7:48 p.m.
The instruction to setup secure LDAP connection in the pkispawn
man page has been updated. The sample deployment configuration
file has been made more generic. The setup-ds.pl has been removed
from the instruction since generating a self-signed certificate
requires a DS admin server. The URL to download setupssl2.sh has
been changed with a more direct link. The sample LDAP password
has been changed to match the current deployment configuration
examples. Some paragraphs have been line wrapped to simplify man
page development.
--
Endi S. Dewata
7:37 p.m.
1. It might be helpful to explain briefly what each ldap command is
doing. For example, for the life of me, I don't know why one needs to
run that ldapsearch command before the certutil command
2.Nothing to do with man pages, I am just thinking out loud... I'm a bit
concerned that one needs to download and run a script from a user
content offering... Does DS not offer it on a more official channel?
3. This comment is regarding the layout of information in this whole
section on setting up secure ldap with ca, so it already existed before
you changes, but since it has to do with clarity and accuracy, please
bear with me.
the "Prior to installing the subsystem..." paragraph ends with
"...and its self-signed CA certificate exported to a file..."
*but*, the "It should be noted" at end of the section talks about three
scenarios, which the above "must" item now become one (#3) of the three
scenarios instead.
may I suggest that we move the whole "note" part to the very top of this
section, and instead of "It should be noted..." you skip the first 5
words and begin with
" There are basically three scenarios..." (maybe remove the word
"basically")
then for scenario one, you give the instruction for it
and scenario 3 you give it its instruction
Then at the end, mention that since scenario 1 and 3 requires talking
ldaps, you need those two extra pkispawn parameters
I hope it's not too complicated.
thanks,
Christina
On 07/16/2015 05:48 PM, Endi Sukma Dewata wrote:
The instruction to setup secure LDAP connection in the pkispawn
man page has been updated. The sample deployment configuration
file has been made more generic. The setup-ds.pl has been removed
from the instruction since generating a self-signed certificate
requires a DS admin server. The URL to download setupssl2.sh has
been changed with a more direct link. The sample LDAP password
has been changed to match the current deployment configuration
examples. Some paragraphs have been line wrapped to simplify man
page development.
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
8:04 p.m.
consider it a conditional ACK if all agreed upon and done.
thanks,
Christina
On 07/17/2015 05:37 PM, Christina Fu wrote:
1. It might be helpful to explain briefly what each ldap command is
doing. For example, for the life of me, I don't know why one needs to
run that ldapsearch command before the certutil command
2.Nothing to do with man pages, I am just thinking out loud... I'm a
bit concerned that one needs to download and run a script from a user
content offering... Does DS not offer it on a more official channel?
3. This comment is regarding the layout of information in this whole
section on setting up secure ldap with ca, so it already existed
before you changes, but since it has to do with clarity and accuracy,
please bear with me.
the "Prior to installing the subsystem..." paragraph ends with
"...and its self-signed CA certificate exported to a file..."
*but*, the "It should be noted" at end of the section talks about
three scenarios, which the above "must" item now become one (#3) of
the three scenarios instead.
may I suggest that we move the whole "note" part to the very top of
this section, and instead of "It should be noted..." you skip the
first 5 words and begin with
" There are basically three scenarios..." (maybe remove the word
"basically")
then for scenario one, you give the instruction for it
and scenario 3 you give it its instruction
Then at the end, mention that since scenario 1 and 3 requires talking
ldaps, you need those two extra pkispawn parameters
I hope it's not too complicated.
thanks,
Christina
On 07/16/2015 05:48 PM, Endi Sukma Dewata wrote:
> The instruction to setup secure LDAP connection in the pkispawn
> man page has been updated. The sample deployment configuration
> file has been made more generic. The setup-ds.pl has been removed
> from the instruction since generating a self-signed certificate
> requires a DS admin server. The URL to download setupssl2.sh has
> been changed with a more direct link. The sample LDAP password
> has been changed to match the current deployment configuration
> examples. Some paragraphs have been line wrapped to simplify man
> page development.
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
11:19 p.m.
On 7/17/2015 7:37 PM, Christina Fu wrote:
1. It might be helpful to explain briefly what each ldap command is
doing. For example, for the life of me, I don't know why one needs to
run that ldapsearch command before the certutil command
Fixed. I added a brief description before each step. The ldapsearch is
used to verify the LDAPS connection.
2.Nothing to do with man pages, I am just thinking out loud...
I'm a bit
concerned that one needs to download and run a script from a user
content offering... Does DS not offer it on a more official channel?
I agree. We should either include the script in the distribution, either
in PKI or in DS package.
3. This comment is regarding the layout of information in this whole
section on setting up secure ldap with ca, so it already existed before
you changes, but since it has to do with clarity and accuracy, please
bear with me.
the "Prior to installing the subsystem..." paragraph ends with
"...and its self-signed CA certificate exported to a file..."
*but*, the "It should be noted" at end of the section talks about three
scenarios, which the above "must" item now become one (#3) of the three
scenarios instead.
may I suggest that we move the whole "note" part to the very top of this
section, and instead of "It should be noted..." you skip the first 5
words and begin with
" There are basically three scenarios..." (maybe remove the word
"basically")
then for scenario one, you give the instruction for it
I added the location to store the CA cert: $HOME/dscacert.pem
and scenario 3 you give it its instruction
It's actually slightly different. All scenarios assume the DS instance
already exists. The current example assumes the DS instance doesn't
exist yet, so it mentions about creating the DS and admin server
instance using setup-ds-admin.pl. I'm not sure how to install an admin
server if you already have a DS instance.
Then at the end, mention that since scenario 1 and 3 requires
talking
ldaps, you need those two extra pkispawn parameters
I moved it to the bottom.
I hope it's not too complicated.
It's kind of. We definitely need to do further refinement.
consider it a conditional ACK if all agreed upon and done.
Thanks. Pushed to master.
--
Endi S. Dewata
3444
days inactive
3445
days old
3 comments
2 participants
participants (2)
-
Christina Fu -
Endi Sukma Dewata