You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2013/02/14 14:50:14 UTC

[jira] [Commented] (DIRSERVER-1803) When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can bind freely

    [ https://issues.apache.org/jira/browse/DIRSERVER-1803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13578366#comment-13578366 ] 

Emmanuel Lecharny commented on DIRSERVER-1803:
----------------------------------------------

The reason is that we try to get the Authenticators related to the authent level required (Simple, Strong - for SASL - or anonymous), and if we find none, we delegate to the nexus :

AuthenticatorInterceptor :

        Collection<Authenticator> authenticators = getAuthenticators( level );

        if ( authenticators == null )
        {
            LOG.debug( "No authenticators found, delegating bind to the nexus." );

            // as a last resort try binding via the nexus
            next( bindContext );

BaseInterceptor :

        public void bind( BindOperationContext bindContext ) throws LdapException
        {
            // Do nothing here : there is no support for the Bind operation in Partition
        }

and we are connected... This is seriously WRONG.
                
> When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can bind freely
> -------------------------------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1803
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1803
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0-M10
>            Reporter: Emmanuel Lecharny
>            Priority: Blocker
>             Fix For: 2.0.0-M11
>
>
> Disable the SimpleAuthenticator, do a SIMPLE bind with a user and a password which don't exist on theserver : you get connected !
> dn: aaa=b
> pwd : azerty
> Connected !

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira