I'm moving through Interceptors to tie them to our new component system. As you might guess AuthenticationInterceptor needs some special care. Right now, Authenticators and PasswordPolicies are defined as entries under AuthenticationInterceptor's entry on DIT. I must say this is not so easy to enforce in new system. To make it work that way in component-hub, i have to do lots of modifications under many subsystems of component-hub, which is not many of us want i guess.
What i suggest is, introducing Authenticators and PasswordPolicies as new extension points to ApacheDS. Authenticators and PasswordPolicies will have their own component group under "ou=config". Then we hook them up with the AuthenticationInterceptor's instance in runtime, as they are appeared in OSGI container. If we do that "ou=config" will look like:
But i don't fully know Authenticators' and PasswordPolicies' nature in ApacheDS world. If we don't want them to be extensible but configurable under DIT, then we must find them some other place in DIT. Lets talk about it...