directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Norbet Reilly" <nrh...@gmail.com>
Subject Re: [ApacheDS] How to use Interceptor.bind() ?
Date Wed, 22 Feb 2006 23:15:16 GMT
Hi,

You're one of the Penrose folks right? If so, I considered using your
solution except the licensing wasn't "open" enough for my corporate
masters :-(

I'm also using the new bind() call (in fact I sort of motivated it's
addition a while back) but have found I still needed a custom
authenticator. I thought I'd delay discussing this until RC1 is out
the door - but since you brought it up.

Currently the code only falls back to using the custom partition's
bind when presented with an unknown authentication mechanism (refer
org.apache.directory.server.core.authn.AuthenticationService.bind()),
which isn't that useful for implementors of custom (proxy) partitions
wanting to delegate their binds.

To add more useful semantics one needs to distinguish between two cases:
    1. bind DN falls inside custom partition but it doesn't implement
bind, in this case I throw javax.naming.OperationNotSupportedException
(I have made throwing this exception the default bind() implementation
in org.apache.directory.server.core.partition.AbstractDirectoryPartition.bind())
    2. bind DN falls inside custom partition but when it's bind()
method is invoked the provided credentials are not valid or the
required auth mechanism is not supported, in this case
org.apache.directory.shared.ldap.exception.LdapAuthenticationException
or org.apache.directory.shared.ldap.exception.LdapAuthenticationNotSupportedException
are thrown).
The current AD code doesn't single out case 1.

I have some patches I'm using to support the bind stuff in a more
custom-partition-friendly way, if you (or the list) is interested. I
also have a patch for dynamically reading schemas from custom
partitions and combining them with the static schemas read by AD at
start-up.

Mime
View raw message