InMemoryDirectoryServer Supports GSSAPI Authentication

[Sam Leong]

I have an enviornment that has setup up two Windows Active Directory Servers(two forests) and they have two ways trusted. I've also implemented a client by using Java JNDI GSSAPI(Kerberos) to authenticate to the forests; everything is cool.

Now I'm working on my unit test cases and found UnboundID LDAP SDK supports a in-memory LDAP server that could handle SASL request. I'm able to find many examples for creating the server with 'simple' authenticate. However, I'm not able to find any examples that creates the in-memory server with GSSAPI authentication.

From Java doc, I know that I may need to implemente InMemorySASLBindHandler, I'd like to ask if anyone can share some sample code to get me started.

[Neil Wilson]

You are correct that you need to create a custom InMemorySASLBindHandler. There is a PLAINBindHandler class included with the LDAP SDK, but creating something like this for GSSAPI would be much substantially more involved. You need to use a SaslServer, and there's a good amount of work involved with that for GSSAPI.

However, to provide another example, I went ahead and created an InMemorySASLBindHandler that can be used for CRAM-MD5 that does use a SaslServer. I don't want to put it in the LDAP SDK, because CRAM-MD5 is obsolete and shouldn't be used, but it's still useful for demonstrating the process. You can find that code at https://github.com/dirmgr/in-memory-cram-md5-handler-example