directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Directory Server v1.5: ADS Authentication (page edited)
Date Tue, 29 Jul 2008 10:24:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence" />
    <style type="text/css">
    <!--
    body, p, td, table, tr, .bodytext, .stepfield {
	font-family: Verdana, arial, sans-serif;
	font-size: 11px;
	line-height: 16px;
	color: #000000;
	font-weight: normal;
}
#PageContent {
	text-align: left;
	background-color: #fff;
	padding: 0px;
	margin: 0px;
    padding-bottom:20px;
}
/*
** when this stylesheet is used for the Tiny MCE Wysiwyg editor's edit area, we can't
** use an id=PageContent or class=wiki-content, so we must
** set the body style to that used for PageContent, and p to that used for wiki-content.
*/

body {
	margin: 0px;
	padding: 0px;
	text-align: center;
    background-color: #f0f0f0;
}

@media print {

body {
    background-color: #fff;
}

}

.monospaceInput {
    font:12px monospace
}

.wiki-content p, .commentblock p {
    margin: 16px 0px 16px 0px;
    padding: 0px;
}

.wiki-content-preview {
    padding: 5px;
    border-left: 1px solid #3c78b5;
    border-right: 1px solid #3c78b5;
}

ul, ol {
    margin-top: 2px;
    margin-bottom: 2px;
    padding-top: 0px;
    padding-bottom: 0px;
}

pre {
    padding: 0px;
    margin-top: 5px;
    margin-left: 15px;
    margin-bottom: 5px;
    margin-right: 5px;
    text-align: left;
}

.helpheading {
    font-weight: bold;
    background-color: #D0D9BD;
        border-bottom: 1px solid #3c78b5;
        padding: 4px 4px 4px 4px;
        margin: 0px;
        margin-top: 10px;
}
.helpcontent {
        padding: 4px 4px 20px 4px;
    background-color: #f5f7f1;
}

.code {
 	border: 1px dashed #3c78b5;
    font-size: 11px;
	font-family: Courier;
    margin: 10px;
	line-height: 13px;
}

.focusedComment {
    background: #ffffce;
}

.commentBox, .focusedComment {
    padding: 10px;
    margin: 5px 0 5px 0;
    border: 1px #bbb solid;
}

.codeHeader {
    background-color: #f0f0f0;
 	border-bottom: 1px dashed #3c78b5;
    padding: 3px;
	text-align: center;
}

.codeContent {
    text-align: left;
    background-color: #f0f0f0;
    padding: 3px;
}

.preformatted {
 	border: 1px dashed #3c78b5;
    font-size: 11px;
	font-family: Courier;
    margin: 10px;
	line-height: 13px;
}

.preformattedHeader {
    background-color: #f0f0f0;
 	border-bottom: 1px dashed #3c78b5;
    padding: 3px;
	text-align: center;
}

.preformattedContent {
    background-color: #f0f0f0;
    padding: 3px;
}

.panel {
 	border: 1px dashed #3c78b5;
    margin: 10px;
    margin-top: 0px;
}

.panelHeader {
    background-color: #f0f0f0;
 	border-bottom: 1px dashed #3c78b5;
    padding: 3px;
	text-align: center;
}

.panelContent {
    background-color: #f0f0f0;
    padding: 5px;
}

.anonymousAlert {
    background-color: #f0f0f0;
 	border: 1px dashed red;
    font-size: 11px;
    padding: 10px 5px 10px 5px;
    margin: 4px;
	line-height: 13px;
}

.lockAlert {
    background-color: #f0f0f0;
    width: 50%;
 	border: 1px dashed red;
    font-size: 11px;
    padding: 10px 5px 10px 5px;
    margin: 4px;
	line-height: 13px;
}


.code-keyword {
  color: #000091;
  background-color: inherit;
}

.code-object {
  color: #910091;
  background-color: inherit;
}

.code-quote {
  color: #009100;
  background-color: inherit;
}

.code-comment {
  color: #808080;
  background-color: inherit;
}


.code-xml .code-keyword {
  color: inherit;
  font-weight: bold;
}

.code-tag {
  color: #000091;
  background-color: inherit;
}

.breadcrumbs {
    background-color: #f0f0f0;
 	border-color: #3c78b5;
	border-width: 1px 0px 1px 0px;
	border-style: solid;
    font-size: 11px;
    padding: 3px 0px 3px 0px;
}

.navmenu {
    border: 1px solid #ccc;
}

.menuheading {
    font-weight: bold;
    background-color: #f0f0f0;
 	border-bottom: 1px solid #3c78b5;
	padding: 4px 4px 2px 4px;
}

.menuitems {
	padding: 4px 4px 20px 4px;
}

.rightpanel {
    border-left: 1px solid #ccc;
    border-bottom: 1px solid #ccc;
}

#helpheading {
    text-align: left;
    font-weight: bold;
    background-color: #D0D9BD;
 	border-bottom: 1px solid #3c78b5;
	padding: 4px 4px 4px 4px;
	margin: 0px;
}
#helpcontent {
	padding: 4px 4px 4px 4px;
    background-color: #f5f7f1;
}
.helptab-unselected {
    font-weight: bold;
	padding: 5px;
    background-color: #f5f7f1;
}
.helptab-selected {
    font-weight: bold;
    background-color: #D0D9BD;
	padding: 5px;
}
.helptabs {
    margin: 0px;
    background-color: #f5f7f1;
	padding: 5px;
}
.infopanel-heading {
    font-weight: bold;
	padding: 4px 0px 2px 0px;
}

.pagebody {
}

.pageheader {
	padding: 5px 5px 5px 0px;
 	border-bottom: 1px solid #3c78b5;
}

.pagetitle {
	font-size: 22px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: #003366;
}

.newpagetitle {
    color: #ccc !important;
}

.steptitle {
	font-size: 18px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: #003366;
	margin-bottom: 7px;
}

.substeptitle {
    font-size: 12px;
    font-weight: bold;
    font-family: Arial, sans-serif;
    color: #003366;
    margin: 2px 4px 4px 4px;
    padding: 2px 4px 1px 4px;
}

.stepdesc {
    font-family: Verdana, arial, sans-serif;
	font-size: 11px;
	line-height: 16px;
	font-weight: normal;
    color: #666666;
    margin-top: 7px;
    margin-bottom: 7px;
}

.steplabel {
    font-weight: bold;
    margin-right: 4px;
    color: black;
    float: left;
    width: 15%;
    text-align: right;
}

.stepfield {
    background: #f0f0f0;
    padding: 5px;
}

.submitButtons{
    margin-top:5px;
    text-align:right;
}

.formtitle {
	font-size: 12px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: #003366;
}

.sectionbottom {
    border-bottom: 1px solid #3c78b5;
}

.topRow {
    border-top: 2px solid #3c78b5;
}

.tabletitle {
	font-size: 14px;
	font-weight: bold;
	font-family: Arial, sans-serif;
    padding: 3px 0px 2px 0px;
    margin: 8px 4px 2px 0px;
	color: #003366;
	border-bottom: 2px solid #3c78b5;
}
.pagesubheading {
    color: #666666;
    font-size: 10px;
    padding: 0px 0px 5px 0px;
}

HR {
	color: 3c78b5;
	height: 1;
}

A:link, A:visited, A:active, A:hover {
	color: #003366;
}

h1 A:link, h1 A:visited, h1 A:active {
	text-decoration: none;
}

h1 A:hover {
    border-bottom: 1px dotted #003366;
}

.wiki-content > :first-child, .commentblock > :first-child {
    margin-top: 3px;
}

.logocell {
    padding: 10px;
}

input {
	font-family: verdana, geneva, arial, sans-serif;
	font-size: 11px;
	color: #000000;
}

textarea, textarea.editor {
	font-family: verdana, geneva, arial, sans-serif;
	font-size: 11px;
	color: #333333;
}

/* use logoSpaceLink instead.
.spacenametitle {
	font: 21px/31px Impact, Arial, Helvetica;
    font-weight: 100;
    color: #999999;
	margin: 0px;
}
.spacenametitle img {
  margin: 0 0 -4px 0;
}
.spacenametitle a {
    text-decoration: none;
    color: #999999;
}
.spacenametitle a:visited {
    text-decoration: none;
    color: #999999;
}*/

.spacenametitle-printable {
	font: 20px/25px Impact, Arial, Helvetica;
    font-weight: 100;
    color: #999999;
	margin: 0px;
}
.spacenametitle-printable a {
    text-decoration: none;
    color: #999999;
}
.spacenametitle-printable a:visited {
    text-decoration: none;
    color: #999999;
}

.blogDate {
	font-weight: bold;
	text-decoration: none;
	color: black;
}

.blogSurtitle {
    background: #f0f0f0;
 	border: 1px solid #ddd;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.blogHeading {
    font-size: 20px;
    line-height: normal;
    font-weight: bold;
    padding: 0px;
    margin: 0px;
}

.blogHeading a {
   text-decoration: none;
   color: black;
}

.endsection {
	align: right;
	color: #666666;
	margin-top: 10px;
}
.endsectionleftnav {
	align: right;
	color: #666666;
	margin-top: 10px;
}

h1 {
	font-size: 24px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	color: #003366;
 	border-bottom: 1px solid #3c78b5;
	padding: 2px;
	margin: 36px 0px 4px 0px;
}

h2 {
	font-size: 18px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
 	border-bottom: 1px solid #3c78b5;
	padding: 2px;
	margin: 27px 0px 4px 0px;
}

h3 {
	font-size: 14px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 21px 0px 4px 0px;
}

h4 {
	font-size: 12px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 18px 0px 4px 0px;
}

h4.search {
	font-size: 12px;
	line-height: normal;
	font-weight: normal;
	background-color: #f0f0f0;
	padding: 4px;
	margin: 18px 0px 4px 0px;
}

h5 {
	font-size: 10px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 14px 0px 4px 0px;
}

h6 {
	font-size: 8px;
	line-height: normal;
	font-weight: bold;
	background-color: #f0f0f0;
	padding: 2px;
	margin: 14px 0px 4px 0px;
}

.smallfont {
    font-size: 10px;
}
.descfont {
    font-size: 10px;
    color: #666666;
}
.smallerfont {
    font-size: 9px;
}
.smalltext {
    color: #666666;
    font-size: 10px;
}
.smalltext a {
    color: #666666;
}
.smalltext-blue {
    color: #3c78b5;
    font-size: 10px;
}
.surtitle {
    margin-left: 1px;
    margin-bottom: 5px;
    font-size: 14px;
    color: #666666;
}

/* css hack found here:  http://www.fo3nix.pwp.blueyonder.co.uk/tutorials/css/hacks/ */
.navItemOver { font-size: 10px; font-weight: bold; color: #ffffff; background-color: #003366; cursor: hand; voice-family: '\'}\''; voice-family:inherit; cursor: pointer;}
.navItemOver a { color: #ffffff; background-color:#003366; text-decoration: none; }
.navItemOver a:visited { color: #ffffff; background-color:#003366; text-decoration: none; }
.navItemOver a:hover { color: #ffffff; background-color:#003366; text-decoration: none; }
.navItem { font-size: 10px; font-weight: bold; color: #ffffff; background-color: #3c78b5; }
.navItem a { color: #ffffff; text-decoration: none; }
.navItem a:hover { color: #ffffff; text-decoration: none; }
.navItem a:visited { color: #ffffff; text-decoration: none; }

div.padded { padding: 4px; }
div.thickPadded { padding: 10px; }
h3.macrolibrariestitle {
    margin: 0px 0px 0px 0px;
}

div.centered { text-align: center; margin: 10px; }
div.centered table {margin: 0px auto; text-align: left; }

.tableview table {
    margin: 0;
}

.tableview th {
    text-align: left;
    color: #003366;
    font-size: 12px;
    padding: 5px 0px 0px 5px;
    border-bottom: 2px solid #3c78b5;
}
.tableview td {
    text-align: left;
    border-color: #ccc;
    border-width: 0px 0px 1px 0px;
    border-style: solid;
    margin: 0;
    padding: 4px 10px 4px 5px;
}

.grid {
    margin: 2px 0px 5px 0px;
    border-collapse: collapse;
}
.grid th  {
    border: 1px solid #ccc;
    padding: 2px 4px 2px 4px;
    background: #f0f0f0;
    text-align: center;
}
.grid td  {
    border: 1px solid #ccc;
    padding: 3px 4px 3px 4px;
}
.gridHover {
	background-color: #f9f9f9;
}

td.infocell {
    background-color: #f0f0f0;
}
.label {
	font-weight: bold;
	color: #003366;
}

label {
	font-weight: bold;
	color: #003366;
}

.error {
	background-color: #fcc;
}

.errorBox {
	background-color: #fcc;
    border: 1px solid #c00;
    padding: 5px;
    margin: 5px;
}

.errorMessage {
	color: #c00;
}

.success {
	background-color: #dfd;
}

.successBox {
	background-color: #dfd;
    border: 1px solid #090;
    padding: 5px;
    margin-top:5px;
    margin-bottom:5px;
}

blockquote {
	padding-left: 10px;
	padding-right: 10px;
	margin-left: 5px;
	margin-right: 0px;
	border-left: 1px solid #3c78b5;
}

table.confluenceTable
{
    margin: 5px;
    border-collapse: collapse;
}

/* Added as a temporary fix for CONF-4223. The table elements appear to be inheriting the border: none attribute from the sectionMacro class */
table.confluenceTable td.confluenceTd
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
}

/* Added as a temporary fix for CONF-4223. The table elements appear to be inheriting the border: none attribute from the sectionMacro class */
table.confluenceTable th.confluenceTh
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
    background-color: #f0f0f0;
    text-align: center;
}

td.confluenceTd
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
}

th.confluenceTh
{
    border-width: 1px;
    border-style: solid;
    border-color: #ccc;
    padding: 3px 4px 3px 4px;
    background-color: #f0f0f0;
    text-align: center;
}

DIV.small {
	font-size: 9px;
}

H1.pagename {
	margin-top: 0px;
}

IMG.inline  {}

.loginform {
    margin: 5px;
    border: 1px solid #ccc;
}

/* The text how the "This is a preview" comment should be shown. */
.previewnote { text-align: center;
                font-size: 11px;
                    color: red; }

/* How the preview content should be shown */
.previewcontent { background: #E0E0E0; }

/* How the system messages should be shown (DisplayMessage.jsp) */
.messagecontent { background: #E0E0E0; }

/* How the "This page has been modified..." -comment should be shown. */
.conflictnote { }

.createlink {
    color: maroon;
}
a.createlink {
    color: maroon;
}
.templateparameter {
    font-size: 9px;
    color: darkblue;
}

.diffadded {
    background: #ddffdd;
    padding: 1px 1px 1px 4px;
	border-left: 4px solid darkgreen;
}
.diffdeleted {
    color: #999;
    background: #ffdddd;
    padding: 1px 1px 1px 4px;
	border-left: 4px solid darkred;
}
.diffnochange {
    padding: 1px 1px 1px 4px;
	border-left: 4px solid lightgrey;
}
.differror {
    background: brown;
}
.diff {
    font-family: lucida console, courier new, fixed-width;
	font-size: 12px;
	line-height: 14px;
}
.diffaddedchars {
    background-color:#99ff99;
    font-weight:bolder;
}
.diffremovedchars {
    background-color:#ff9999;
    text-decoration: line-through;
    font-weight:bolder;
}

.greybackground {
    background: #f0f0f0
}

.greybox {
 	border: 1px solid #ddd;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.borderedGreyBox {
    border: 1px solid #cccccc;
    background-color: #f0f0f0;
    padding: 10px;
}

.greyboxfilled {
 	border: 1px solid #ddd;
    background: #f0f0f0;
    padding: 3px;
	margin: 1px 1px 10px 1px;
}

.navBackgroundBox {
    padding: 5px 5px 5px 5px;
    font-size: 22px;
	font-weight: bold;
	font-family: Arial, sans-serif;
	color: white;
    background: #3c78b5;
    text-decoration: none;
}

.previewBoxTop {
	background-color: #f0f0f0;
    border-width: 1px 1px 0px 1px;
    border-style: solid;
    border-color: #3c78b5;
    padding: 5px;
    margin: 5px 0px 0px 0px;
    text-align: center;
}
.previewContent {
    background-color: #fff;
 	border-color: #3c78b5;
	border-width: 0px 1px 0px 1px;
	border-style: solid;
	padding: 10px;
	margin: 0px;
}
.previewBoxBottom {
	background-color: #f0f0f0;
    border-width: 0px 1px 1px 1px;
    border-style: solid;
    border-color: #3c78b5;
    padding: 5px;
    margin: 0px 0px 5px 0px;
    text-align: center;
}

.functionbox {
    background-color: #f0f0f0;
 	border: 1px solid #3c78b5;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.functionbox-greyborder {
    background-color: #f0f0f0;
 	border: 1px solid #ddd;
	padding: 3px;
	margin: 1px 1px 10px 1px;
}

.search-highlight {
    background-color: #ffffcc;
}

/* normal (white) background */
.rowNormal {
    background-color: #ffffff;
 }

/* alternate (pale yellow) background */
.rowAlternate {
    background-color: #f7f7f7;
}

/* used in the list attachments table */
.rowAlternateNoBottomColor {
    background-color: #f7f7f7;
}

.rowAlternateNoBottomNoColor {
}

.rowAlternateNoBottomColor td {
    border-bottom: 0px;
}

.rowAlternateNoBottomNoColor td {
    border-bottom: 0px;
}

/* row highlight (grey) background */
.rowHighlight {
    background-color: #f0f0f0;

}

TD.greenbar {FONT-SIZE: 2px; BACKGROUND: #00df00; BORDER: 1px solid #9c9c9c; PADDING: 0px; }
TD.redbar {FONT-SIZE: 2px; BACKGROUND: #df0000; BORDER: 1px solid #9c9c9c; PADDING: 0px; }
TD.darkredbar {FONT-SIZE: 2px; BACKGROUND: #af0000; BORDER: 1px solid #9c9c9c; PADDING: 0px; }

TR.testpassed {FONT-SIZE: 2px; BACKGROUND: #ddffdd; PADDING: 0px; }
TR.testfailed {FONT-SIZE: 2px; BACKGROUND: #ffdddd; PADDING: 0px; }

.toolbar  {
    margin: 0px;
    border-collapse: collapse;
}

.toolbar td  {
    border: 1px solid #ccc;
    padding: 2px 2px 2px 2px;
    color: #ccc;
}

td.noformatting {
    border-width: 0px;
    border-style: none;
    text-align: center;
	padding: 0px;
}

.commentblock {
    margin: 12px 0 12px 0;
}

/*
 * Divs displaying the license information, if necessary.
 */
.license-eval, .license-none, .license-nonprofit {
    border-top: 1px solid #bbbbbb;
    text-align: center;
    font-size: 10px;
    font-family: Verdana, Arial, Helvetica, sans-serif;
}

.license-eval, .license-none {
    background-color: #ffcccc;
}

.license-eval b, .license-none b {
    color: #990000
}

.license-nonprofit {
    background-color: #ffffff;
}

/*
 * The shadow at the bottom of the page between the main content and the
 * "powered by" section.
 */
.bottomshadow {
    height: 12px;
    background-image: url("$req.contextPath/images/border/border_bottom.gif");
    background-repeat: repeat-x;
}

/*
 * Styling of the operations box
 */
.navmenu .operations li, .navmenu .operations ul {
    list-style: none;
    margin-left: 0;
    padding-left: 0;
}

.navmenu .operations ul {
    margin-bottom: 9px;
}

.navmenu .label {
    font-weight: inherit;
}

/*
 * Styling of ops as a toolbar
 */
.toolbar div {
    display: none;
}

.toolbar .label {
    display: none;
}

.toolbar .operations {
    display: block;
}

.toolbar .operations ul {
    display: inline;
    list-style: none;
    margin-left: 10px;
    padding-left: 0;
}

.toolbar .operations li {
    list-style: none;
    display: inline;
}

/* list page navigational tabs */
#foldertab {
padding: 3px 0px 3px 8px;
margin-left: 0;
border-bottom: 1px solid #3c78b5;
font: bold 11px Verdana, sans-serif;
}

#foldertab li {
list-style: none;
margin: 0;
display: inline;
}

#foldertab li a {
padding: 3px 0.5em;
margin-left: 3px;
border: 1px solid #3c78b5;
border-bottom: none;
background: #3c78b5;
text-decoration: none;
}

#foldertab li a:link { color: #ffffff; }
#foldertab li a:visited { color: #ffffff; }

#foldertab li a:hover {
color: #ffffff;
background: #003366;
border-color: #003366;
}

#foldertab li a.current {
background: white;
border-bottom: 1px solid white;
color: black;
}

#foldertab li a.current:link { color: black; }
#foldertab li a.current:visited { color: black; }
#foldertab li a.current:hover {
background: white;
border-bottom: 1px solid white;
color: black;
}

/* alphabet list */
ul#squaretab {
margin-left: 0;
padding-left: 0;
white-space: nowrap;
font: bold 8px Verdana, sans-serif;
}

#squaretab li {
display: inline;
list-style-type: none;
}

#squaretab a {
padding: 2px 6px;
border: 1px solid #3c78b5;
}

#squaretab a:link, #squaretab a:visited {
color: #fff;
background-color: #3c78b5;
text-decoration: none;
}

#squaretab a:hover {
color: #ffffff;
background-color: #003366;
border-color: #003366;
text-decoration: none;
}

#squaretab li a#current {
background: white;
color: black;
}

.blogcalendar * {
    font-family:verdana, arial, sans-serif;
    font-size:x-small;
    font-weight:normal;
    line-height:140%;
    padding:2px;
}


table.blogcalendar {
    border: 1px solid #3c78b5;
}

.blogcalendar th.calendarhead, a.calendarhead {
    font-size:x-small;
    font-weight:bold;
    padding:2px;
    text-transform:uppercase;
    background-color: #3c78b5;
    color: #ffffff;
    letter-spacing: .3em;
    text-transform: uppercase;
}

.calendarhead:visited {color: white;}
.calendarhead:active {color: white;}
.calendarhead:hover {color: white;}

.blogcalendar th {
    font-size:x-small;
    font-weight:bold;
    padding:2px;
    background-color:#f0f0f0;
}

.blogcalendar td {
    font-size:x-small;
    font-weight:normal;
}

.searchGroup { padding: 0 0 10px 0; background: #f0f0f0; }
.searchGroupHeading { font-size: 10px; font-weight: bold; color: #ffffff; background-color: #3c78b5; padding: 2px 4px 1px 4px; }
.searchItem { padding: 1px 4px 1px 4px; }
.searchItemSelected { padding: 1px 4px 1px 4px; font-weight: bold; background: #ddd; }

/* permissions page styles */
.permissionHeading {
    border-bottom: #bbb; border-width: 0 0 1px 0; border-style: solid; font-size: 16px; text-align: left;
}
.permissionTab {
    border-width: 0 0 0 1px; border-style: solid; background: #3c78b5; color: #ffffff; font-size: 10px;
}
.permissionSuperTab {
    border-width: 0 0 0 1px; border-style: solid; background: #003366; color: #ffffff;
}
.permissionCell {
    border-left: #bbb; border-width: 0 0 0 1px; border-style: solid;
}

/* warning panel */
.warningPanel { background: #FFFFCE; border:#F0C000 1px solid; padding: 8px; margin: 10px; }
/* alert panel */
.alertPanel { background: #FFCCCC; border:#C00 1px solid; padding: 8px; margin: 10px; }
/* info panel */
.infoPanel { background: #D8E4F1; border:#3c78b5 1px solid; padding: 8px; margin: 10px; }

/* side menu highlighting (e.g. space content screen) */
.optionPadded { padding: 2px; }
.optionSelected { background-color: #ffffcc; padding: 2px; border: 1px solid #ddd; margin: -1px; }
.optionSelected a { font-weight: bold; text-decoration: none; color: black; }

/* information macros */
.noteMacro { border-style: solid; border-width: 1px; border-color: #F0C000; background-color: #FFFFCE; text-align:left; margin-top: 5px; margin-bottom: 5px}
.warningMacro { border-style: solid; border-width: 1px; border-color: #c00; background-color: #fcc; text-align:left; margin-top: 5px; margin-bottom: 5px}
.infoMacro { border-style: solid; border-width: 1px; border-color: #3c78b5; background-color: #D8E4F1; text-align:left; margin-top: 5px; margin-bottom: 5px}
.tipMacro { border-style: solid; border-width: 1px; border-color: #090; background-color: #dfd; text-align:left; margin-top: 5px; margin-bottom: 5px}
.informationMacroPadding { padding: 5px 0 0 5px; }

table.infoMacro td, table.warningMacro td, table.tipMacro td, table.noteMacro td, table.sectionMacro td {
    border: none;
}

table.sectionMacroWithBorder td.columnMacro { border-style: dashed; border-width: 1px; border-color: #cccccc;}

.pagecontent
{
    padding: 10px;
    text-align: left;
}

/* styles for links in the top bar */
.topBarDiv a:link {color: #ffffff;}
.topBarDiv a:visited {color: #ffffff;}
.topBarDiv a:active {color: #ffffff;}
.topBarDiv a:hover {color: #ffffff;}
.topBarDiv {color: #ffffff;}

.topBar {
    background-color: #003366;
}


/* styles for extended operations */
.greyLinks a:link {color: #666666; text-decoration:underline;}
.greyLinks a:visited {color: #666666; text-decoration:underline;}
.greyLinks a:active {color: #666666; text-decoration:underline;}
.greyLinks a:hover {color: #666666; text-decoration:underline;}
.greyLinks {color: #666666; display:block; padding: 10px}

.logoSpaceLink {color: #999999; text-decoration: none}
.logoSpaceLink a:link {color: #999999; text-decoration: none}
.logoSpaceLink a:visited {color: #999999; text-decoration: none}
.logoSpaceLink a:active {color: #999999; text-decoration: none}
.logoSpaceLink a:hover {color: #003366; text-decoration: none}

/* basic panel (basicpanel.vmd) style */
.basicPanelContainer {border: 1px solid #3c78b5; margin-top: 2px; margin-bottom: 8px; width: 100%}
.basicPanelTitle {padding: 5px; margin: 0px; background-color: #f0f0f0; color: black; font-weight: bold;}
.basicPanelBody {padding: 5px; margin: 0px}

.separatorLinks a:link {color: white}
.separatorLinks a:visited {color: white}
.separatorLinks a:active {color: white}

.greynavbar {background-color: #f0f0f0; border-top: 1px solid #3c78b5; margin-top: 2px}

div.headerField {
    float: left;
    width: auto;
    height: 100%;
}

.headerFloat {
    margin-left: auto;
    width: 50%;
}

.headerFloatLeft {
    float: left;
    margin-right: 20px;
    margin-bottom: 10px;
}

#headerRow {
    padding: 10px;
}

div.license-personal {
   background-color: #003366;
   color: #ffffff;
}

div.license-personal a {
   color: #ffffff;
}

.greyFormBox {
    border: 1px solid #cccccc;
    padding: 5px;
}

/* IE automatically adds a margin before and after form tags. Use this style to remove that */
.marginlessForm {
    margin: 0px;
}

.openPageHighlight {
    background-color: #ffffcc;
    padding: 2px;
    border: 1px solid #ddd;
}

.editPageInsertLinks, .editPageInsertLinks a
{
    color: #666666;
    font-weight: bold;
    font-size: 10px;
}

/* Style for label heatmap. */
.top10 a {
    font-weight: bold;
    font-size: 2em;
    color: #003366;
}
.top25 a {
    font-weight: bold;
    font-size: 1.6em;
    color: #003366;
}
.top50 a {
    font-size: 1.4em;
    color: #003366;
}
.top100 a {
    font-size: 1.2em;
    color: #003366;
}

.heatmap {
    list-style:none;
    width: 95%;
    margin: 0px auto;
}

.heatmap a {
    text-decoration:none;
}

.heatmap a:hover {
    text-decoration:underline;
}

.heatmap li {
    display: inline;
}

.minitab {
padding: 3px 0px 3px 8px;
margin-left: 0;
margin-top: 1px;
margin-bottom: 0px;
border-bottom: 1px solid #3c78b5;
font: bold 9px Verdana, sans-serif;
text-decoration: none;
float:none;
}
.selectedminitab {
padding: 3px 0.5em;
margin-left: 3px;
margin-top: 1px;
border: 1px solid #3c78b5;
background: white;
border-bottom: 1px solid white;
color: #000000;
text-decoration: none;
}
.unselectedminitab {
padding: 3px 0.5em;
margin-left: 3px;
margin-top: 1px;
border: 1px solid #3c78b5;
border-bottom: none;
background: #3c78b5;
color: #ffffff;
text-decoration: none;
}

a.unselectedminitab:hover {
color: #ffffff;
background: #003366;
border-color: #003366;
}

a.unselectedminitab:link { color: white; }
a.unselectedminitab:visited { color: white; }

a.selectedminitab:link { color: black; }
a.selectedminitab:visited { color: black; }

.linkerror { background-color: #fcc;}

a.labelOperationLink:link {text-decoration: underline}
a.labelOperationLink:active {text-decoration: underline}
a.labelOperationLink:visited {text-decoration: underline}
a.labelOperationLink:hover {text-decoration: underline}

a.newLabel:link {background-color: #ddffdd}
a.newLabel:active {background-color: #ddffdd}
a.newLabel:visited {background-color: #ddffdd}
a.newLabel:hover {background-color: #ddffdd}

ul.square {list-style-type: square}

.inline-control-link {
    background: #ffc;
    font-size: 9px;
    color: #666;
    padding: 2px;
    text-transform: uppercase;
    text-decoration: none;
}


.inline-control-link a:link {text-decoration: none}
.inline-control-link a:active {text-decoration: none}
.inline-control-link a:visited {text-decoration: none}
.inline-control-link a:hover {text-decoration: none}

.inline-control-link {
    background: #ffc;
    font-size: 9px;
    color: #666;
    padding: 2px;
    text-transform: uppercase;
    text-decoration: none;
    cursor: pointer;
}

div.auto_complete {
    width: 350px;
    background: #fff;
}
div.auto_complete ul {
    border: 1px solid #888;
    margin: 0;
    padding: 0;
    width: 100%;
    list-style-type: none;
}
div.auto_complete ul li {
    margin: 0;
    padding: 3px;
}
div.auto_complete ul li.selected {
    background-color: #ffb;
}
div.auto_complete ul strong.highlight {
    color: #800;
    margin: 0;
    padding: 0;
}

/******* Edit Page Styles *******/
.toogleFormDiv{
    border:1px solid #A7A6AA;
    background-color:white;
    padding:5px;
    margin-top: 5px;
}

.toogleInfoDiv{
    border:1px solid #A7A6AA;
    background-color:white;
    display:none;
    padding:5px;
    margin-top: 10px;
}

.inputSection{
    margin-bottom:20px;
}

#editBox{
   border:1px solid lightgray;
   background-color:#F0F0F0;
}

/******* Left Navigation Theme Styles ********/
.leftnav li a {
    text-decoration:none;
    color:white;
    margin:0px;
    display:block;
    padding:2px;
    padding-left:5px;
    background-color: #3c78b5;
    border-top:1px solid #3c78b5;
}

.leftnav li a:active {color:white;}
.leftnav li a:visited {color:white;}
.leftnav li a:hover {background-color: #003366; color:white;}

/* Added by Shaun during i18n */
.replaced
{
    background-color: #33CC66;
}

.topPadding
{
    margin-top: 20px;
}

/* new form style */
.form-block {
    padding: 6px;
}
.form-error-block {
    padding: 6px;
    background: #fcc;
    border-top: #f0f0f0 1px solid;
    border-bottom: #f0f0f0 1px solid;
    margin-bottom: 6px;
    padding: 0 12px 0 12px;
}
.form-element-large {
    font-size: 16px;
    font-weight: bold;
    font-family: Arial, sans-serif;
    color: #003366;
}

.form-element-small {
    font-size: 12px;
    font-weight: bold;
    font-family: Arial, sans-serif;
    color: #003366;
}

.form-header {
    background: lightyellow;
    border-top: #f0f0f0 1px solid;
    border-bottom: #f0f0f0 1px solid;
    margin-bottom: 6px;
    padding: 0 12px 0 12px;
}
.form-header p, .form-block p, .form-error-block p {
    line-height: normal;
    margin: 12px 0 12px 0;
}
.form-example {
    color: #888;
    font-size: 11px;
}
.form-divider {
    border-bottom: #ccc 1px solid;
    margin-bottom: 6px;
}
.form-buttons {
    margin-top: 6px;
    border-top: #ccc 1px solid;
    border-bottom: #ccc 1px solid;
    background: #f0f0f0;
    padding: 10px;
    text-align: center;
}
.form-buttons input {
    width: 100px;
}
.form-block .error {
    padding: 6px;
    margin-bottom: 6px;
}
    -->
    </style>
</head>
<body>

<div id="PageContent">
<table class="pagecontent" border="0" cellpadding="0" cellspacing="0" width="100%"><tr>
<td valign="top" class="pagebody">

    <div class="pageheader">
        <span class="pagetitle">
            Page Edited :
            <a href="http://cwiki.apache.org/confluence/display/DIRxSRVx11">DIRxSRVx11</a> :
            <a href="http://cwiki.apache.org/confluence/display/DIRxSRVx11/ADS+Authentication">ADS Authentication</a>
        </span>
    </div>

     <p>
        <a href="http://cwiki.apache.org/confluence/display/DIRxSRVx11/ADS+Authentication">ADS Authentication</a>
        has been edited by             <a href="http://cwiki.apache.org/confluence/display/~elecharny">Emmanuel Lécharny</a>
            <span class="smallfont">(Jul 29, 2008)</span>.
     </p>
    
     <p>
                 <a href="http://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=87882&originalVersion=12&revisedVersion=13">(View changes)</a>
     </p>

    <span class="label">Content:</span><br/>
    <div class="greybox wiki-content"><h1><a name="ADSAuthentication-ApacheDirectoryServerAuthenticationmethods"></a>Apache Directory Server Authentication methods</h1>

<p>ADS follows the <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc4513.txt" title="Visit page outside Confluence" rel="nofollow">RFC 4513<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> which describes the authentication methods and security mechanisms of the <b>LDAP</b> protocol.</p>

<p>We will describe more specifically the implementation details of this <b>RFC</b> for documentation purposes.</p>

<h2><a name="ADSAuthentication-Authenticationmethods"></a>Authentication methods</h2>

<p>LDAP allows two authentication methods :</p>
<ul>
	<li><b>Simple</b></li>
	<li><b>SASL</b>&nbsp;</li>
</ul>


<p>It is important to be aware that the <b>Anonymous</b> authentication is just a specific case of a <b>Simple</b> authentication.<br/>
Another important point is that neither <b>Simple</b> not <b>SASL</b> offer a protection for the exchanged data.This is handled on another layer.</p>

<h2><a name="ADSAuthentication-%26nbsp%3BSecuringthecommunication"></a>&nbsp;Securing the communication</h2>

<p>As communication are not protected by default, we have to implement one of the two following mechanisms in order to provide some secure communication :</p>
<ul>
	<li><b>SSL</b></li>
	<li><b>TLS</b></li>
</ul>


<p>Both mechanisms are available in <b>Apache DS</b>.</p>

<h2><a name="ADSAuthentication-Authorizationstate"></a>Authorization state</h2>

<p>The default authorization state for a session is <b>Anonymous</b> until a <em>BindRequest</em> is successfully completed. An authorized session is immediately moved to an <b>Anonymous</b> state as soon as a <em>BindRequest</em> is received, whatever it's previous state was.</p>

<h2><a name="ADSAuthentication-Authentication"></a>Authentication</h2>

<p>Authentication is done through a <em>BindRequest</em>, which is described by this <b>ASN.1</b> portion of the LDAP protocol grammar :</p>
<div class="code"><div class="codeContent">
<pre class="code-java">BindRequest ::= [APPLICATION 0] SEQUENCE {
             version                 INTEGER (1 ..  127),
             name                    LDAPDN,
             authentication          AuthenticationChoice }

        AuthenticationChoice ::= CHOICE {
             simple                  [0] OCTET STRING,
                                     -- 1 and 2 reserved
             sasl                    [3] SaslCredentials,
             ...  }

        SaslCredentials ::= SEQUENCE {
             mechanism               LDAPString,
             credentials             OCTET STRING OPTIONAL }</pre>
</div></div>

<h3><a name="ADSAuthentication-Simpleauthentication"></a>Simple authentication</h3>

<p>The simple authentication is done through a Bind Request. It provides three authentication mechanisms :</p>
<ul>
	<li>anonymous&nbsp;</li>
	<li>unauthenticated</li>
	<li>name/password</li>
</ul>


<p>All those three mechanisms are deduced from the content of the <em>BindRequest</em>, when the <b>Simple</b> field for the <b>AuthenticationChoice</b> is set.<br/>
We have four different possibilities here :</p>
<table class='confluenceTable'><tbody>
<tr>
<td class='confluenceTd'> BaseDN </td>
<td class='confluenceTd'> password <br clear="all" /> </td>
<td class='confluenceTd'> Authentication <br clear="all" /> </td>
<td class='confluenceTd'> comment <br clear="all" /> </td>
</tr>
<tr>
<td class='confluenceTd'> empty </td>
<td class='confluenceTd'> empty <br clear="all" /> </td>
<td class='confluenceTd'> Anonymous <br clear="all" /> </td>
<td class='confluenceTd'> This is the default server state for any unauthenticated user <br clear="all" /> </td>
</tr>
<tr>
<td class='confluenceTd'> "xyz" </td>
<td class='confluenceTd'> empty <br clear="all" /> </td>
<td class='confluenceTd'> Unauthenticated <br clear="all" /> </td>
<td class='confluenceTd'> For trace purpose only. The server should throw an <b><em>UnwillingToPerform</em></b> result <br clear="all" /> </td>
</tr>
<tr>
<td class='confluenceTd'> "xyz" </td>
<td class='confluenceTd'> abc </td>
<td class='confluenceTd'> name/password </td>
<td class='confluenceTd'> Check for this user if it has the pasword in the set of passwords it stores <br clear="all" />
If the baseDN&nbsp; is incorrect, returns an <b><em>InvalidDNSyntax</em></b> result <br clear="all" />
If the authentication fails for any other reason, an <b><em>InvalidCredentials</em></b> result is returned <br clear="all" /> </td>
</tr>
<tr>
<td class='confluenceTd'> empty </td>
<td class='confluenceTd'> abc </td>
<td class='confluenceTd'> undefined </td>
<td class='confluenceTd'> not accepted by ADS <br clear="all" /> </td>
</tr>
</tbody></table>

<h4><a name="ADSAuthentication-Implementation"></a>Implementation</h4>

<p>For a simple authentication, the following algorithm is applied :</p>
<div class="preformatted"><div class="preformattedContent">
<pre>a BindRequest message is received
if  the version is not LDAP V3,
  error
if the bindRequest is a simple authentication,
  then
    create a BindOperationContext,
    store the baseDN, the credentials, the controls
    call the OperationManager.bind() method
</pre>
</div></div>

<h4><a name="ADSAuthentication-Tests"></a>Tests</h4>

<p>We need to cover all the different cases with the tests. Here are the list of possible tests :</p>
<ul>
	<li>SimpleBindUserPassword : try to connect using a known user/password and read an entry.</li>
	<li>SimpleBindUserBadPassword : try to connect using a known user but with a bad password: we should get a <b>invalidCredentials</b> error.</li>
	<li>SimpleBindBadUserPassword : try to connect using a user with an invalid DN: we should get a <b>invalidDNSyntax</b> error.</li>
	<li>SimpleBindUnknowUserPassword : try to connect using a unknown user: we should get a <b>invalidCredentials</b> error.</li>
	<li>SimpleBindNoUserNoPassword : covers the anonymous authentication : we should be able to read the rootDSE, but that's it</li>
	<li>SimpleBindUserNoPassword : covers the Unauthenticated case : we should get a <b>UnwillingToPerform</b> error.</li>
	<li>SimpleBindNoUserPassword : not allowed by the server. We should get a <b>invalidCredentials</b> error.</li>
</ul>


<h3><a name="ADSAuthentication-SASLauthentication"></a>SASL authentication</h3>

<p>The <b>SASL</b> authentication is more complex. It's described in <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc4513.txt" title="Visit page outside Confluence" rel="nofollow">RFC 4513<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span>. It should be the prefered authentication mechanism used for every LDAP connection, a it guarantee some level of security Simple authentication can't offer.</p>

<p><b>SASL</b> permits the client to negociate an authentication mechanism using the LDAP protocol during the handshake phase. It's important to understand that <b>SASL</b> by itself does <em>not</em> offer any kind of confidentiality, it's the negociated mechanism which does.</p>

<p>Last, not least, <b>SASL</b> and <b>SSL/TLS</b> can work in pair, in this case we perform <b>SASL EXTERNAL</b> authentication, <b>EXTERNAL</b> being a <b>SASL</b> mechanism.</p>

<h3><a name="ADSAuthentication-SASLmechanisms"></a>SASL mechanisms</h3>

<p><b>SASL</b> existing mechanisms are listed here :</p>

<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> name </th>
<th class='confluenceTh'> Frequency </th>
<th class='confluenceTh'> link </th>
<th class='confluenceTh'> ADS implementation </th>
</tr>
<tr>
<td class='confluenceTd'> KERBEROS_V4 </td>
<td class='confluenceTd'> OBSOLETE </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc2222.txt" title="Visit page outside Confluence" rel="nofollow">RFC2222<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> GSSAPI </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc4752.txt" title="Visit page outside Confluence" rel="nofollow">RFC4752<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> SKEY </td>
<td class='confluenceTd'> OBSOLETE </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc2444.txt" title="Visit page outside Confluence" rel="nofollow">RFC2444<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> EXTERNAL </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc4422.txt" title="Visit page outside Confluence" rel="nofollow">RFC4422<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> CRAM-MD5 </td>
<td class='confluenceTd'> LIMITED </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc2195.txt" title="Visit page outside Confluence" rel="nofollow">RFC2195<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> ANONYMOUS </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc4505.txt" title="Visit page outside Confluence" rel="nofollow">RFC4505<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> OTP </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc2444.txt" title="Visit page outside Confluence" rel="nofollow">RFC2444<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/><img class="emoticon" src="/confluence/images/icons/emoticons/warning.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> May be implemented </td>
</tr>
<tr>
<td class='confluenceTd'> GSS-SPNEGO </td>
<td class='confluenceTd'> LIMITED </td>
<td class='confluenceTd'> Paul Leach </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/><img class="emoticon" src="/confluence/images/icons/emoticons/warning.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> Will be implemented </td>
</tr>
<tr>
<td class='confluenceTd'> PLAIN </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc4616.txt" title="Visit page outside Confluence" rel="nofollow">RFC4616<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> SECURID </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc2808.txt" title="Visit page outside Confluence" rel="nofollow">RFC2808<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> NTLM </td>
<td class='confluenceTd'> LIMITED </td>
<td class='confluenceTd'> Paul Leach </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> NMAS_LOGIN </td>
<td class='confluenceTd'> LIMITED </td>
<td class='confluenceTd'> Mark G. Gayman </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> NMAS_AUTHEN </td>
<td class='confluenceTd'> LIMITED </td>
<td class='confluenceTd'> Mark G. Gayman </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> DIGEST-MD5 </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc2831.txt" title="Visit page outside Confluence" rel="nofollow">RFC2831<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/check.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> 9798-U-RSA-SHA1-ENC </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc3163.txt" title="Visit page outside Confluence" rel="nofollow">RFC3163<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> 9798-M-RSA-SHA1-ENC </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc3163.txt" title="Visit page outside Confluence" rel="nofollow">RFC3163<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> 9798-U-DSA-SHA1 </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc3163.txt" title="Visit page outside Confluence" rel="nofollow">RFC3163<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> 9798-M-DSA-SHA1 </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc3163.txt" title="Visit page outside Confluence" rel="nofollow">RFC3163<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> 9798-U-ECDSA-SHA1 </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc3163.txt" title="Visit page outside Confluence" rel="nofollow">RFC3163<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> 9798-M-ECDSA-SHA1 </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> <span class="nobr"><a href="http://www.rfc-editor.org/rfc/rfc3163.txt" title="Visit page outside Confluence" rel="nofollow">RFC3163<sup><img class="rendericon" src="/confluence/images/icons/linkext7.gif" height="7" width="7" align="absmiddle" alt="" border="0"/></sup></a></span> </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
<tr>
<td class='confluenceTd'> KERBEROS_V5 </td>
<td class='confluenceTd'> COMMON </td>
<td class='confluenceTd'> Simon Josefsson </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/><img class="emoticon" src="/confluence/images/icons/emoticons/warning.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> Will be implemented </td>
</tr>
<tr>
<td class='confluenceTd'> NMAS-SAMBA-AUTH </td>
<td class='confluenceTd'> LIMITED </td>
<td class='confluenceTd'> Vince Brimhall </td>
<td class='confluenceTd'> <img class="emoticon" src="/confluence/images/icons/emoticons/error.gif" height="16" width="16" align="absmiddle" alt="" border="0"/> </td>
</tr>
</tbody></table>
<p>A client can request the list of the server supported list of mechanisms by readng the <b><em>supportedSASLMechanisms</em></b> attribute from the root DSE, this attribute being available even if the client use an anonymous authorization.</p>

<h3><a name="ADSAuthentication-Implementation"></a>Implementation</h3>

<p>In order to get <b>SASL</b> working for a specific mechanism <b>XYZ</b>, we must implement two or three interfaces :</p>
<ul>
	<li><b><em>MechanismHandler</em></b>, in charge of creating a <b><em>SaslServer</em></b> instance, or to get the current one for the ongoing session</li>
	<li><b><em>CallbackHandler</em></b>, if we need to get some information like the Name, Password, etc...</li>
	<li>Optionally, <b><em>SaslServer</em></b>, if we need an instance which is not already provided by the underlying VM</li>
</ul>


<p>The Java 5 JVM provides <b><em>SaslServer</em></b> instances for <b>GSSAPI</b>, <b>CramMD5</b> and <b>DigestMD5</b> mechanisms.</p>

<h3><a name="ADSAuthentication-Client%2FServerdialog"></a>Client/Server dialog</h3>

<p><b>SASL</b> is a challenge/response system. A client initiate the communication, and the server replied either by validating the request, discarding it or asking for more information. The exchange goes on until we reach a state where the session is either validated or terminated.</p>

<p>From the server point of view, when it receives a BindRequest, it should check if it's a new request, or a reply to a challenge it has sent back to the client. We will store the current state in the IoSession.</p>

<p>The Session state can be one of :</p>
<ul>
	<li>anonymous</li>
	<li>bind in progress</li>
	<li>bound</li>
</ul>


<p>The following schema shows the different possible transitions :<br/>
<img src="/confluence/download/attachments/87882/BindSASL.png" align="absmiddle" border="0" /></p>

<p>We have to store this state into the IoSession so that we can determinate what to do with the incoming BindRequest received from a client.</p>

<p>Another important point is that each mechanism has to manage its own state machine : more than one Challenge/Response exchange can be necessary in order to get the authentication done. As this is an opaque mechanism from the server point of view, this has to be handled in a plugable mechanism (and this is why we have to implement the three forme interfaces).</p>

<p>What is important to know is that if the server receives two consecutive BindRequests, if the second one's mechanism is empty or different from the first one, the Session state is set back to "not bound". Sending an empty mechanism is one way to stop a authentication being processed, if the client wants to redo the authentication with the same mechanism, the other one being to switch to Simple authentication.</p>

<h3><a name="ADSAuthentication-ANONYMOUSSASLmechanismimplementation"></a>ANONYMOUS SASL mechanism implementation</h3>

<p>The ANONYMOUS mechanism, if used, will default to a simple bindRequest.</p>

<h3><a name="ADSAuthentication-PLAINSASLmechanismimplementation"></a>PLAIN SASL mechanism implementation</h3>


<h3><a name="ADSAuthentication-GSSAPISASLmechanismimplementation"></a>GSSAPI SASL mechanism implementation</h3>


<h3><a name="ADSAuthentication-CRAMMD5SASLmechanismimplementation"></a>CRAM-MD5 SASL mechanism implementation</h3>


<h3><a name="ADSAuthentication-DIGESTMD5SASLmechanismimplementation"></a>DIGEST-MD5 SASL mechanism implementation</h3>


<h3><a name="ADSAuthentication-NTLMSASLmechanismimplementation"></a>NTLM SASL mechanism implementation</h3>


<h3><a name="ADSAuthentication-EXTERNALSASLmechanismimplementation"></a>EXTERNAL SASL mechanism implementation</h3></div>


</td></tr></table></div>
<p>
<table border="0" cellpadding="0" cellspacing="0" width="100%">
    <tr>
        <td height="12" background="http://cwiki.apache.org/confluence/images/border/border_bottom.gif"><img src="http://cwiki.apache.org/confluence/images/border/spacer.gif" width="1" height="1" border="0"/></td>
    </tr>
</table>

<div class="smalltext">
    Powered by
    <a href="http://www.atlassian.com/software/confluence/default.jsp?clicked=footer" class="smalltext">Atlassian Confluence</a>
    (Version: 2.2.9 Build:#527 Sep 07, 2006)
    -
    <a href="http://jira.atlassian.com/secure/BrowseProject.jspa?id=10470" class="smalltext">Bug/feature request</a><br/>
    <br>
    <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action">Unsubscribe or edit your notifications preferences</a>

</div>

</body>
</html>


Mime
View raw message