directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <>
Subject Re: bind operation and interceptors
Date Thu, 25 Apr 2013 09:14:14 GMT
Le 4/24/13 6:00 PM, Emmanuel Lecharny a écrit :
> hi guys,
> I was wondering if it makes sense at all to process the bind operation
> through the interceptirs ? currently, we process it in the authn
> interceptor, all the other interceptors just ignore the operation. Why
> don't we handle this op in the bind handler ?

Let me explain a but further why I'm suggesting that (as I can now use a
computer, and not a mobile phone...)

Right now, a Bind is just a logical process that does not access the
backend (ie, there is no Bind operation done on any partition).
Basically, it's all about fetching the user's entry from the provided
DN, and compare the password in it with the provided password. For
external bind, it may be more ocmplex but again, it does not involve the

The thing is we have two interceptors implementing the bind() operation :
- NormalizationInterceptor : it normalize the user's DN
- AuthenticationInterceptor : This is where we process the authentication

We don't need to process the Bind in the NormalizationInterceptor, the
DN is already normalized (actually, I removed the implementation in this
class. It works like a charm without it).

So the question is really to know if we should not process the bind in
the OperationManager, as it's the entry point for any operation done in
the DirectoryService. It would not be the only operation that would hav
some pre-processing done in the OperationManager : for the add, compare,
delete, modify, move, moveAndRename, rename, search operations, we
pre-process referrals.

That would also make the addition of new authenticator easier, as they
will not depend on the AuthenticatorInterceptor configuration to be
added : we can associate them to the DirectoryService configuration instead.

so wdyt ?

Emmanuel Lécharny 

View raw message