directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1817051 - in /directory/site/trunk/content/api/user-guide: 5.3-aci-and-acls.mdtext 5.3-sasl-bind.mdtext
Date Sun, 03 Dec 2017 20:06:34 GMT
Author: elecharny
Date: Sun Dec  3 20:06:34 2017
New Revision: 1817051

URL: http://svn.apache.org/viewvc?rev=1817051&view=rev
Log:
Deleted a wrong page, updated the SASL bind page

Removed:
    directory/site/trunk/content/api/user-guide/5.3-aci-and-acls.mdtext
Modified:
    directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext

Modified: directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext?rev=1817051&r1=1817050&r2=1817051&view=diff
==============================================================================
--- directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext (original)
+++ directory/site/trunk/content/api/user-guide/5.3-sasl-bind.mdtext Sun Dec  3 20:06:34 2017
@@ -40,6 +40,37 @@ Note that in *Java 9*, those mechanisms
 
 We currently don't support any other provider.
 
+## SASL Bind handling
+
+The *SASL* framework may require more than one *BindRequest*/*BindResponse* to be exchanched,
as ther server may need more information from the client.  The client must be ready to deal
with such situation, by controling the resturned result : *SASL_BIND_IN_PROGRESS* means more
is required.
+
+In any case, the client must send a first *BindRequest* with the proper information. We have
dedicated methods to do so, based on the *SASL* mechanism to use :
+
+* bindSaslPlain() : *PLAIN* mechanism
+* bindSaslCramMd5() : *CRAM-MD5* mechanism
+* bindSaslDigestMd5() : *DIGEST-MD5* mechanism
+* bindSaslGssApi() : *GSSAPI* mechanism
+* bindSaslExternal() : *EXTERNAL* mechaism
+
+We don't support the *SASL* *ANONYMOUS* mechanism.
+
+There is also a more generic method that anyone can use with any mechanism, assuming we have
a class implementing it :
+
+* bindSasl( Saslrequest )
+
+It's just about using an instance of a class extending the *SaslRequest* interface.
+
+
+Here is an example of a *SASL* bind, where we assume we have an entry which *uid* is "hnelson",
and a *userPassword* which is "secret" (note that the password must be in clear text in the
server) :
+
+    :::java
+        LdapNetworkConnection connection = new LdapNetworkConnection( Network.LOOPBACK_HOSTNAME,
getLdapServer().getPort() );
+
+        BindResponse resp = connection.bindSaslCramMd5( "hnelson", "secret" );
+        assertEquals( ResultCodeEnum.SUCCESS, resp.getLdapResult().getResultCode() );
+
+
+
 ## RFCs
 
 Here are the list of RFCs related to *SASL*:



Mime
View raw message