Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6237

Proxy profile: still allows to use rs and proxy user bind dns whilst mTls is true by default

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: proxy, setup
    • Labels:

      Description

      Found with rev 054825e4d76

      With the ds-proxy-profile, the use-mutual-tls is set to true by default.
      However, setting up the profile still allows to pass on some parameters which are mutually exclusive with the use of mTls.
      ie you should not be able to use rsBindDn, rsBindPassword, proxyUserBindDn and proxyUserBindPassword.

      PROXY1\opendj\setup.bat --profile ds-proxy-server --set ds-proxy-server/rsConnectionSecurity:none --set ds-proxy-server/proxyUserBindDn:"cn=proxy,dc=com" --set ds-proxy-server/proxyUserBindPassword:"password" --set ds-proxy-server/replicationServers:"ig-win2008r2.internal.forgerock.com:4450" --set ds-proxy-server/primaryGroupId:"1" --set ds-proxy-server/rsBindDn:"cn=myself" --set ds-proxy-server/rsBindPassword:"password" --trustAll -h ig-win2008r2.internal.forgerock.com -p 1394 -D "cn=myself" -w password --adminConnectorPort 4449 --monitorUserDn "uid=Monitor" --monitorUserPassword password -O 
      
      
      Validating parameters..... Done 
      Configuring certificates..... Done 
      Configuring server..... Done 
      Configuring profile DS proxy server..... Done 
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cedric.tran-xuan Cedric Tran-Xuan
                Reporter:
                cforel carole forel
                QA Assignee:
                carole forel
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: