Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6456

For keystore/truststore path default to instance root if available

    Details

    • Type: Improvement
    • Status: Dev backlog
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 7.0.0
    • Fix Version/s: None
    • Component/s: ease of use
    • Labels:
      None

      Description

      The fix for OPENDJ-5025 references a truststore and password used to trust the server cert when commands communicate with the server over TLS.

      This results in many, many instances of /path/to/opendj in command-line examples, e.g.:

      ldapsearch \
       --port 1636 \
       --useSSL \
       --usePkcs12TrustStore /path/to/opendj/config/truststore \
       --trustStorePasswordFile /path/to/opendj/config/truststore.pin \
       --baseDn dc=example,dc=com \
       "(uid=bjensen)" \
       cn mail street l
      

      As a result, users have to edit each of these command-line examples (including all dsconfig examples).

      It would be nice if this were acceptable:

      ldapsearch \
       --port 1636 \
       --useSSL \
       --usePkcs12TrustStore config/truststore \
       --trustStorePasswordFile config/truststore.pin \
       --baseDn dc=example,dc=com \
       "(uid=bjensen)" \
       cn mail street l
      

      In many cases, users will have a server installed, and will be using the tools installed with the server.

      In other cases (tools installed as part of the toolkit, files not under server root, others?) it would be fine to fail exactly as today.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                Mark Mark Craig
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: