Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 22112 invoked from network); 2 Sep 2008 13:44:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Sep 2008 13:44:36 -0000 Received: (qmail 68485 invoked by uid 500); 2 Sep 2008 13:44:34 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 68448 invoked by uid 500); 2 Sep 2008 13:44:33 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 68437 invoked by uid 99); 2 Sep 2008 13:44:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Sep 2008 06:44:33 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Sep 2008 13:43:44 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id ECC02234C1C6 for ; Tue, 2 Sep 2008 06:43:44 -0700 (PDT) Message-ID: <705952653.1220363024968.JavaMail.jira@brutus> Date: Tue, 2 Sep 2008 06:43:44 -0700 (PDT) From: "Steve hammond (JIRA)" To: dev@directory.apache.org Subject: [jira] Commented: (DIRSERVER-1240) After binding using NTLM, cannot query if AllowAnonymousAccess is off In-Reply-To: <1389277088.1220135504238.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/DIRSERVER-1240?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12627676#action_12627676 ] Steve hammond commented on DIRSERVER-1240: ------------------------------------------ Some things we found out this weekend. When logging in with NTLM, name (as an LdapDN) is not passed in. This is because it is encrypted in credentials, and it is possible that the DN for the name does not even exist on the LDAP server with distributed authentication. However ApahchDS is assuming that if the name is not present, it must be anonymous. > After binding using NTLM, cannot query if AllowAnonymousAccess is off > --------------------------------------------------------------------- > > Key: DIRSERVER-1240 > URL: https://issues.apache.org/jira/browse/DIRSERVER-1240 > Project: Directory ApacheDS > Issue Type: Bug > Affects Versions: 1.5.3 > Environment: Running on Windows under JBOSS > Reporter: Steve hammond > > After binding with NTLM, we can do a search and it says "Server has disabled anonymous binds" > One weird part, after setting AllowAnonymousAccess(false) on directory service, I cannot even query sasl supported mechanisms. > When I change that to true, but have apacheds.SetAllowAnonymousAccess(false), I can at least bind, but I cannot do any queries, getting above error. > When i allow all anonymous, I can bind with NTLM and do queries, but I think the queries are being performed as anonymous. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.