directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Kyrmegalos (JIRA)" <>
Subject [jira] Created: (DIRSERVER-1325) Simple Authentication can not be disabled
Date Mon, 09 Mar 2009 01:49:56 GMT
Simple Authentication can not be disabled

                 Key: DIRSERVER-1325
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: core
    Affects Versions: 1.5.4
            Reporter: Andreas Kyrmegalos
            Priority: Minor

Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with the
settings I noticed this option:
 <simpleMechanismHandler mech-name="SIMPLE"/>
under the saslMechanismHandlers header. So, I assumed that, based on the name, one is to understand
that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl plain authentication
can be deactivated. After commenting the above mentioned setting, SASL PLAIN is no longer
mentioned in "supportedSASLMechanisms" and if one attempts to use it, a javax.naming.AuthenticationNotSupportedException
is what one gets. Unfortunately, if one tries to use SIMPLE as an authentication mechanism,
the bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009). This can be
fixed by adding a typical is/set pair for a boolean value, just like the case for anonymous
access, in, making a check when authenticate()
is called in and adding the relevant
setting to defaultDirectoryService in server.xml. Did this myself, seems to work as intended.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message