Simple Authentication can not be disabled
-----------------------------------------
Key: DIRSERVER-1325
URL: https://issues.apache.org/jira/browse/DIRSERVER-1325
Project: Directory ApacheDS
Issue Type: Bug
Components: core
Affects Versions: 1.5.4
Reporter: Andreas Kyrmegalos
Priority: Minor
Recently upgraded to the 1.5 branch (1.5.4). Nice new feature set. While
fiddling with the settings I noticed this option:
<simpleMechanismHandler mech-name="SIMPLE"/>
under the saslMechanismHandlers header. So, I assumed that, based on the name,
one is to understand that (since SASL PLAIN and LDAP SIMPLE are a 1:1 match)
the ldap simple/sasl plain authentication can be deactivated. After commenting
the above mentioned setting, SASL PLAIN is no longer mentioned in
"supportedSASLMechanisms" and if one attempts to use it, a
javax.naming.AuthenticationNotSupportedException is what one gets.
Unfortunately, if one tries to use SIMPLE as an authentication mechanism, the
bind succeeds. This also holds true for the 1.5.5 trunk (as of 3/9/2009). This
can be fixed by adding a typical is/set pair for a boolean value, just like the
case for anonymous access, in
org.apache.directory.server.core.DirectoryService.java, making a check when
authenticate() is called in
org.apache.directory.server.core.SimpleAuthenticator and adding the relevant
setting to defaultDirectoryService in server.xml. Did this myself, seems to
work as intended.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
