directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre-Arnaud Marcelot (JIRA)" <>
Subject [jira] [Updated] (DIRSERVER-1325) Simple Authentication can not be disabled
Date Fri, 26 Aug 2011 16:26:36 GMT


Pierre-Arnaud Marcelot updated DIRSERVER-1325:

    Fix Version/s:     (was: 2.0.0-M2)

> Simple Authentication can not be disabled
> -----------------------------------------
>                 Key: DIRSERVER-1325
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.4
>            Reporter: Andreas Kyrmegalos
>            Priority: Minor
>             Fix For: 2.0.0-M3
> Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with
the settings I noticed this option:
>  <simpleMechanismHandler mech-name="SIMPLE"/>
> under the saslMechanismHandlers header. So, I assumed that, based on the name, one is
to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl
plain authentication can be deactivated. After commenting the above mentioned setting, SASL
PLAIN is no longer mentioned in "supportedSASLMechanisms" and if one attempts to use it, a
javax.naming.AuthenticationNotSupportedException is what one gets. Unfortunately, if one tries
to use SIMPLE as an authentication mechanism, the bind succeeds. This also holds true for
the 1.5.5 trunk (as of 3/9/2009). This can be fixed by adding a typical is/set pair for a
boolean value, just like the case for anonymous access, in,
making a check when authenticate() is called in
and adding the relevant setting to defaultDirectoryService in server.xml. Did this myself,
seems to work as intended.

This message is automatically generated by JIRA.
For more information on JIRA, see:


View raw message