You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2014/03/04 18:25:56 UTC
svn commit: r900010 - in /websites/staging/directory/trunk/content: ./
apacheds/basic-ug/3.1-authentication-options.html
Author: buildbot
Date: Tue Mar 4 17:25:56 2014
New Revision: 900010
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Mar 4 17:25:56 2014
@@ -1 +1 @@
-1574140
+1574142
Modified: websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html
==============================================================================
--- websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html (original)
+++ websites/staging/directory/trunk/content/apacheds/basic-ug/3.1-authentication-options.html Tue Mar 4 17:25:56 2014
@@ -366,7 +366,7 @@ Furthermore, if someone gets an LDIF fil
<h3 id="enabledisable-anonymous-binds">Enable/disable anonymous binds</h3>
<p>Anonymous access is enabled by default. Changing this is one of the basic configuration tasks (see <a href="1.4.5-anonymous-access.html">1.4.5 - Enable and disable anonymous access</a>).</p>
<h3 id="example-server-behavior-with-anonymous-binds-disabled">Example: Server behavior with anonymous binds disabled</h3>
-<p>Assume anonymous binds are disabled and our sample partition <em>Seven Seaes</em> present in the server. Here is an example with a search operation performed by a command line tool as a client. It tries to connect anonymously (no DN and password given, i.e. options -D and -w missing) to the server. Afterwards the entry <em>ou=people,o=sevenSeas</em> should be displayed.</p>
+<p>Assume anonymous binds are disabled and our sample partition <em>Seven Seas</em> present in the server. Here is an example with a search operation performed by a command line tool as a client. It tries to connect anonymously (no DN and password given, i.e. options -D and -w missing) to the server. Afterwards the entry <em>ou=people,o=sevenSeas</em> should be displayed.</p>
<p>See the command and the resulting error message provided by the server below </p>
<div class="codehilite"><pre>$ <span class="n">ldapsearch</span> <span class="o">-</span><span class="n">h</span> <span class="n">zanzibar</span> <span class="o">-</span><span class="n">p</span> 10389 <span class="o">-</span><span class="n">b</span> "<span class="n">ou</span><span class="p">=</span><span class="n">people</span><span class="p">,</span><span class="n">o</span><span class="p">=</span><span class="n">sevenSeas</span>" <span class="o">-</span><span class="n">s</span> <span class="n">one</span> "<span class="p">(</span><span class="n">objectclass</span><span class="p">=</span><span class="o">*</span><span class="p">)</span>"
<span class="n">ldap_search</span><span class="p">:</span> <span class="n">Insufficient</span> <span class="n">access</span>
@@ -388,7 +388,7 @@ Furthermore, if someone gets an LDIF fil
<h3 id="other-clients">Other clients</h3>
<p>The examples above have used a command line tool. Of course graphical tools and programmatical access (JNDI etc.) allow anonymous binds as well. Below is a screen shot from the configuration dialog of <a href="http://directory.apache.org/studio/">Apache Directory Studio</a> as an example. During configuration of the connection data ("New LDAP Connection", for instance), the option <em>Anonymous Authentication</em> leads to anonymous binds. Other UI tools offer this feature as well.</p>
-<p><img alt="Authentication options" src="authentication-options-ls.png" /></p>
+<p><img alt="Authentication options" src="images/authentication-options-ls.png" /></p>
<DIV class="note" markdown="1">
**Use this feature wisely**
@@ -397,7 +397,7 @@ With anonymous access enabled it is not
<h2 id="how-to-authenticate-a-user-by-uid-and-password">How to authenticate a user by uid and password?</h2>
<p>If you want to use simple binds with user DN and password within a Java component, in order to authenticate users programatically, in practice one problem arises: Most users do not know their DN. Therefore they will not be able to enter it. And even if they know it, it would be frequently very laborious due to the length of the DN. It would be easier for a user if s/he only has to probvide a short, unique <em>ID</em> and the password, like in this web form</p>
-<p><img alt="Confluence Logon" src="confluence-logon.png" /></p>
+<p><img alt="Confluence Logon" src="images/confluence-logon.png" /></p>
<p>Usually the ID is an attribute within the user's entry. In our sample data (Seven Seas), each user entry contains the <em>uid</em> attribute, for instance uid=hhornblo for Captain Hornblower:</p>
<div class="codehilite"><pre><span class="n">dn</span><span class="o">:</span> <span class="n">cn</span><span class="o">=</span><span class="n">Horatio</span> <span class="n">Hornblower</span><span class="o">,</span><span class="n">ou</span><span class="o">=</span><span class="n">people</span><span class="o">,</span><span class="n">o</span><span class="o">=</span><span class="n">sevenSeas</span>
<span class="n">objectclass</span><span class="o">:</span> <span class="n">person</span>
@@ -419,7 +419,7 @@ With anonymous access enabled it is not
<p>In order to accomplish this task programmatically, one option is to perform the following steps</p>
<h4 id="arguments">Arguments</h4>
<ul>
-<li><em>uid</em> of a user (e.g. "hhornblow")</li>
+<li><em>uid</em> of a user (e.g. "hhornblo")</li>
<li><em>password</em> proclaimed to be correct for the user</li>
</ul>
<h4 id="steps">Steps</h4>