[
https://issues.apache.org/jira/browse/DIRSERVER-1217?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12620107#action_12620107
]
Alex Karasulu commented on DIRSERVER-1217:
------------------------------------------
* NOTE: if this is done then this handler should extend the
* a modified form of the SingleReplyRequestHandler so it can
* detect conditions where ancestors of the DN are referrals
* and delegate appropriately.
> Binds with referrals can be used for delegated authentication
> -------------------------------------------------------------
>
> Key: DIRSERVER-1217
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1217
> Project: Directory ApacheDS
> Issue Type: New Feature
> Reporter: Alex Karasulu
> Fix For: 1.5.5
>
>
> It's possible to perform delegated authentication by handling referral
> chasing in the server on bind operations. This could be a new external
> authentication mechanism. If a bind request using a principalDn represents a
> referral or does not exist but has a referral at some ancestor in the DN then
> the server can delegate the authentication to the target server. If the
> target server referrenced in the ref attribute authenticates the user then
> ApacheDS accepts the user as authenticated.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
