directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu (JIRA)" <j...@apache.org>
Subject [jira] Updated: (DIRSERVER-640) bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
Date Wed, 27 Aug 2008 19:29:44 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alex Karasulu updated DIRSERVER-640:
------------------------------------

    Fix Version/s:     (was: 1.5.4)
                   1.5.6

Postponed for authn/authz push in 1.5.6 when all these issues can be tackled.

> bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the
client.
> -----------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-640
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-640
>             Project: Directory ApacheDS
>          Issue Type: Improvement
>          Components: ldap
>    Affects Versions: 1.0-RC3
>         Environment: windows/linux
>            Reporter: Ralf Hauser
>             Fix For: 1.5.6
>
>         Attachments: AuthenticationService.java.patch
>
>
> For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
> If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException
and I appreciate a lot to be able to provide some hint (String explanation) why the exception
was thrown.
> Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind
failed" - the equivalent is visible in the server log as
> <<Ldap Result
>             Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
>             Matched DN : 'null'
>             Error message : 'Bind failed'>>
> It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor
next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
>  where that expception is caught, neither its class is analyzed in detail nor is there
any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException
constructor does exist that takes a "msg" for explanations.
> Therefore my suggestion: please make sure that it is possible to provide a user more
information by optionally appending an "explantion" to the 'Bind failed' a client currently
sees in an ldap client.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message