directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Kyrmegalos (JIRA)" <j...@apache.org>
Subject [jira] Created: (DIRSERVER-1325) Simple Authentication can not be disabled
Date Mon, 09 Mar 2009 01:49:56 GMT
Simple Authentication can not be disabled
-----------------------------------------

                 Key: DIRSERVER-1325
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1325
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 1.5.4
            Reporter: Andreas Kyrmegalos
            Priority: Minor


Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with the
settings I noticed this option:
 <simpleMechanismHandler mech-name="SIMPLE"/>
under the saslMechanismHandlers header. So, I assumed that, based on the name, one is to understand
that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl plain authentication
can be deactivated. After commenting the above mentioned setting, SASL PLAIN is no longer
mentioned in "supportedSASLMechanisms" and if one attempts to use it, a javax.naming.AuthenticationNotSupportedException
is what one gets. Unfortunately, if one tries to use SIMPLE as an authentication mechanism,
the bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009). This can be
fixed by adding a typical is/set pair for a boolean value, just like the case for anonymous
access, in org.apache.directory.server.core.DirectoryService.java, making a check when authenticate()
is called in org.apache.directory.server.core.SimpleAuthenticator and adding the relevant
setting to defaultDirectoryService in server.xml. Did this myself, seems to work as intended.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message