Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Fixed
    • Affects Version/s: 1.5.4
    • Fix Version/s: 2.0.0-M13
    • Component/s: core
    • Labels:
      None

      Description

      Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with the settings I noticed this option:
      <simpleMechanismHandler mech-name="SIMPLE"/>
      under the saslMechanismHandlers header. So, I assumed that, based on the name, one is to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl plain authentication can be deactivated. After commenting the above mentioned setting, SASL PLAIN is no longer mentioned in "supportedSASLMechanisms" and if one attempts to use it, a javax.naming.AuthenticationNotSupportedException is what one gets. Unfortunately, if one tries to use SIMPLE as an authentication mechanism, the bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009). This can be fixed by adding a typical is/set pair for a boolean value, just like the case for anonymous access, in org.apache.directory.server.core.DirectoryService.java, making a check when authenticate() is called in org.apache.directory.server.core.SimpleAuthenticator and adding the relevant setting to defaultDirectoryService in server.xml. Did this myself, seems to work as intended.

        Activity

          People

          • Assignee:
            Unassigned
            Reporter:
            Andreas Kyrmegalos
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development