directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <>
Subject Re: [bb] MiscITest failure, take 2
Date Sat, 12 Jul 2008 16:29:10 GMT
Ok I hear ya.  However here's a radical thought.  Let's just do away with
the LDAP provider in bb now and switch over to the new one where we are
attempting to clarify and refactor all this.  More inline ...

On Sat, Jul 12, 2008 at 9:09 AM, Emmanuel Lecharny <>

> Hi,
> I still have failures on MiscITest, on both testDisableAnonymousBinds() and
> testEnableAnonymousBindsOnRootDSE() unit tests.

Right because the present LDAP protocol provider is convoluted and does not
mesh well with the changes we have made as a result of the bb.

> The reason why we have some failure is because we have disabled anonymous
> bind on the server. The big problem is that it's now handled in the Bind
> handler, which is called while creating the context.

Right this JNDI context creation to track sessions must go away and I
started working on this in the newldap-protocol module.  It's coming along
and I can use your help there.  Let's just drop trying to make the old
ldap-protocol module work and switch over to the new one.  It will be bumpy
but we can make it work with clarity now that the JNDI context basis to LDAP
session tracking is gone.

We have enough clarity now in the new module to just write out the handling
for the various authentication mechanisms/modes quickly without the wieght
of JNDI to obscure the picture.

> The big problem is that as soon as we are not allowed to do an anonymous
> bind, then we can't anymore create a context. Then any kind of following
> operation will fail, and this is the reason why the tests are failing.

Let's forget this and move on to the new module.  The old module is just

> InitialContextCreation should not try to bind the user, unless we are not
> asking for an Anonymous Bind.

See you're thinking with the old ldap-protocol module mindset which puts you
in that box of having to be constrained by the JNDI provider and all the
crap that it brings.

> We hould just create a context, and return it to the user. As soon as e
> will try to do a search, if the Anonymous state is not allowed, then it will
> get an exception.

JNDI Contexts go away along with the artificial constraints they imposed on
us.  Let's switch to the newldap-protocol module and carry on from there.

You did a great thing yesterday by getting the integration tests for core
working.  That was the basis step we needed to know that the core is heathy
and ready for us to move on to the protocol side.   Now we throw away this
old module and start fresh using the right data structures to clearly model
anon binds, simple and sasl bind mechanisms.

> In fact, the Anonymous bind is not a bind at all, it's just a state we get
> into as soon as we open a session on the server. Until we close the session
> (or it is closed buy the server itself), the user is either in Anonymous
> state or in authenticated state. Switching from one state to the other
> requires either a user action (a Bind with another mechanism, an Unbind) or
> a server action (authent revocation if the authent is based on certificate,
> and the certificate is revoqued or expire during a session).
> We have to review all the BigBang authentication mechanism as fast as
> possible.
> I'm disabling those two tests.

Let's not disable the tests.  Don't feel uncomfortable with the server-unit
stuff not working.  It should not work since the protocol module is now
obsolete.  These tests keep us straight and force us to make the new module
work properly to satisfy the correct requirements expected of it.


Microsoft gives you Windows, Linux gives you the whole house ...

View raw message