Le 4/24/13 6:00 PM, Emmanuel Lecharny a écrit : > hi guys, > > I was wondering if it makes sense at all to process the bind operation > through the interceptirs ? currently, we process it in the authn > interceptor, all the other interceptors just ignore the operation. Why > don't we handle this op in the bind handler ? >
Let me explain a but further why I'm suggesting that (as I can now use a computer, and not a mobile phone...) Right now, a Bind is just a logical process that does not access the backend (ie, there is no Bind operation done on any partition). Basically, it's all about fetching the user's entry from the provided DN, and compare the password in it with the provided password. For external bind, it may be more ocmplex but again, it does not involve the partitions. The thing is we have two interceptors implementing the bind() operation : - NormalizationInterceptor : it normalize the user's DN - AuthenticationInterceptor : This is where we process the authentication We don't need to process the Bind in the NormalizationInterceptor, the DN is already normalized (actually, I removed the implementation in this class. It works like a charm without it). So the question is really to know if we should not process the bind in the OperationManager, as it's the entry point for any operation done in the DirectoryService. It would not be the only operation that would hav some pre-processing done in the OperationManager : for the add, compare, delete, modify, move, moveAndRename, rename, search operations, we pre-process referrals. That would also make the addition of new authenticator easier, as they will not depend on the AuthenticatorInterceptor configuration to be added : we can associate them to the DirectoryService configuration instead. so wdyt ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
