Description
Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While fiddling with the settings I noticed this option:
<simpleMechanismHandler mech-name="SIMPLE"/>
under the saslMechanismHandlers header. So, I assumed that, based on the name, one is to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match) the ldap simple/sasl plain authentication can be deactivated. After commenting the above mentioned setting, SASL PLAIN is no longer mentioned in "supportedSASLMechanisms" and if one attempts to use it, a javax.naming.AuthenticationNotSupportedException is what one gets. Unfortunately, if one tries to use SIMPLE as an authentication mechanism, the bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009). This can be fixed by adding a typical is/set pair for a boolean value, just like the case for anonymous access, in org.apache.directory.server.core.DirectoryService.java, making a check when authenticate() is called in org.apache.directory.server.core.SimpleAuthenticator and adding the relevant setting to defaultDirectoryService in server.xml. Did this myself, seems to work as intended.