![]() ![]() ![]() ![]() |
Security |
Different versions of the LDAP support different types of authentication. The LDAP v2 defines three types of authentication: anonymous, simple (clear-text password), and Kerberos V4.The LDAP v3 supports anonymous, simple and SASL authentication. SASL is the Simple Authentication and Security Layer (RFC 2222). It specifies a challenge-response protocol in which data is exchanged between the client and the server for the purposes of authentication and establishment of a security layer on which to carry out subsequent communication. By using SASL, the LDAP can support any type of authentication agreed upon by the LDAP client and server.
This lesson contains descriptions of how to authenticate using anonymous, simple, and SASL authentication.
Specifying the Authentication Mechanism
The authentication mechanism is specified using the Context.SECURITY_AUTHENTICATION("java.naming.security.authentication") environment property. This property can have one of the following values:
sasl_mech - sasl_mech is a space-separated list of SASL mechanism names. Use one of the SASL mechanisms listed (e.g., CRAM-MD5 (RFC 2195) means to use the CRAM-MD5 SASL mechanism) none - use no authentication (anonymous) simple - use weak authentication (clear-text password) The Default Mechanism
If the client does not specify any authentication environment properties, the default authentication mechanism is none. The client will then be treated as an anonymous client.If the client specifies authentication information without explicitly specifying the Context.SECURITY_AUTHENTICATION property, the default authentication mechanism is simple.
![]() ![]() ![]() ![]() |
Security |