directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1803) When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can bind freely
Date Thu, 14 Feb 2013 13:50:14 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13578366#comment-13578366
] 

Emmanuel Lecharny commented on DIRSERVER-1803:
----------------------------------------------

The reason is that we try to get the Authenticators related to the authent level required
(Simple, Strong - for SASL - or anonymous), and if we find none, we delegate to the nexus
:

AuthenticatorInterceptor :

        Collection<Authenticator> authenticators = getAuthenticators( level );

        if ( authenticators == null )
        {
            LOG.debug( "No authenticators found, delegating bind to the nexus." );

            // as a last resort try binding via the nexus
            next( bindContext );

BaseInterceptor :

        public void bind( BindOperationContext bindContext ) throws LdapException
        {
            // Do nothing here : there is no support for the Bind operation in Partition
        }

and we are connected... This is seriously WRONG.
                
> When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can
bind freely
> -------------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1803
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1803
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M10
>            Reporter: Emmanuel Lecharny
>            Priority: Blocker
>             Fix For: 2.0.0-M11
>
>
> Disable the SimpleAuthenticator, do a SIMPLE bind with a user and a password which don't
exist on theserver : you get connected !
> dn: aaa=b
> pwd : azerty
> Connected !

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message