Return-Path: Delivered-To: apmail-directory-dev-archive@www.apache.org Received: (qmail 35089 invoked from network); 15 Apr 2011 07:01:44 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 15 Apr 2011 07:01:44 -0000 Received: (qmail 71608 invoked by uid 500); 15 Apr 2011 07:01:41 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 71536 invoked by uid 500); 15 Apr 2011 07:01:40 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 71517 invoked by uid 99); 15 Apr 2011 07:01:37 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Apr 2011 07:01:37 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of pajbam@gmail.com designates 74.125.82.44 as permitted sender) Received: from [74.125.82.44] (HELO mail-ww0-f44.google.com) (74.125.82.44) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Apr 2011 07:01:29 +0000 Received: by wwa36 with SMTP id 36so2862855wwa.1 for ; Fri, 15 Apr 2011 00:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:sender:content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id:references:to :x-mailer; bh=IfReBAe1MHRb5eQW1ydn6F5YX+2FYjXEw+E+X1mY8/o=; b=lokWbZrsvVlzLTzmwojsHX0QNU4p5oue6/ZFM15uTyqJNWZ7ggS3kQytH4TCh7Z7zL mp5l24Gv/1hm6cbX8svQUBrX+x0ETLibdSz0956KtgdqKmYQLumuJnO1CWwQwEiQm+I9 35mwLORM+WhRPyfWXYSlRnkSpM9IWyeC3zxeU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; b=hnx80C3EyfYmNSvxEdY4LIN5zZ0WSt5w8kG4bZckZ7qB3DZqsR0zAVdBJCTQiVIgmf oXNpBKB3oggDTcc+CmJCE5MERsgslaxt0nlV3DdGWBtYt/nV5EoPnIOFGyac0ZLHOH3G 9D98SNmd+pSwmTB4bOnbSs89aa6nvzDHX3tD8= Received: by 10.227.21.217 with SMTP id k25mr1699375wbb.135.1302850869578; Fri, 15 Apr 2011 00:01:09 -0700 (PDT) Received: from [10.0.1.2] (def92-4-82-225-58-213.fbx.proxad.net [82.225.58.213]) by mx.google.com with ESMTPS id y29sm1416877wbd.21.2011.04.15.00.01.07 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 15 Apr 2011 00:01:08 -0700 (PDT) Sender: Pierre-Arnaud Marcelot Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Apple Message framework v1084) Subject: Re: SASL in the client API From: Pierre-Arnaud Marcelot In-Reply-To: <4DA76E40.7020304@gmail.com> Date: Fri, 15 Apr 2011 09:01:06 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <582E6E78-D9D2-41FC-B03B-CBBAB41C2DA8@marcelot.net> References: <4DA76E40.7020304@gmail.com> To: "Apache Directory Developers List" X-Mailer: Apple Mail (2.1084) X-Virus-Checked: Checked by ClamAV on apache.org Hi Emmanuel, AFAIR (I'm the one who created those three classes and their abstract = superclass) the idea was to be able to store all the client parameters = (login, password, various SASL settings) in simple classes. These = classes being used with an LDAP Connection via a bind request. I'll have to look in the code, but I think that we've used the = SaslClient class internally to manage the challenge/response dialog, ie. = we haven't (hopefully) reimplemented everything. Have a look at the LdapNetworkConnection.bindSasl(...) method. To me, the basic idea was that the casual LDAP user should not know = about the SASL implementation and/or the SaslClient classes. He only = uses our simple API classes to describes the LDAP bind requests (with = SASL) and lets the API do all the work without worrying about complex = encryption mechanisms, challenge/response, or having to learn another = complex API (the SaslClient API). Regards, Pierre-Arnaud On 14 avr. 2011, at 23:59, Emmanuel Lecharny wrote: > Hi guys, >=20 > I'm having some hard time with SASL handling on the client side. = Currently, we support CRAM-MD5, DIGEST-MD5 and GSSAPI mechanisms, but = the PLAIN en EXTERNAL mechanisms are not supported. >=20 > So I decided to implement the PLAIN mechanism which is supported by = the server, and I found that we have an approach that could be improved. = Currently, we have re-implemented the full mechanism, and we have some = dedicated class for each mechanism : > - CramMd5Request > - DigestMd5Request > - GssApiRequest >=20 > internally, we handle the challenge/response dialog. >=20 > That's fine, but we could have use the Java SaslClient classes to do = the same thing. Even better, we could also merge the way the server = handle SASL with the client side. >=20 > This is what I'm going to investigate in the next couple of days. >=20 > --=20 > Regards, > Cordialement, > Emmanuel L=E9charny > www.iktek.com >=20