directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Denis Mikhalkin <>
Subject Configuring custom authenticator for ApacheDS 2.0.0-M11
Date Mon, 01 Apr 2013 11:17:52 GMT

I'm written a custom authenticator (
and configured it at "ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config".
I can see that my class is getting loaded (constructor invoked), however its authenticate
method never gets called.

After digging through the source code I found the following suspicious sequence of actions:
- The DirectoryService is getting created by createDirectoryService in ServiceBuilder
- That calls createInterceptors() which creates the AuthenticationInterceptor. It reads the
properties and creates my authenticator class
- It then calls setAuthenticators with the array of authenticators which then calls register
for each one of them
- Register calls init however the directoryService is null (?!?) [1]


Later, there is a call to DefaultDirectoryService.initialize which calls Authenticator.init
on each Authenticator again. However, my class does not get invoked.

What happens is that DefaultDirectoryService.initialize eventually gets to AuthenticationInterceptor,
which reads the list of authenticators from the authenticators field. This field gets populated
in setDefaultAuthenticators, but does not get updated since then. In the end, even though
custom authenticators are initialized, only the default authenticators are registered with
the interceptor [2].

I'm puzzled by the behavior [1] however the most critical one is [2]. Because of it I can't
seem to be able to have my authenticator get invoked during authentication.

I've done a manual quick fix by adding the update of the AuthenticationInterceptor.authenticators set
during the AuthenticationInterceptor.register method and it seems to have fixed the issue.
Not sure whether this is the right fix. May be I'm not configuring my authenticator correctly?
The user guide does not seem to talk abut custom authenticators anymore...


    private void register( Authenticator authenticator, DirectoryService directoryService
) throws LdapException
        authenticator.init( directoryService );

        Collection<Authenticator> authenticatorList = getAuthenticators( authenticator.getAuthenticatorType()

        if ( authenticatorList == null )
            authenticatorList = new ArrayList<Authenticator>();
            authenticatorsMapByType.put( authenticator.getAuthenticatorType(), authenticatorList

        authenticatorList.add( authenticator );
+        authenticators.add( authenticator );

Should I raise a JIRA issue or could this be a configuration problem?


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message