[OPENDJ-6456] For keystore/truststore path default to instance root if available - ForgeRock JIRA

Details

Type: Improvement
Status: Dev backlog
Priority: Minor
Resolution: Unresolved
Affects Version/s: 7.0.0
Fix Version/s: None
Component/s: ease of use
Labels:
None

Description

The fix for ~~OPENDJ-5025~~ references a truststore and password used to trust the server cert when commands communicate with the server over TLS.

This results in many, many instances of /path/to/opendj in command-line examples, e.g.:

ldapsearch \
 --port 1636 \
 --useSSL \
 --usePkcs12TrustStore /path/to/opendj/config/truststore \
 --trustStorePasswordFile /path/to/opendj/config/truststore.pin \
 --baseDn dc=example,dc=com \
 "(uid=bjensen)" \
 cn mail street l

As a result, users have to edit each of these command-line examples (including all dsconfig examples).

It would be nice if this were acceptable:

ldapsearch \
 --port 1636 \
 --useSSL \
 --usePkcs12TrustStore config/truststore \
 --trustStorePasswordFile config/truststore.pin \
 --baseDn dc=example,dc=com \
 "(uid=bjensen)" \
 cn mail street l

In many cases, users will have a server installed, and will be using the tools installed with the server.

In other cases (tools installed as part of the toolkit, files not under server root, others?) it would be fine to fail exactly as today.

Attachments

Issue Links

is related to

OPENDJ-6874 Rework doc examples to run on localhost

Done

OPENDJ-6395 Move to secure connections in examples

Done

relates to

OPENDJ-5025 Avoid using --trustAll in command-line examples

Done

Activity

People

Assignee:

Unassigned

Reporter:

Mark Craig

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

15/Jul/19 2:51 PM

Updated:

18/Dec/19 8:55 AM