directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <>
Subject [jira] [Resolved] (DIRSERVER-1325) Simple Authentication can not be disabled
Date Thu, 16 May 2013 17:01:19 GMT


Emmanuel Lecharny resolved DIRSERVER-1325.

    Resolution: Fixed

I modified the way we initialize the Authenticator so that they are not loaded when they are
disabled in the configuration
> Simple Authentication can not be disabled
> -----------------------------------------
>                 Key: DIRSERVER-1325
>                 URL:
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 1.5.4
>            Reporter: Andreas Kyrmegalos
>            Priority: Minor
>             Fix For: 2.0.0-RC1
> Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with
the settings I noticed this option:
>  <simpleMechanismHandler mech-name="SIMPLE"/>
> under the saslMechanismHandlers header. So, I assumed that, based on the name, one is
to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl
plain authentication can be deactivated. After commenting the above mentioned setting, SASL
PLAIN is no longer mentioned in "supportedSASLMechanisms" and if one attempts to use it, a
javax.naming.AuthenticationNotSupportedException is what one gets. Unfortunately, if one tries
to use SIMPLE as an authentication mechanism, the bind succeeds. This also holds true for
the 1.5.5 trunk (as of 3/9/2009). This can be fixed by adding a typical is/set pair for a
boolean value, just like the case for anonymous access, in,
making a check when authenticate() is called in
and adding the relevant setting to defaultDirectoryService in server.xml. Did this myself,
seems to work as intended.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message