directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: Connection : Simple Bind operation
Date Thu, 11 Feb 2010 19:16:38 GMT
On 2/11/10 7:59 PM, Stefan Seelmann wrote:
> Emmanuel Lecharny wrote:
>> In any case, the password is an Octet String, ie a byte[]. The user 
>> is always a DN when doing a simple bind.
> At least to Active Directory you can bind with a username like 
> user@DOMAIN. So the API should allow a non-DN user.
Bloody M$ !!! Yeah, you are right. Then the bind( String, String/byte[]) 
should not check that the user is a valid DN.
>> Some last consideration : if we are to support asynchronous 
>> operations, then we need to make this explicit.
>> I suggest we keep it simple from the user pov, considering that :
>> - users will mainly do synchronous operations
>> - anonymous bind must be easy to code
> what if the user forgets to call a "bind" method but just calls 
> another operation? Should we check that at the client? Should we do an 
> implicit anyonymous bind?
This is perfectly valid. You can do a straight search() without having 
done a previous bind() : the server should assume that it's an anonymous 
>> - we want to make it explicit that the async mode is used
>> - and we don't want zillion of methods.
>> So every method bind(...) will have a equivalent async method 
>> bindAsync(), the anonymous bind will be a bind() method without 
>> parameters, the password can be either a String or a byte[], and the 
>> user can be either a String or a DN :
>> synchronous :
>> * bind()  anonymous bind
>> * bind( String userDN, String password ): simple bind (if the 
>> password is null, this will be the unauthenticated bind)
>> * bind( String userDN, String password )
>> * bind( DN userDN, String password )
>> * bind( String userDN, byte[] password )
>> * bind( DN userDN, byte[] password )
>> * bind( BindRequest )
> I'm not sure if we really need the variants with a byte[] password. 
> The user has to type in the password somewhere, so in most cases the 
> password is a string. If the user really wants to do it s/he must use 
> a BindRequest.
That's an option, sure. In some case, the password can also be a binary 
value the user won't type (like with fingerprints, for instance). You 
have so many cool devices out there those days !!!
>> asynchronous :
>> * bindAsync()  anonymous bind
>> * bindAsync( String userDN, String password ): simple bind (if the 
>> password is null, this will be the unauthenticated bind)
>> * bindAsync( String userDN, String password )
>> * bindAsync( DN userDN, String password )
>> * bindAsync( String userDN, byte[] password )
>> * bindAsync( DN userDN, byte[] password )
>> * bindAsync( BindRequest )
> Is there some handle returned by the async methods?
Yes, you get back a Future.

Emmanuel L├ęcharny

View raw message