Ok I hear ya.  However here's a radical thought.  Let's just do away with the LDAP provider in bb now and switch over to the new one where we are attempting to clarify and refactor all this.  More inline ...

On Sat, Jul 12, 2008 at 9:09 AM, Emmanuel Lecharny <elecharny@gmail.com> wrote:

I still have failures on MiscITest, on both testDisableAnonymousBinds() and testEnableAnonymousBindsOnRootDSE() unit tests.

Right because the present LDAP protocol provider is convoluted and does not mesh well with the changes we have made as a result of the bb.

The reason why we have some failure is because we have disabled anonymous bind on the server. The big problem is that it's now handled in the Bind handler, which is called while creating the context.

Right this JNDI context creation to track sessions must go away and I started working on this in the newldap-protocol module.  It's coming along and I can use your help there.  Let's just drop trying to make the old ldap-protocol module work and switch over to the new one.  It will be bumpy but we can make it work with clarity now that the JNDI context basis to LDAP session tracking is gone.

We have enough clarity now in the new module to just write out the handling for the various authentication mechanisms/modes quickly without the wieght of JNDI to obscure the picture.

The big problem is that as soon as we are not allowed to do an anonymous bind, then we can't anymore create a context. Then any kind of following operation will fail, and this is the reason why the tests are failing.

Let's forget this and move on to the new module.  The old module is just dorked.

InitialContextCreation should not try to bind the user, unless we are not asking for an Anonymous Bind.

See you're thinking with the old ldap-protocol module mindset which puts you in that box of having to be constrained by the JNDI provider and all the crap that it brings. 
We hould just create a context, and return it to the user. As soon as e will try to do a search, if the Anonymous state is not allowed, then it will get an exception.

JNDI Contexts go away along with the artificial constraints they imposed on us.  Let's switch to the newldap-protocol module and carry on from there. 

You did a great thing yesterday by getting the integration tests for core working.  That was the basis step we needed to know that the core is heathy and ready for us to move on to the protocol side.   Now we throw away this old module and start fresh using the right data structures to clearly model anon binds, simple and sasl bind mechanisms.

In fact, the Anonymous bind is not a bind at all, it's just a state we get into as soon as we open a session on the server. Until we close the session (or it is closed buy the server itself), the user is either in Anonymous state or in authenticated state. Switching from one state to the other requires either a user action (a Bind with another mechanism, an Unbind) or a server action (authent revocation if the authent is based on certificate, and the certificate is revoqued or expire during a session).

We have to review all the BigBang authentication mechanism as fast as possible.

I'm disabling those two tests.

Let's not disable the tests.  Don't feel uncomfortable with the server-unit stuff not working.  It should not work since the protocol module is now obsolete.  These tests keep us straight and force us to make the new module work properly to satisfy the correct requirements expected of it.


Microsoft gives you Windows, Linux gives you the whole house ...