Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.4
    • Fix Version/s: 2.0.0-M13
    • Component/s: core
    • Labels:
      None

      Description

      Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with the settings I noticed this option:
      <simpleMechanismHandler mech-name="SIMPLE"/>
      under the saslMechanismHandlers header. So, I assumed that, based on the name, one is to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl plain authentication can be deactivated. After commenting the above mentioned setting, SASL PLAIN is no longer mentioned in "supportedSASLMechanisms" and if one attempts to use it, a javax.naming.AuthenticationNotSupportedException is what one gets. Unfortunately, if one tries to use SIMPLE as an authentication mechanism, the bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009). This can be fixed by adding a typical is/set pair for a boolean value, just like the case for anonymous access, in org.apache.directory.server.core.DirectoryService.java, making a check when authenticate() is called in org.apache.directory.server.core.SimpleAuthenticator and adding the relevant setting to defaultDirectoryService in server.xml. Did this myself, seems to work as intended.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mfg8876 Andreas Kyrmegalos
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: