You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2017/12/03 20:07:06 UTC
svn commit: r1021677 - in /websites/staging/directory/trunk/content: ./
api/user-guide/5.3-aci-and-acls.html api/user-guide/5.3-sasl-bind.html
Author: buildbot
Date: Sun Dec 3 20:07:06 2017
New Revision: 1021677
Log:
Staging update by buildbot for directory
Removed:
websites/staging/directory/trunk/content/api/user-guide/5.3-aci-and-acls.html
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sun Dec 3 20:07:06 2017
@@ -1 +1 @@
-1816837
+1817051
Modified: websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html
==============================================================================
--- websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html Sun Dec 3 20:07:06 2017
@@ -198,6 +198,30 @@ h2:hover > .headerlink, h3:hover > .head
</ul>
<p>Note that in <em>Java 9</em>, those mechanisms are spread in two different providers, the <em>GSSAPI</em> mechanism being handled by the <em>JdkSASL</em> provider.</p>
<p>We currently don't support any other provider.</p>
+<h2 id="sasl-bind-handling">SASL Bind handling<a class="headerlink" href="#sasl-bind-handling" title="Permanent link">¶</a></h2>
+<p>The <em>SASL</em> framework may require more than one <em>BindRequest</em>/<em>BindResponse</em> to be exchanched, as ther server may need more information from the client. The client must be ready to deal with such situation, by controling the resturned result : <em>SASL_BIND_IN_PROGRESS</em> means more is required.</p>
+<p>In any case, the client must send a first <em>BindRequest</em> with the proper information. We have dedicated methods to do so, based on the <em>SASL</em> mechanism to use :</p>
+<ul>
+<li>bindSaslPlain() : <em>PLAIN</em> mechanism</li>
+<li>bindSaslCramMd5() : <em>CRAM-MD5</em> mechanism</li>
+<li>bindSaslDigestMd5() : <em>DIGEST-MD5</em> mechanism</li>
+<li>bindSaslGssApi() : <em>GSSAPI</em> mechanism</li>
+<li>bindSaslExternal() : <em>EXTERNAL</em> mechaism</li>
+</ul>
+<p>We don't support the <em>SASL</em> <em>ANONYMOUS</em> mechanism.</p>
+<p>There is also a more generic method that anyone can use with any mechanism, assuming we have a class implementing it :</p>
+<ul>
+<li>bindSasl( Saslrequest )</li>
+</ul>
+<p>It's just about using an instance of a class extending the <em>SaslRequest</em> interface.</p>
+<p>Here is an example of a <em>SASL</em> bind, where we assume we have an entry which <em>uid</em> is "hnelson", and a <em>userPassword</em> which is "secret" (note that the password must be in clear text in the server) :</p>
+<div class="codehilite"><pre> <span class="n">LdapNetworkConnection</span> <span class="n">connection</span> <span class="o">=</span> <span class="k">new</span> <span class="n">LdapNetworkConnection</span><span class="o">(</span> <span class="n">Network</span><span class="o">.</span><span class="na">LOOPBACK_HOSTNAME</span><span class="o">,</span> <span class="n">getLdapServer</span><span class="o">().</span><span class="na">getPort</span><span class="o">()</span> <span class="o">);</span>
+
+ <span class="n">BindResponse</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">connection</span><span class="o">.</span><span class="na">bindSaslCramMd5</span><span class="o">(</span> <span class="s">"hnelson"</span><span class="o">,</span> <span class="s">"secret"</span> <span class="o">);</span>
+ <span class="n">assertEquals</span><span class="o">(</span> <span class="n">ResultCodeEnum</span><span class="o">.</span><span class="na">SUCCESS</span><span class="o">,</span> <span class="n">resp</span><span class="o">.</span><span class="na">getLdapResult</span><span class="o">().</span><span class="na">getResultCode</span><span class="o">()</span> <span class="o">);</span>
+</pre></div>
+
+
<h2 id="rfcs">RFCs<a class="headerlink" href="#rfcs" title="Permanent link">¶</a></h2>
<p>Here are the list of RFCs related to <em>SASL</em>:</p>
<p><img alt="" src="../../images/icons/information.gif" /> : Informational</p>