According to the LDAP FAQ when Context.SECURITY_CREDENTIALS is empty then
JNDI does not authentication. Here is the complete answer:
Why does the LDAP provider ignore my security environment properties if I do
not set the
Context.SECURITY_CREDENTIALS>("java.naming.security.credentials") property
or set it to the empty string?
If you supply an empty string, an empty byte array, or null to the
Context.SECURITY_CREDENTIALS environment property, anonymous bind will occur
regardless of the setting of the other security-related environment
properties. This is because the LDAP requires the password to be nonempty
for doing any type of authentication; if a password is not supplied, it
automatically converts the authentication to "none".
--
Humberto
> -----Original Message-----
> From: Humberto Hernandez Torres [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 24, 2003 10:35 AM
> To: Turbine Users List
> Subject: RE: LDAP again
>
>
> mmh. I don't know why this is happening. I will take a look at it.
> --
> Humberto
>
> > -----Original Message-----
> > From: Thomas Vandahl [mailto:[EMAIL PROTECTED]
> > Sent: Friday, March 21, 2003 9:19 AM
> > To: 'Turbine Users List'
> > Subject: LDAP again
> >
> >
> > Hi folks,
> >
> > well, I made it. I got LDAP authentication working with
> > Turbine 2.2 and
> > OpenLDAP. It works a little bit different than before but
> it works. I
> > even can set an AccessControlList from LDAP attributes of my
> > choice. If
> > anyone is interested, I can provide the fixes as soon as I am
> > satisfied
> > with the results (RSN!).
> >
> > Now, here is the question: The authenticate() method of
> > LDAPUserManager
> > completes sucessfully if the password is *empty*. It fails (as
> > expected), if the password is wrong. It suceeds, if the password is
> > correct. The key lines are probably (from bind())
> >
> > env.put(Context.SECURITY_AUTHENTICATION, "simple");
> > env.put(Context.SECURITY_PRINCIPAL, username);
> > env.put(Context.SECURITY_CREDENTIALS, password);
> >
> > ctx = new javax.naming.directory.InitialDirContext(env);
> >
> > username is the DN like in "cn=John Doe,o=Dufftown
> Destilleries,c=UK"
> >
> > I can solve this with Intake so that an empty password is
> > rejected, but
> > I am curious. What goes wrong here?
> >
> > Bye, Thomas.
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
