directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <>
Subject [bigbang] Internal bind problem
Date Wed, 19 Dec 2007 00:34:15 GMT
Hi, Directory developers,

I'm trying to get the kerbero-client working, to replace JAAS and to
get some integration tests live for SASL GSSAPI.  I found the
following problem trying to get SASL GSSAPI working in 'bigbang'.  The
problem is that in the findPrincipal# method of DefaultBindHandler, an
LdapPrincipal is created to do an internal bind to the backend.
However, this bind is rejected because the name must be normalized
(see exception).  FWIW, I noticed ServerDNConstants has a String
constant for the normalized name.  Can this be used to "shotgun"
create a normalized admin principal?

What is the recommended way to bind to the directory service internally?

The code where the bind is attempted (in DefaultBindHandler):
                LdapPrincipal principal = new LdapPrincipal(
                        new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN
), AuthenticationLevel.SIMPLE );
                ctx = ldapServer.getDirectoryService().getJndiContext(
principal, ldapServer.getSearchBaseDn() );

The resulting exception (which is swallowed, BTW):

java.lang.IllegalStateException: Names used for principals must be normalized!
	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(


View raw message