[
http://issues.apache.org/jira/browse/DIRSERVER-605?page=comments#action_12372481
]
Endi S. Dewata commented on DIRSERVER-605:
------------------------------------------
Hi Alex,
The "LDAP Client" tests were performed using Novell's JLDAP library without
explicit bind. This should be possible under LDAP v3. As you can see in the
attached program, the test case goes like this:
LDAPConnection connection = new LDAPConnection();
connection.connect("localhost", 10389);
LDAPSearchResults results = connection.search("", LDAPConnection.SCOPE_BASE,
"(objectClass=*)", new String[0], false);
Here is the Javadoc of LDAPConnection class:
https://svn.safehaus.org/repos/penrose/trunk/docs/ietf/org/ietf/ldap/LDAPConnection.html
In the "V2 LDAP Client" it calls bind() before calling search():
connection.bind(2, null, null); // bind anonymously
The same thing is done in "V3 LDAP Client" tests.
Now the issues are:
1. In the 0.9.3 results (which I incorrectly marked as 1.0-RC1) when
allowAnonymousAccess=true everything passed. However when
allowAnonymousAccess=false some test cases passed and some failed. Granted that
0.9.3 is an old code and not being maintained anymore, this is probably a bug
but ok if not fixed.
2. In the 1.1 results when allowAnonymousAccess=true only V2 test cases failed.
While Root DSE is only defined in LDAPv3, I don't think it limits V2 clients to
query Root DSE. Also, V2 clients were already supported in 0.9.3, why not
support it in 1.1?
3. In the 1.1 results when allowAnonymousAccess=false, all V2 clients failed,
also "V3 JNDI Client" and "LDAP Client (no bind)" failed. The
allowAnonymousAccess parameter is not defined in any RFC. To my understanding
when it's set to false it could mean:
- reject anonymous access except to Root DSE, or
- reject all anonymous acces including Root DSE.
However, none of these definitions can describe the test results. What is the
real definition for allowAnonymousAccess?
Thank you very much!
Endi
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Type: Bug
> Components: core
> Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Attachments: AnonymousAccessTest.java
>
> Searching the Root DSE as an anonymous user using different clients produces
> inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP
> client (http://www.openldap.org/jldap). Please the notes in the attached test
> case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
