content/apacheds/advanced-ug/4.1.2.1-sasl-plain-text-authn.mdtext - directory-site - Git at Google

 Title: 4.1.2.1 SASL PLAIN Authentication
 NavPrev: 4.1.2-sasl-authn.html
 NavPrevText: 4.1.2 - SASL Authentication
 NavUp: 4.1.2-sasl-authn.html
 NavUpText: 4.1.2 - SASL Authentication
 NavNext: 4.1.2.2-sasl-cram-md5-authn.html
 NavNextText: 4.1.2.2 - SASL CRAM-MD5 Authentication
 Notice: Licensed to the Apache Software Foundation (ASF) under one
     or more contributor license agreements.  See the NOTICE file
     distributed with this work for additional information
     regarding copyright ownership.  The ASF licenses this file
     to you under the Apache License, Version 2.0 (the
     "License"); you may not use this file except in compliance
     with the License.  You may obtain a copy of the License at
     .
     http://www.apache.org/licenses/LICENSE-2.0
     .
     Unless required by applicable law or agreed to in writing,
     software distributed under the License is distributed on an
     "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     KIND, either express or implied.  See the License for the
     specific language governing permissions and limitations
     under the License.

 # 4.1.2.1 SASL PLAIN Authentication

 The **SASL PLAIN** authentication is most certainly useless, as one can already authenticate using the **Simple Bind**. However, it's still possible to issue a **SASL PLAIN** authentication on _ApacheDS_.

 The difference with a **Simple Bind** is that the user's name is not  **DN**, but a meaningful value that is stored into one of the user's entry Attributes.

 When the server receives a **SASL PLAIN** bind request, it will look for the first entry which **uid** is equal to the provided value, starting from the server **searchBaseDN** position in the DIT.

 <DIV class="note" markdown="1">
 ApacheDS expect the given name to be stored in the **UID** Attribute. This is not configurable in this version of the server.
 </DIV>

 <DIV class="note" markdown="1">
 ApacheDS does not yet support the authorization identity parameter.
 </DIV>
	Title: 4.1.2.1 SASL PLAIN Authentication
	NavPrev: 4.1.2-sasl-authn.html
	NavPrevText: 4.1.2 - SASL Authentication
	NavUp: 4.1.2-sasl-authn.html
	NavUpText: 4.1.2 - SASL Authentication
	NavNext: 4.1.2.2-sasl-cram-md5-authn.html
	NavNextText: 4.1.2.2 - SASL CRAM-MD5 Authentication
	Notice: Licensed to the Apache Software Foundation (ASF) under one
	or more contributor license agreements. See the NOTICE file
	distributed with this work for additional information
	regarding copyright ownership. The ASF licenses this file
	to you under the Apache License, Version 2.0 (the
	"License"); you may not use this file except in compliance
	with the License. You may obtain a copy of the License at
	.
	http://www.apache.org/licenses/LICENSE-2.0
	.
	Unless required by applicable law or agreed to in writing,
	software distributed under the License is distributed on an
	"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	KIND, either express or implied. See the License for the
	specific language governing permissions and limitations
	under the License.

	# 4.1.2.1 SASL PLAIN Authentication

	The SASL PLAIN authentication is most certainly useless, as one can already authenticate using the Simple Bind. However, it's still possible to issue a SASL PLAIN authentication on _ApacheDS_.

	The difference with a Simple Bind is that the user's name is not DN, but a meaningful value that is stored into one of the user's entry Attributes.

	When the server receives a SASL PLAIN bind request, it will look for the first entry which uid is equal to the provided value, starting from the server searchBaseDN position in the DIT.

	<DIV class="note" markdown="1">
	ApacheDS expect the given name to be stored in the UID Attribute. This is not configurable in this version of the server.
	</DIV>

	<DIV class="note" markdown="1">
	ApacheDS does not yet support the authorization identity parameter.
	</DIV>