey());
}
+ boolean ssl_selected = false;
+ if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) {
+ /* set to use SSL port */
+ _portAttr = ATTR_SECURE_PORT;
+ ssl_selected = true;
+ }
+ if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) {
+ /* set to use non-SSL port for startTLS */
+ _portAttr = ATTR_PORT;
+ ssl_selected = true;
+ }
+ if (ssl_selected) {
+ _sslAuth.setEnabled(true);
+ _gssapiAuth.setEnabled(false);
+ if (_gssapiAuth.isSelected()) {
+ // have to select something else
+ _simpAuth.setSelected(true);
+ enableSimpleAuth(true);
+ }
+ }
checkNextButton();
}
@@ -426,6 +519,9 @@
return false;
}
}
+ // else if digest or gssapi auth is selected, there really isn't much
+ // we can do to validate the fields - password is not required, and
+ // the format can be different
//check box
//check consumer
@@ -464,36 +560,62 @@
}
public void getUpdateInfo(WizardInfo info) {
- Debug.println("WAgreementDestinationPanel: getUpdateInfo()");
- Hashtable serverItem = (Hashtable) _toBox.getSelectedItem();
- ServerInstance toServer =
- (ServerInstance) serverItem.get(
- CustomComboBoxModel.SELECTION_DATA);
- _wizardInfo.setFromServer(_server);
- _wizardInfo.setToServer(toServer);
- if (_sslEncrypt.isSelected()) {
- _wizardInfo.setSSL(true);
- _wizardInfo.setSSLAuth(_sslAuth.isSelected());
-
- } else {
- _wizardInfo.setSSL(false);
- _wizardInfo.setSSLAuth(false);
- }
-
- // Set bindDN and password iff not using client auth.
- if (_sslEncrypt.isSelected() && _sslAuth.isSelected()) {
- _wizardInfo.setSSLAuth(true);
- _wizardInfo.setBindDN("");
- _wizardInfo.setBindPWD("");
- } else {
- _wizardInfo.setSSLAuth(false);
- _wizardInfo.setBindDN(_bindText.getText());
- _wizardInfo.setBindPWD(_pwdText.getText());
- }
- if (_replicaPanel != null) {
- _wizardInfo.setReplicaEntry(_replicaPanel.getReplicaEntry());
- _wizardInfo.setSubtree(_replicaPanel.getSuffix());
- }
+ Debug.println("WAgreementDestinationPanel: getUpdateInfo()");
+ Hashtable serverItem = (Hashtable) _toBox.getSelectedItem();
+ ServerInstance toServer =
+ (ServerInstance) serverItem.get(
+ CustomComboBoxModel.SELECTION_DATA);
+ _wizardInfo.setFromServer(_server);
+ _wizardInfo.setToServer(toServer);
+
+ boolean ssl = false;
+ if (_tlsEncrypt.isSelected()) {
+ _wizardInfo.setSSL(false);
+ _wizardInfo.setStartTLS(true);
+ ssl = true;
+ } else if (_sslEncrypt.isSelected()) {
+ _wizardInfo.setSSL(true);
+ _wizardInfo.setStartTLS(false);
+ ssl = true;
+ } else {
+ _wizardInfo.setSSL(false);
+ _wizardInfo.setStartTLS(false);
+ }
+
+ if (ssl) {
+ boolean need_dn_pw = false;
+ if (_sslAuth.isSelected()) {
+ _wizardInfo.setSSLAuth(true);
+ _wizardInfo.setDigestAuth(false);
+ } else {
+ _wizardInfo.setSSLAuth(false);
+ _wizardInfo.setDigestAuth(_digestAuth.isSelected());
+ need_dn_pw = true;
+ }
+ if (need_dn_pw) {
+ _wizardInfo.setBindDN(_bindText.getText());
+ _wizardInfo.setBindPWD(_pwdText.getText());
+ } else {
+ _wizardInfo.setBindDN("");
+ _wizardInfo.setBindPWD("");
+ }
+ _wizardInfo.setGSSAPIAuth(false);
+ } else {
+ if (_gssapiAuth.isSelected()) {
+ _wizardInfo.setGSSAPIAuth(true);
+ _wizardInfo.setDigestAuth(false);
+ } else {
+ _wizardInfo.setGSSAPIAuth(false);
+ _wizardInfo.setDigestAuth(_digestAuth.isSelected());
+ }
+ _wizardInfo.setBindDN(_bindText.getText());
+ _wizardInfo.setBindPWD(_pwdText.getText());
+ _wizardInfo.setSSLAuth(false);
+ }
+ if (_replicaPanel != null) {
+ _wizardInfo.setReplicaEntry(_replicaPanel.getReplicaEntry());
+ _wizardInfo.setSubtree(_replicaPanel.getSuffix());
+ }
}
public String getErrorMessage() {
@@ -511,7 +633,6 @@
GridBagConstraints gbc = new GridBagConstraints();
int space = UIFactory.getComponentSpace();
int different = UIFactory.getDifferentSpace();
- int large = 40;
_fromPanel.removeAll();
ReplicationTool.resetGBC(gbc);
@@ -580,29 +701,42 @@
private void copyData() {
_pwdText.setText(_wizardInfo.getBindPWD());
_bindText.setText(_wizardInfo.getBindDN());
- if (_wizardInfo.getSSL()) {
- _sslEncrypt.setSelected(true);
- // if (_copy.getBindCredentials().equals("")) {
- if(_wizardInfo.getSSLAuth()) {
+ boolean ssl = false;
+ if (_wizardInfo.getStartTLS()) {
+ _tlsEncrypt.setSelected(true);
+ ssl = true;
+ } else if (_wizardInfo.getSSL()) {
+ _sslEncrypt.setSelected(true);
+ ssl = true;
+ } else {
+ _noEncrypt.setSelected(true);
+ }
+ if (ssl) {
+ if (_wizardInfo.getSSLAuth()) {
//SSL client Auth
enableSimpleAuth (false);
_sslAuth.setEnabled(true);
_sslAuth.setSelected(true);
-
} else {
- //Simple Auth with SSL
+ //id/pwd auth with ssl
_sslAuth.setEnabled(false);
- _simpAuth.setSelected(true);
+ _simpAuth.setSelected(!_wizardInfo.getDigestAuth());
+ _digestAuth.setSelected(_wizardInfo.getDigestAuth());
enableSimpleAuth (true);
}
+ _gssapiAuth.setEnabled(false);
} else {
- setSimpAuth();
+ if (_wizardInfo.getGSSAPIAuth()) {
+ _gssapiAuth.setEnabled(true);
+ _gssapiAuth.setSelected(true);
+ enableSimpleAuth (false);
+ } else {
+ _simpAuth.setSelected(!_wizardInfo.getDigestAuth());
+ _digestAuth.setSelected(_wizardInfo.getDigestAuth());
+ enableSimpleAuth (true);
+ }
+ _sslAuth.setEnabled(false);
}
-
-// if (_sslAuth.isSelected ())
-// _portAttr = ATTR_SECURE_PORT;
-// else
-// _portAttr = ATTR_PORT;
}
/**
@@ -611,6 +745,7 @@
private void setSimpAuth() {
//Simple Auth no SSL
_sslEncrypt.setSelected(false);
+ _tlsEncrypt.setSelected(false);
_sslAuth.setEnabled(false);
_simpAuth.setSelected(true);
@@ -954,7 +1089,7 @@
if ((serverItem == null) ||
serverItem.get(CustomComboBoxModel.SELECTION_TITLE).equals(CONSUMER_LIST_NOT_AVAILABLE)) {
state = false;
- } else if (_simpAuth.isSelected()) {
+ } else if (_simpAuth.isSelected() || _digestAuth.isSelected()) {
if (_bindText.getText().trim().equals("") ||
!DSUtil.isValidDN(_bindText.getText()) ||
_pwdText.getText().trim().equals("")) {
@@ -981,8 +1116,8 @@
private JTextField _bindText;
private JButton _toButton;
private JComboBox _fromBox, _toBox;
- private JCheckBox _sslEncrypt;
- private JRadioButton _simpAuth, _sslAuth;
+ private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt;
+ private JRadioButton _simpAuth, _sslAuth, _gssapiAuth, _digestAuth;
private JPasswordField _pwdText;
private JLabel _bind, _pwd;
private CustomComboBoxModel _fromModel, _toModel;
Index: WAgreementSummaryPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/WAgreementSummaryPanel.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- WAgreementSummaryPanel.java 18 Jul 2005 00:56:11 -0000 1.1.1.1
+++ WAgreementSummaryPanel.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -133,12 +133,13 @@
agreement.setReplicatedSubtree(_wizardInfo.getSubtree());
agreement.setConsumerHost(_wizardInfo.getToServer().getHost());
agreement.setConsumerPort(_wizardInfo.getToServer().getPort());
- if (_wizardInfo.getSSL()){
- agreement.setUseSSL(true);
- if(_wizardInfo.getSSLAuth()){
- agreement.setUseSSLAuth(true);
- }
- }
+
+ agreement.setUseSSL(_wizardInfo.getSSL());
+ agreement.setUseStartTLS(_wizardInfo.getStartTLS());
+
+ agreement.setUseSSLAuth(_wizardInfo.getSSLAuth());
+ agreement.setUseGSSAPIAuth(_wizardInfo.getGSSAPIAuth());
+ agreement.setUseDigestAuth(_wizardInfo.getDigestAuth());
if (!_wizardInfo.getBindDN().equals("")) {
agreement.setBindDN(_wizardInfo.getBindDN());
@@ -163,8 +164,15 @@
agreement.setWindowsDomain(_wizardInfo.getWindowsDomain());
agreement.setConsumerHost(_wizardInfo.getToServer().getHost());
agreement.setConsumerPort(_wizardInfo.getToServer().getPort());
- agreement.setUseSSL( _wizardInfo.getSSL() );
- agreement.setUpdateSchedule(_wizardInfo.getDate());
+ agreement.setUpdateSchedule(_wizardInfo.getDate());
+
+ agreement.setUseSSL(_wizardInfo.getSSL());
+ agreement.setUseStartTLS(_wizardInfo.getStartTLS());
+
+ agreement.setUseSSLAuth(_wizardInfo.getSSLAuth());
+ agreement.setUseGSSAPIAuth(_wizardInfo.getGSSAPIAuth());
+ agreement.setUseDigestAuth(_wizardInfo.getDigestAuth());
+
if (!_wizardInfo.getBindDN().equals("")) {
agreement.setBindDN(_wizardInfo.getBindDN());
agreement.setBindCredentials(_wizardInfo.getBindPWD());
@@ -190,8 +198,14 @@
agreement.setReplicatedSubtree(_wizardInfo.getSubtree());
agreement.setConsumerHost(_wizardInfo.getToServer().getHost());
agreement.setConsumerPort(_wizardInfo.getToServer().getPort());
- if (_wizardInfo.getSSL())
- agreement.setUseSSL(true);
+
+ agreement.setUseSSL(_wizardInfo.getSSL());
+ agreement.setUseStartTLS(_wizardInfo.getStartTLS());
+
+ agreement.setUseSSLAuth(_wizardInfo.getSSLAuth());
+ agreement.setUseGSSAPIAuth(_wizardInfo.getGSSAPIAuth());
+ agreement.setUseDigestAuth(_wizardInfo.getDigestAuth());
+
if (!_wizardInfo.getBindDN().equals("")) {
agreement.setBindDN(_wizardInfo.getBindDN());
agreement.setBindCredentials(_wizardInfo.getBindPWD());
Index: WindowsAgreementDestinationPanel.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementDestinationPanel.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- WindowsAgreementDestinationPanel.java 16 Oct 2007 16:41:44 -0000 1.2
+++ WindowsAgreementDestinationPanel.java 24 Nov 2008 16:09:23 -0000 1.3
@@ -29,7 +29,6 @@
import com.netscape.admin.dirserv.panel.*;
import com.netscape.management.client.*;
import com.netscape.management.client.console.*;
-import com.netscape.management.client.util.JButtonFactory;
import com.netscape.management.client.util.*;
import netscape.ldap.*;
import netscape.ldap.util.DN;
@@ -361,65 +360,54 @@
gbc.weightx = 1.0;
add(authPanel, gbc);
- //ssl check box
- _sslEncrypt = new JCheckBox(_resource.getString(
- "replication-destination-sslEncrypt","label"));
-
- _sslEncrypt.setSelected(true);
- _sslEncrypt.setEnabled(true);
-
- _sslEncrypt.addActionListener(this);
+ //connection radio buttons
+ ButtonGroup connGroup = new ButtonGroup();
+ //plain old ldap button
+ _noEncrypt = new JRadioButton(_resource.getString(
+ "replication-destination-noEncrypt","label"));
+ _noEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-noEncrypt","ttip"));
+ _noEncrypt.setSelected(true); // default is on
+ _noEncrypt.addActionListener(this);
+ connGroup.add(_noEncrypt);
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0, space, different, different);
+ gbc.insets = new Insets(0, space, 0, different);
gbc.gridwidth = gbc.REMAINDER;
gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
- authPanel.add(_sslEncrypt, gbc);
-
- //auth using label
- JLabel auth = new JLabel(_resource.getString(
- "replication-destination-authUsing","label"));
- JPanel authModePanel = new JPanel(new GridBagLayout());
- gbc.insets = new Insets(0,0,0,0);
- authPanel.add(authModePanel, gbc);
- auth.setLabelFor(authModePanel);
-
- ReplicationTool.resetGBC(gbc);
- gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0,large,space,different);
- gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
- gbc.weightx = 1.0;
- //authModePanel.add(auth, gbc);
-
- /*ssl auth radio button
- ButtonGroup authGroup = new ButtonGroup();
- _sslAuth = new JRadioButton(_resource.getString(
- "replication-destination-sslClientAuth","label"));
- _sslAuth.addActionListener(this);
- authGroup.add(_sslAuth);
+ authPanel.add(_noEncrypt, gbc);
+
+ //ssl button
+ _sslEncrypt = new JRadioButton(_resource.getString(
+ "replication-destination-sslEncrypt","label"));
+ _sslEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-sslEncrypt","ttip"));
+ _sslEncrypt.addActionListener(this);
+ connGroup.add(_sslEncrypt);
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0,large,0,different);
+ gbc.insets = new Insets(0, space, 0, different);
gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
+ gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
- //authModePanel.add(_sslAuth, gbc);
-
- //simple auth radio button
- _simpAuth = new JRadioButton(_resource.getString(
- "replication-destination-simpleAuth","label"));
- _simpAuth.addActionListener(this);
- authGroup.add(_simpAuth);
+ authPanel.add(_sslEncrypt, gbc);
+
+ //tls button
+ _tlsEncrypt = new JRadioButton(_resource.getString(
+ "replication-destination-startTLS","label"));
+ _tlsEncrypt.setToolTipText(_resource.getString(
+ "replication-destination-startTLS","ttip"));
+ _tlsEncrypt.addActionListener(this);
+ connGroup.add(_tlsEncrypt);
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.WEST;
- gbc.insets = new Insets(0,large,0,different);
+ gbc.insets = new Insets(0, space, space, different);
gbc.gridwidth = gbc.REMAINDER;
- gbc.fill = gbc.NONE;
+ gbc.fill = gbc.HORIZONTAL;
gbc.weightx = 1.0;
- //authModePanel.add(_simpAuth, gbc);*/
-
+ authPanel.add(_tlsEncrypt, gbc);
+
//simp panel
JPanel simpPanel = new JPanel();
simpPanel.setLayout(new GridBagLayout());
@@ -428,14 +416,14 @@
gbc.gridwidth = gbc.REMAINDER;
gbc.weightx=1.0;
gbc.insets = new Insets(0,0,0,0);
- authModePanel.add(simpPanel, gbc);
+ authPanel.add(simpPanel, gbc);
//bind as
_bind = new JLabel(_resource.getString(
"replication-destination-bindAs","label"));
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.EAST;
- gbc.insets = new Insets(0,70,space,different);
+ gbc.insets = new Insets(0,space+10,space,different);
gbc.fill = gbc.NONE;
simpPanel.add(_bind, gbc);
@@ -455,7 +443,7 @@
"replication-destination-bindPwd","label"));
ReplicationTool.resetGBC(gbc);
gbc.anchor = gbc.EAST;
- gbc.insets = new Insets(0,70,space,different);
+ gbc.insets = new Insets(0,space+10,space,different);
gbc.fill = gbc.NONE;
simpPanel.add(_pwd, gbc);
@@ -559,23 +547,15 @@
}
- if (e.getSource().equals(_sslEncrypt)) {
- if (_sslEncrypt.isSelected()) {
- enableSimpleAuth(false);
- /* set to use SSL port */
- _domainControllerPort.setText(ATTR_SECURE_PORT);
-
- } else {
- enableSimpleAuth(true);
-
- /* set to use non-SSL port */
- _domainControllerPort.setText(ATTR_PORT);
- }
-
- /* set appropriate to and from servers */
- //populateInstanceModel(_consoleInfo);
-
- //_toText.setText(_server.getKey());
+ if (e.getSource().equals(_tlsEncrypt) && _tlsEncrypt.isSelected()) {
+ /* use regular LDAP port for startTLS */
+ _domainControllerPort.setText(ATTR_PORT);
+ } else if (e.getSource().equals(_sslEncrypt) && _sslEncrypt.isSelected()) {
+ /* set to use SSL port */
+ _domainControllerPort.setText(ATTR_SECURE_PORT);
+ } else if (e.getSource().equals(_noEncrypt) && _noEncrypt.isSelected()) {
+ /* use regular LDAP port */
+ _domainControllerPort.setText(ATTR_PORT);
}
if (e.getSource()==_syncNewWinUsers)
@@ -721,21 +701,15 @@
toServer.setHost(_domainController.getText());
toServer.setPort(Integer.parseInt(_domainControllerPort.getText())); //xxx
-
-
_wizardInfo.setFromServer(_server);
_wizardInfo.setToServer(toServer);
- if (_sslEncrypt.isSelected()) {
- _wizardInfo.setSSL(true);
- _wizardInfo.setSSLAuth(false);
-
- } else {
- _wizardInfo.setSSL(false);
- _wizardInfo.setSSLAuth(false);
- }
-
+ _wizardInfo.setStartTLS(_tlsEncrypt.isSelected());
+ _wizardInfo.setSSL(_sslEncrypt.isSelected());
+ /* none of these other auth methods are currently supported */
_wizardInfo.setSSLAuth(false);
+ _wizardInfo.setGSSAPIAuth(false);
+ _wizardInfo.setDigestAuth(false);
_wizardInfo.setBindDN(_bindText.getText());
_wizardInfo.setBindPWD(_pwdText.getText());
@@ -816,25 +790,10 @@
private void copyData() {
_pwdText.setText(_wizardInfo.getBindPWD());
_bindText.setText(_wizardInfo.getBindDN());
- if (_wizardInfo.getSSL()) {
- _sslEncrypt.setSelected(true);
- // if (_copy.getBindCredentials().equals("")) {
- if(_wizardInfo.getSSLAuth()) {
- //SSL client Auth
- enableSimpleAuth(false);
-
- } else {
- //Simple Auth with SSL
- enableSimpleAuth(true);
- }
- } else {
- setSimpAuth();
- }
-
- // if (_sslAuth.isSelected ())
- // _portAttr = ATTR_SECURE_PORT;
- // else
- // _portAttr = ATTR_PORT;
+ _tlsEncrypt.setSelected(_wizardInfo.getStartTLS());
+ _sslEncrypt.setSelected(_wizardInfo.getSSL());
+ enableSimpleAuth(true);
+ /* none of the other auth methods are currently supported */
}
/**
@@ -843,6 +802,7 @@
private void setSimpAuth() {
//Simple Auth no SSL
_sslEncrypt.setSelected(false);
+ _tlsEncrypt.setSelected(false);
enableSimpleAuth(true);
}
@@ -1242,8 +1202,8 @@
//private JButton _fetchDcButton;
private JComboBox _fromBox, _toBox;
- private JCheckBox _sslEncrypt;
- private JRadioButton _simpAuth, _sslAuth;
+ private JRadioButton _noEncrypt, _sslEncrypt, _tlsEncrypt;
+ private JRadioButton _simpAuth = null, _sslAuth = null, _gssapiAuth = null, _digestAuth = null;
private JPasswordField _pwdText;
private JLabel _bind, _pwd;
private CustomComboBoxModel _fromModel;
Index: WindowsAgreementWizard.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementWizard.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- WindowsAgreementWizard.java 18 Jul 2005 00:56:12 -0000 1.1.1.1
+++ WindowsAgreementWizard.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -37,7 +37,7 @@
public class WindowsAgreementWizard extends WizardWidget {
public WindowsAgreementWizard(JFrame parent, AgreementWizardInfo info) {
- super(parent, _resource.getString("replication-agreementWizard","label"), new Dimension(460,560));
+ super(parent, _resource.getString("replication-agreementWizard","label"), new Dimension(460,580));
@@ -61,6 +61,7 @@
}
info.setSubtree(info.getCopyAgreement().getReplicatedSubtree());
info.setSSL(info.getCopyAgreement().getUseSSL());
+ info.setStartTLS(info.getCopyAgreement().getUseStartTLS());
if (info.getCopyAgreement().getBindDN()!= null) {
info.setBindDN(info.getCopyAgreement().getBindDN());
} else {
Index: WindowsAgreementWizardInfo.java
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/WindowsAgreementWizardInfo.java,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- WindowsAgreementWizardInfo.java 18 Jul 2005 00:56:12 -0000 1.1.1.1
+++ WindowsAgreementWizardInfo.java 24 Nov 2008 16:09:23 -0000 1.2
@@ -192,6 +192,18 @@
return (ServerInstance)_content.get(AGREEMENT_EXTENSION+"to");
}
+ //tls
+ void setStartTLS(boolean type) {
+ _content.put(AGREEMENT_EXTENSION+"startTLS", new Boolean(type));
+ }
+
+ boolean getStartTLS() {
+ if (_content.get(AGREEMENT_EXTENSION+"startTLS")!= null)
+ return ((Boolean)_content.get(AGREEMENT_EXTENSION+"startTLS")).booleanValue();
+ else
+ return false;
+ }
+
//ssl
void setSSL(boolean type) {
_content.put(AGREEMENT_EXTENSION+"ssl", new Boolean(type));
@@ -377,6 +389,10 @@
}
//connection
+ if (getStartTLS()) {
+ buf.append(" ");
+ buf.append(_resource.getString("replication-destination-startTLS","label")+"\n");
+ }
if (getSSL()) {
buf.append(" ");
buf.append(_resource.getString("replication-destination-sslEncrypt","label")+"\n");
@@ -385,7 +401,7 @@
//bind info
buf.append(" ");
buf.append(_resource.getString("replication-destination-authUsing","label")+" ");
- if (getSSL() && getSSLAuth()) {
+ if ((getStartTLS() || getSSL()) && getSSLAuth()) {
buf.append(_resource.getString("replication-destination-sslClientAuth","label")+"\n");
} else {
buf.append(_resource.getString("replication-destination-simpleAuth","label")+"\n");
Index: replication.properties
===================================================================
RCS file: /cvs/dirsec/directoryconsole/src/com/netscape/admin/dirserv/panel/replication/replication.properties,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -u -r1.1.1.1 -r1.2
--- replication.properties 18 Jul 2005 00:56:13 -0000 1.1.1.1
+++ replication.properties 24 Nov 2008 16:09:23 -0000 1.2
@@ -162,11 +162,21 @@
replication-destination-otherButton-mnemonic=O
replication-destination-browseButton-label=Browse...
replication-destination-browseButton=mnemonic=B
-replication-destination-sslEncrypt-label=Using encrypted SSL connection
-replication-destination-sslEncrypt-ttip=SSL communications between supplier and consumer server
-replication-destination-authUsing-label=Authenticate using:
-replication-destination-simpleAuth-label=Simple authentication
-replication-destination-sslClientAuth-label=SSL client authentication
+replication-destination-noEncrypt-label=Use LDAP (no encryption)
+replication-destination-noEncrypt-ttip=Use plain LDAP with no encryption
+replication-destination-sslEncrypt-label=Use TLS/SSL (TLS/SSL encryption with LDAPS)
+replication-destination-sslEncrypt-ttip=Use TLSv1/SSLv3 encryption using the LDAPS port (636)
+replication-destination-startTLS-label=Use StartTLS (TLS/SSL encryption with LDAP)
+replication-destination-startTLS-ttip=Start a TLSv1/SSLv3 encryption session on the LDAP connection
+replication-destination-authUsing-label=Authentication mechanism:
+replication-destination-simpleAuth-label=Simple (Bind DN/Password)
+replication-destination-simpleAuth-ttip=Authenticate using a DN and a password (Simple auth)
+replication-destination-sslClientAuth-label=Server TLS/SSL Certificate (requires TLS/SSL server set up)
+replication-destination-sslClientAuth-ttip=Use the server's certificate to do TLS/SSL client cert auth (requires that the server has been set up to be an SSL server)
+replication-destination-gssapiAuth-label=SASL/GSSAPI (requires server Kerberos keytab)
+replication-destination-gssapiAuth-ttip=Authenticate using SASL/GSSAPI and the server's Kerberos keytab (supplier and consumer must both support SASL/GSSAPI/Kerberos)
+replication-destination-digestAuth-label=SASL/DIGEST-MD5 (SASL user id and password)
+replication-destination-digestAuth-ttip=Authenticate using SASL/DIGEST-MD5 - requires consumer support for digest password and identity mapping
replication-destination-bindAs-label=Bind as:
replication-destination-bindPwd-label=Password:
replication-destination-new-user-sync-label=New Windows User Sync