You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2013/02/14 14:50:14 UTC
[jira] [Commented] (DIRSERVER-1803) When the SimpleAuthenticator is
disabled, and the auth level is set to SIMPLE, we can bind freely
[ https://issues.apache.org/jira/browse/DIRSERVER-1803?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13578366#comment-13578366 ]
Emmanuel Lecharny commented on DIRSERVER-1803:
----------------------------------------------
The reason is that we try to get the Authenticators related to the authent level required (Simple, Strong - for SASL - or anonymous), and if we find none, we delegate to the nexus :
AuthenticatorInterceptor :
Collection<Authenticator> authenticators = getAuthenticators( level );
if ( authenticators == null )
{
LOG.debug( "No authenticators found, delegating bind to the nexus." );
// as a last resort try binding via the nexus
next( bindContext );
BaseInterceptor :
public void bind( BindOperationContext bindContext ) throws LdapException
{
// Do nothing here : there is no support for the Bind operation in Partition
}
and we are connected... This is seriously WRONG.
> When the SimpleAuthenticator is disabled, and the auth level is set to SIMPLE, we can bind freely
> -------------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-1803
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1803
> Project: Directory ApacheDS
> Issue Type: Bug
> Affects Versions: 2.0.0-M10
> Reporter: Emmanuel Lecharny
> Priority: Blocker
> Fix For: 2.0.0-M11
>
>
> Disable the SimpleAuthenticator, do a SIMPLE bind with a user and a password which don't exist on theserver : you get connected !
> dn: aaa=b
> pwd : azerty
> Connected !
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira