[ https://issues.apache.org/jira/browse/KARAF-4486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15236157#comment-15236157 ]
Guillaume Nodet commented on KARAF-4486: ---------------------------------------- I think your PR will break some existing configuration because getAuthentication() returns "simple" if it's not set explicitly. This means that if we don't have the {{connection.username}} and {{authentication}} properties, the {{java.naming.security.authentication}} property should not be set. What about something like: {code} diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java index a173b3e..3342636 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java @@ -144,9 +144,15 @@ public class LDAPOptions { env.put(Context.INITIAL_CONTEXT_FACTORY, getInitialContextFactory()); env.put(Context.PROVIDER_URL, getConnectionURL()); if (getConnectionUsername() != null && getConnectionUsername().trim().length() > 0) { - env.put(Context.SECURITY_AUTHENTICATION, getAuthentication()); + String auth = getAuthentication(); + if (auth == null) { + auth = DEFAULT_AUTHENTICATION; + } + env.put(Context.SECURITY_AUTHENTICATION, auth); env.put(Context.SECURITY_PRINCIPAL, getConnectionUsername()); env.put(Context.SECURITY_CREDENTIALS, getConnectionPassword()); + } else if (getAuthentication() != null) { + env.put(Context.SECURITY_AUTHENTICATION, getAuthentication()); } if (getSsl()) { setupSsl(env); @@ -202,11 +208,7 @@ public class LDAPOptions { } public String getAuthentication() { - String authentication = (String) options.get(AUTHENTICATION); - if (authentication == null) { - authentication = DEFAULT_AUTHENTICATION; - } - return authentication; + return (String) options.get(AUTHENTICATION); } public boolean getSsl() { {code} > LDAPOptions sets Context.SECURITY_AUTHENTICATION only if username is provided > ----------------------------------------------------------------------------- > > Key: KARAF-4486 > URL: https://issues.apache.org/jira/browse/KARAF-4486 > Project: Karaf > Issue Type: Bug > Components: karaf-security > Affects Versions: 4.0.4 > Reporter: Alexandre Cartapanis > > In the LDAPOptions#getEnv, the Context.SECURITY_AUTHENTICATION is sets only > if a connectionUsername is provided. This prevent using "no username" > authentication like GSSAPI. > See > https://github.com/apache/karaf/blob/master/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/ldap/LDAPOptions.java#L147 -- This message was sent by Atlassian JIRA (v6.3.4#6332)