Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 6217 invoked from network); 25 Sep 2008 14:06:36 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 25 Sep 2008 14:06:36 -0000 Received: (qmail 43076 invoked by uid 500); 25 Sep 2008 14:06:33 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 42920 invoked by uid 500); 25 Sep 2008 14:06:33 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 42909 invoked by uid 99); 25 Sep 2008 14:06:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Sep 2008 07:06:33 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of akarasulu@gmail.com designates 209.85.146.178 as permitted sender) Received: from [209.85.146.178] (HELO wa-out-1112.google.com) (209.85.146.178) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 25 Sep 2008 14:05:34 +0000 Received: by wa-out-1112.google.com with SMTP id m33so220327wag.9 for ; Thu, 25 Sep 2008 07:05:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender :to:subject:in-reply-to:mime-version:content-type:references :x-google-sender-auth; bh=lFeV/TUHBj8M8yABhrzIr3l2Ea2jR6/MCiOJuoM6dD0=; b=M2++fEsDSKzwyQ2AXo+sbsLorWsWJqL46jtTOC9xl/qFPu1SUnqxcVHz9GL1Vj5H3r +yoorbZVivijaXe10c3Pz151iMt0pqP6SXbFDZ/qMjWVkNNZBvOX3Hp1cdoGM/fK0lSl Nt3lzagRrp4CGjZsHLebjcD9tbZs8AFLlVZMs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=gk7X8ud8stGDfYUJHoZV9teYAhFp+ppwrwcdKCp5BeixRfMV2TuMaHkii+DFoT3Ndu Kpf44S9x6F3wAupIia17KNFEzoYEMjfpmFvnQEcOaubIc89CygnoF1NtYr1c/xYEa4cm tKzKXXf0FJle8i6s40QiEyPCMWHdcg41cUrk4= Received: by 10.114.37.1 with SMTP id k1mr9477168wak.44.1222351558545; Thu, 25 Sep 2008 07:05:58 -0700 (PDT) Received: by 10.114.66.3 with HTTP; Thu, 25 Sep 2008 07:05:58 -0700 (PDT) Message-ID: Date: Thu, 25 Sep 2008 10:05:58 -0400 From: "Alex Karasulu" Sender: akarasulu@gmail.com To: users@directory.apache.org Subject: Re: Automatic Authentication In-Reply-To: <2483E9205CDA7E40AB8F8D87EF05140A0FEB69@POSTA.aselsan.com.tr> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_95884_27011323.1222351558552" References: <2483E9205CDA7E40AB8F8D87EF05140A0FEB69@POSTA.aselsan.com.tr> X-Google-Sender-Auth: 920c28afb5448dd1 X-Virus-Checked: Checked by ClamAV on apache.org ------=_Part_95884_27011323.1222351558552 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Hi Tolga, On Thu, Sep 25, 2008 at 9:04 AM, Tolga YURDAKUL wrote: > Hi, > > We are comparing automatic authentication procedures with Active Directory > and Apache Directory Server. > > With Active Directory; > Automatic authentication is simple; you define a user with a "logonname" > and use this logonname and a password for the bind procedure, which ends up > successful if these two values match with the values stored in the server. > Note that Active Directory is a NOS directory. AD intrinsically has a means to either automatically find or map domain\username to some user entry. I guess this is what you mean by "Automatic Authentication". This AD specific behavior is not part of the LDAP protocol. The protocol requires a DN for the bind DN. > With Apache Directory Server; > You have to use the users full Distinguished Name (DN) and a password for > the bind procedure. since the user at the client machine cannot know his/her > DN during the logon procedure, he/she enters a username and a password. The > JNDI bind code at the client machine first authenticates as admininstrator > to the server, searches for the user entry using the username as a filter, > if the user exists the DN is drawn to the client and used in the bind > procedure with the password the user entered before. > This is a workaround we have to use for automatic authentication. > We could create an AD compatibility mode that can be toggled in the configuration to allow ApacheDS to relax these protocol requirements: that is to take a none DN of the bind principal. This however would require some work on the protocol frontend and some other changes in the internals where bind requests are handled. To summarize we can support this but the man power right now is spread thin. > > Is there a way to authenticate automatically to Apache Directory Server > directly with a logonname and a password just like it is with Active > Directory without having to use DN for authentication? > The short answer is no. But as you see above it's a no brainer to implement this functionality. Alev > Tolga. > ###################################################################### > Dikkat: > > Bu elektronik posta mesaji kisisel ve ozeldir. Eger size > gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz. > Firmamiza gelen ve giden mesajlar virus taramasindan gecirilmekte, > guvenlik nedeni ile kontrol edilerek saklanmaktadir. Mesajdaki > gorusler ve bakis acisi gondericiye ait olup Aselsan A.S. resmi > gorusu olmak zorunda degildir. > > ###################################################################### > Attention: > > This e-mail message is privileged and confidential. If you are > not the intended recipient please delete the message and notify > the sender. E-mails to and from the company are monitored for > operational reasons and in accordance with lawful business practices. > Any views or opinions presented are solely those of the author and > do not necessarily represent the views of the company. > > ###################################################################### > ------=_Part_95884_27011323.1222351558552--