directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r1021677 - in /websites/staging/directory/trunk/content: ./ api/user-guide/5.3-aci-and-acls.html api/user-guide/5.3-sasl-bind.html
Date Sun, 03 Dec 2017 20:07:06 GMT
Author: buildbot
Date: Sun Dec  3 20:07:06 2017
New Revision: 1021677

Staging update by buildbot for directory

    websites/staging/directory/trunk/content/   (props changed)

Propchange: websites/staging/directory/trunk/content/
--- cms:source-revision (original)
+++ cms:source-revision Sun Dec  3 20:07:06 2017
@@ -1 +1 @@

Modified: websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html
--- websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html (original)
+++ websites/staging/directory/trunk/content/api/user-guide/5.3-sasl-bind.html Sun Dec  3
20:07:06 2017
@@ -198,6 +198,30 @@ h2:hover > .headerlink, h3:hover > .head
 <p>Note that in <em>Java 9</em>, those mechanisms are spread in two different
providers, the <em>GSSAPI</em> mechanism being handled by the <em>JdkSASL</em>
 <p>We currently don't support any other provider.</p>
+<h2 id="sasl-bind-handling">SASL Bind handling<a class="headerlink" href="#sasl-bind-handling"
title="Permanent link">&para;</a></h2>
+<p>The <em>SASL</em> framework may require more than one <em>BindRequest</em>/<em>BindResponse</em>
to be exchanched, as ther server may need more information from the client.  The client must
be ready to deal with such situation, by controling the resturned result : <em>SASL_BIND_IN_PROGRESS</em>
means more is required.</p>
+<p>In any case, the client must send a first <em>BindRequest</em> with
the proper information. We have dedicated methods to do so, based on the <em>SASL</em>
mechanism to use :</p>
+<li>bindSaslPlain() : <em>PLAIN</em> mechanism</li>
+<li>bindSaslCramMd5() : <em>CRAM-MD5</em> mechanism</li>
+<li>bindSaslDigestMd5() : <em>DIGEST-MD5</em> mechanism</li>
+<li>bindSaslGssApi() : <em>GSSAPI</em> mechanism</li>
+<li>bindSaslExternal() : <em>EXTERNAL</em> mechaism</li>
+<p>We don't support the <em>SASL</em> <em>ANONYMOUS</em> mechanism.</p>
+<p>There is also a more generic method that anyone can use with any mechanism, assuming
we have a class implementing it :</p>
+<li>bindSasl( Saslrequest )</li>
+<p>It's just about using an instance of a class extending the <em>SaslRequest</em>
+<p>Here is an example of a <em>SASL</em> bind, where we assume we have
an entry which <em>uid</em> is "hnelson", and a <em>userPassword</em>
which is "secret" (note that the password must be in clear text in the server) :</p>
+<div class="codehilite"><pre>    <span class="n">LdapNetworkConnection</span>
<span class="n">connection</span> <span class="o">=</span> <span
class="k">new</span> <span class="n">LdapNetworkConnection</span><span
class="o">(</span> <span class="n">Network</span><span class="o">.</span><span
class="na">LOOPBACK_HOSTNAME</span><span class="o">,</span> <span
class="n">getLdapServer</span><span class="o">().</span><span class="na">getPort</span><span
class="o">()</span> <span class="o">);</span>
+    <span class="n">BindResponse</span> <span class="n">resp</span>
<span class="o">=</span> <span class="n">connection</span><span
class="o">.</span><span class="na">bindSaslCramMd5</span><span class="o">(</span>
<span class="s">&quot;hnelson&quot;</span><span class="o">,</span>
<span class="s">&quot;secret&quot;</span> <span class="o">);</span>
+    <span class="n">assertEquals</span><span class="o">(</span> <span
class="n">ResultCodeEnum</span><span class="o">.</span><span class="na">SUCCESS</span><span
class="o">,</span> <span class="n">resp</span><span class="o">.</span><span
class="na">getLdapResult</span><span class="o">().</span><span class="na">getResultCode</span><span
class="o">()</span> <span class="o">);</span>
 <h2 id="rfcs">RFCs<a class="headerlink" href="#rfcs" title="Permanent link">&para;</a></h2>
 <p>Here are the list of RFCs related to <em>SASL</em>:</p>
 <p><img alt="" src="../../images/icons/information.gif" /> : Informational</p>

View raw message