directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <>
Subject [ApacheDS] Authentication on Startup
Date Wed, 03 Oct 2007 05:09:28 GMT

Looking at the code I've come to the realization that we simply need to
remove the username, and
password which exists in the server.xml file.  Embedders should not have to
authenticate.  Instead it's
best to allow for the creation of LdapPrincipals from any piece of
authorized code to stuff requests
with the appropriate principals.  This way the protocol providers and
embedders can create the admin
principal and manage the server.

However we definitely need a security manager to prevent unauthorized access
to critical resources
in the server to prevent stored procedures for example in this case from
masquerading as other users.

How we do this with dyamism is a bit unclear for me but it's just about
doing some research and planning
to figure out what critical resources to protect.  For now all I know is
this issue is not cool and perhaps
totally unnecessary.  Secondly it ties us to JNDI.  I'm going to wack both
problems for now until JNDI
is out of the way and revisit it once the dust settles to reveal a clearer


View raw message