You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by el...@apache.org on 2017/12/03 20:06:34 UTC

svn commit: r1817051 - in /directory/site/trunk/content/api/user-guide: 5.3-aci-and-acls.mdtext 5.3-sasl-bind.mdtext

Author: elecharny
Date: Sun Dec  3 20:06:34 2017
New Revision: 1817051

URL: http://svn.apache.org/viewvc?rev=1817051&view=rev
Log:
Deleted a wrong page, updated the SASL bind page

Removed:
    directory/site/trunk/content/api/user-guide/5.3-aci-and-acls.mdtext
Modified:
    directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext

Modified: directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext?rev=1817051&r1=1817050&r2=1817051&view=diff
==============================================================================
--- directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext (original)
+++ directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext Sun Dec  3 20:06:34 2017
@@ -40,6 +40,37 @@ Note that in *Java 9*, those mechanisms
 
 We currently don't support any other provider.
 
+## SASL Bind handling
+
+The *SASL* framework may require more than one *BindRequest*/*BindResponse* to be exchanched, as ther server may need more information from the client.  The client must be ready to deal with such situation, by controling the resturned result : *SASL_BIND_IN_PROGRESS* means more is required.
+
+In any case, the client must send a first *BindRequest* with the proper information. We have dedicated methods to do so, based on the *SASL* mechanism to use :
+
+* bindSaslPlain() : *PLAIN* mechanism
+* bindSaslCramMd5() : *CRAM-MD5* mechanism
+* bindSaslDigestMd5() : *DIGEST-MD5* mechanism
+* bindSaslGssApi() : *GSSAPI* mechanism
+* bindSaslExternal() : *EXTERNAL* mechaism
+
+We don't support the *SASL* *ANONYMOUS* mechanism.
+
+There is also a more generic method that anyone can use with any mechanism, assuming we have a class implementing it :
+
+* bindSasl( Saslrequest )
+
+It's just about using an instance of a class extending the *SaslRequest* interface.
+
+
+Here is an example of a *SASL* bind, where we assume we have an entry which *uid* is "hnelson", and a *userPassword* which is "secret" (note that the password must be in clear text in the server) :
+
+    :::java
+        LdapNetworkConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME, getLdapServer().getPort() );
+
+        BindResponse resp = connection.bindSaslCramMd5( "hnelson", "secret" );
+        assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
+
+
+
 ## RFCs
 
 Here are the list of RFCs related to *SASL*: