directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRAPI-105) Implement the EXTERNAL SASL Bind mechanism
Date Mon, 20 Nov 2017 16:02:00 GMT

    [ https://issues.apache.org/jira/browse/DIRAPI-105?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259405#comment-16259405
] 

Emmanuel Lecharny commented on DIRAPI-105:
------------------------------------------

So AFAIU, it's enough to send a {{BindRequest}} with the 'EXTERNAL'  mechanism, and an optional
{{authzid}} parameter. The requirement would be that we have already established a TLS session
(there are other means by which the client might be authenticated by the server, like IP-level
security).

ATM, we could assume it's up to the server to determinate if SASL EXTERNAL request is to be
accepted or rejected. 

Adding the associated code in the API is quite trivial, and I suggest we do it quick. The
real trouble would be for us to test this code, as {{ApacheDS}} currently does not support
TLS session, but that should not be a show-stopper.


>  Implement the EXTERNAL SASL Bind mechanism
> -------------------------------------------
>
>                 Key: DIRAPI-105
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-105
>             Project: Directory Client API
>          Issue Type: New Feature
>    Affects Versions: 1.0.0-M2
>            Reporter: Emmanuel Lecharny
>             Fix For: 1.0.1
>
>




--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message