directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Re: [bigbang] Internal bind problem
Date Wed, 19 Dec 2007 08:14:38 GMT
Hi Enrique,

you can use the ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED constant. 
It's a normalized form of the admin principal.

Try this guy, and tell us if it solve the problem.

Emmanuel

Enrique Rodriguez wrote:
> Hi, Directory developers,
>
> I'm trying to get the kerbero-client working, to replace JAAS and to
> get some integration tests live for SASL GSSAPI.  I found the
> following problem trying to get SASL GSSAPI working in 'bigbang'.  The
> problem is that in the findPrincipal# method of DefaultBindHandler, an
> LdapPrincipal is created to do an internal bind to the backend.
> However, this bind is rejected because the name must be normalized
> (see exception).  FWIW, I noticed ServerDNConstants has a String
> constant for the normalized name.  Can this be used to "shotgun"
> create a normalized admin principal?
>
> What is the recommended way to bind to the directory service internally?
>
> The code where the bind is attempted (in DefaultBindHandler):
> ...
>                 LdapPrincipal principal = new LdapPrincipal(
>                         new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN
> ), AuthenticationLevel.SIMPLE );
>                 ctx = ldapServer.getDirectoryService().getJndiContext(
> principal, ldapServer.getSearchBaseDn() );
> ...
>
> The resulting exception (which is swallowed, BTW):
>
> java.lang.IllegalStateException: Names used for principals must be normalized!
> 	at org.apache.directory.server.core.authn.LdapPrincipal.<init>(LdapPrincipal.java:72)
> 	at org.apache.directory.server.ldap.support.DefaultBindHandler.findPrincipal(DefaultBindHandler.java:514)
> 	at org.apache.directory.server.ldap.support.DefaultBindHandler.getSubject(DefaultBindHandler.java:469)
> 	at org.apache.directory.server.ldap.support.DefaultBindHandler.handleSaslAuth(DefaultBindHandler.java:317)
> 	at org.apache.directory.server.ldap.support.DefaultBindHandler.bindMessageReceived(DefaultBindHandler.java:727)
> 	at org.apache.directory.server.ldap.support.BindHandler.messageReceived(BindHandler.java:48)
> 	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:141)
> 	...
>
> Enrique
>
>   


-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message