mmh. I don't know why this is happening. I will take a look at it. -- Humberto
> -----Original Message----- > From: Thomas Vandahl [mailto:[EMAIL PROTECTED] > Sent: Friday, March 21, 2003 9:19 AM > To: 'Turbine Users List' > Subject: LDAP again > > > Hi folks, > > well, I made it. I got LDAP authentication working with > Turbine 2.2 and > OpenLDAP. It works a little bit different than before but it works. I > even can set an AccessControlList from LDAP attributes of my > choice. If > anyone is interested, I can provide the fixes as soon as I am > satisfied > with the results (RSN!). > > Now, here is the question: The authenticate() method of > LDAPUserManager > completes sucessfully if the password is *empty*. It fails (as > expected), if the password is wrong. It suceeds, if the password is > correct. The key lines are probably (from bind()) > > env.put(Context.SECURITY_AUTHENTICATION, "simple"); > env.put(Context.SECURITY_PRINCIPAL, username); > env.put(Context.SECURITY_CREDENTIALS, password); > > ctx = new javax.naming.directory.InitialDirContext(env); > > username is the DN like in "cn=John Doe,o=Dufftown Destilleries,c=UK" > > I can solve this with Intake so that an empty password is > rejected, but > I am curious. What goes wrong here? > > Bye, Thomas. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
