directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Boorshtein <>
Subject Re: custom authenticator and custom partition
Date Tue, 24 May 2005 22:33:17 GMT
> -          When the AuthenticationService.process()
> loops through the
> configured authenticator, it will try the
> SimpleAuthenticator first by
> default. Is there any way to disable this and just
> loops over the
> configured authenticator (see server.authenticators
> properties)?

To be honest i don't really like the authenticator
framework anyway...I think there should be a "bind"
method in the partition.  The current setup seems to
be tailor made for the jdbm partition implementation.
> -          In SimpleAuthenticator.authenticate(), if
> the user DN is not
> found it will throw an LdapNameNotFoundException
> exception. But this is
> preventing the AuthenticationService.process() 
> to call the next authenticator. 
> I think it should just throw an
> LdapAuthenticationException exception.
> What do you all think?

In most directories i've seen this is the case (a dn
that can't be found response with error 32, name not
found).  I'm not sure if this is in the rfc or not.

> -          In the method authenticate() of my custom
> authenticator, I
> created an LdapPrincipal and returned it. I also
> created a connection to
> my own database, based on the 
> principal that we are trying to authenticate, and
> added that to the
> ServerContext. 
> Later on in my custom partition code, I want to be
> able to retrieve both
> the LdapPrincipal and the connection to my own
> database.
> It looks like only the method search() has an input
> parameter (Map env)
> with the environment associated with the
> ServerContext. 
> But I want to be able to retrieve this environment
> also from other
> methods (like modify, add and delete). 
> Is that possible?

Well, if youa re keying off of a bind dn then you can
allways maintain a map based on that dn as an instance
variable.  Though I do think there should be something
to tie information to both a request and a connection.


View raw message