[#DIRSERVER-435] delegating binds to custom partitions

Directory ApacheDS

delegating binds to custom partitions

Created: 20/Sep/05 02:59 PM Updated: 21/Apr/07 11:17 AM

Return to search

Component/s:

None

Affects Version/s:

None

Fix Version/s:

1.0-RC1

Time Tracking:

Not Specified

File Attachments:

	File Name	Date Attached	Attached By	Size
	delegate_bind.patch	2005-09-20 03:06 PM	Norval Hope	14 kB

Environment:

jdk1.4.2

Resolution Date:

10/Feb/06 02:00 PM

Description

« Hide

I have created a patch which permits SimpleAuthenticator to optionally delegate bind calls to the custom partition matching the DN provided to a bind call. This seems like the right general approach to take, but there were some points I wasn't completely certain about (being a noob):
    1) I pass the credentials in as a Object (rather then byte[]) to allow for future flexibility when SASL support is added to DS.
    2) The bind() call returns an InitialContext which SimpleAuthenticator immediately closes, rather then say returning a boolean. This seems sensible though.
    3) Given the new bind() call is only optionally implemented by a ContextPartition, the default bases classes return null when it is called. A NotImplementedException type approach would work just as well, but I am unsure how the relative pros and cons are preceived by the core DS developers (runtime cost versus cleanliness).

I also realise that the bind call is only one of a number of delegations that will eventually need to be supported to custom partitions, but hope that this patch isn't heading in the wrong direction and thus compromising any future work that may be required.

If the patch is deemed useful, but further work is required due to any/all of the reasons above (or some I haven't considered) then let me know.

All

Comments

Work Log

Change History

Subversion Commits

Sort Order:

[ Permlink | « Hide ]

Trustin Lee added a comment - 22/Sep/05 12:13 PM

Thank you for your patch first of all, Norbert. But can I know the use case of this patch? BIND operation is used only for authentication and AuthenticationService performs it already. Is there any reason to delegate bind operation to interceptors and context partitions? Any ideas are appreciated.

[ Permlink | « Hide ]

Alex Karasulu added a comment - 25/Oct/05 03:42 PM

What's the status of this?

[ Permlink | « Hide ]

Trustin Lee added a comment - 25/Oct/05 05:40 PM

In the long run, we'll have to change the interceptor interface to filter all LDAP operations. It will help users implement LDAP proxy very easily. WDYT?

[ Permlink | « Hide ]

Alex Karasulu added a comment - 26/Oct/05 12:26 AM

You mean just adding bind() to what we have? I guess that's the only missing operation. However I think this is a wrong turn in our architectural vision.

First because a partitions are for storage. Using them for proxying is tangential to our aims.

A proxy can be implemented in other ways via views. Using a partition to do is effective but a hack. When we implement views proxies can easily be written.

Still there may be some benefit to intercepting a bind operation. Let me think more about this. Bind interception might be good for views too. Thanks T.

[ Permlink | « Hide ]

Alex Karasulu added a comment - 10/Feb/06 02:00 PM

unbind and bind operations have been added to partitions and piplined. They are now called when there are no authenticators registered to handle the authmeth.

[ Permlink | « Hide ]

Emmanuel Lecharny added a comment - 21/Apr/07 11:17 AM

Closing all issues created in 2005 and before which are marked resolved