Hi, Directory developers,
I'm trying to get the kerbero-client working, to replace JAAS and to
get some integration tests live for SASL GSSAPI. I found the
following problem trying to get SASL GSSAPI working in 'bigbang'. The
problem is that in the findPrincipal# method of DefaultBindHandler, an
LdapPrincipal is created to do an internal bind to the backend.
However, this bind is rejected because the name must be normalized
(see exception). FWIW, I noticed ServerDNConstants has a String
constant for the normalized name. Can this be used to "shotgun"
create a normalized admin principal?
What is the recommended way to bind to the directory service internally?
The code where the bind is attempted (in DefaultBindHandler):
...
LdapPrincipal principal = new LdapPrincipal(
new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN
), AuthenticationLevel.SIMPLE );
ctx = ldapServer.getDirectoryService().getJndiContext(
principal, ldapServer.getSearchBaseDn() );
...
The resulting exception (which is swallowed, BTW):
java.lang.IllegalStateException: Names used for principals must be normalized!
at
org.apache.directory.server.core.authn.LdapPrincipal.<init>(LdapPrincipal.java:72)
at
org.apache.directory.server.ldap.support.DefaultBindHandler.findPrincipal(DefaultBindHandler.java:514)
at
org.apache.directory.server.ldap.support.DefaultBindHandler.getSubject(DefaultBindHandler.java:469)
at
org.apache.directory.server.ldap.support.DefaultBindHandler.handleSaslAuth(DefaultBindHandler.java:317)
at
org.apache.directory.server.ldap.support.DefaultBindHandler.bindMessageReceived(DefaultBindHandler.java:727)
at
org.apache.directory.server.ldap.support.BindHandler.messageReceived(BindHandler.java:48)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:141)
...
Enrique
