directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRSERVER-1325) Simple Authentication can not be disabled
Date Fri, 26 Aug 2011 16:26:36 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Pierre-Arnaud Marcelot updated DIRSERVER-1325:
----------------------------------------------

    Fix Version/s:     (was: 2.0.0-M2)
                   2.0.0-M3

> Simple Authentication can not be disabled
> -----------------------------------------
>
>                 Key: DIRSERVER-1325
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1325
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.4
>            Reporter: Andreas Kyrmegalos
>            Priority: Minor
>             Fix For: 2.0.0-M3
>
>
> Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with
the settings I noticed this option:
>  <simpleMechanismHandler mech-name="SIMPLE"/>
> under the saslMechanismHandlers header. So, I assumed that, based on the name, one is
to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl
plain authentication can be deactivated. After commenting the above mentioned setting, SASL
PLAIN is no longer mentioned in "supportedSASLMechanisms" and if one attempts to use it, a
javax.naming.AuthenticationNotSupportedException is what one gets. Unfortunately, if one tries
to use SIMPLE as an authentication mechanism, the bind succeeds. This also holds true for
the 1.5.5 trunk (as of 3/9/2009). This can be fixed by adding a typical is/set pair for a
boolean value, just like the case for anonymous access, in org.apache.directory.server.core.DirectoryService.java,
making a check when authenticate() is called in org.apache.directory.server.core.SimpleAuthenticator
and adding the relevant setting to defaultDirectoryService in server.xml. Did this myself,
seems to work as intended.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message