Home > Articles

Writing an Authentication Plug-in for a Sun ONE Directory Server

  • Print
  • + Share This
The Sun ONE Directory Server has an advanced application program interface (API) for writing plug-ins that extend the directory server's functionality. In this article, information is provided for a better understanding of the tasks involved in writing a plug-in. The impact and benefit plug-ins can provide to the directory server is explained. In addition, a sample preoperation plug-in is provided.
Like this article? We recommend

Writing an Authentication Plug-in for a Sun™ ONE Directory Server

There are several reasons that the Sun™ ONE Directory Server is one of Sun's most popular products. Primarily, some of the most important features of the directory server have been implemented as plug-ins to have better code decoupling. This is the case for CoS, roles, ACL, replication, chaining, and the like. In addition, the directory server's performance capabilities, scalability, and robustness, as well as its extensibility, mainly provided by the plug-in interface. Plug-ins are a common architectural solution for adding new features in a standard, well documented, and maintainable way, and the plug-in interface is part of the supported product. The Sun ONE Directory Server plug-in mechanism is so well integrated with the server that numerous key features such as matching rules, syntax checking, authentication, password storage, and replication are provided by corresponding plug-ins. To give you an idea of how plug-ins are relevant to the server, the last version of the directory server shipped with no less than 30 standard plug-ins.

This Sun BluePrints™ OnLine article focuses on writing an authentication plug-in that overrides the standard bind-based authentication, using, instead, a common crypt/password mechanism (the well-known UNIX authentication method). In this article, we provide information to help you better understand the tasks involved in writing a plug-in, we explain the impact and benefit plug-ins can provide to the directory server, and we describe the type of plugin we write in this article, preoperation plug-in. While the Sun ONE Directory Server 5.2 includes a new, substantially redesigned plug-in application programming interface (API), this article addresses the functionality of the Sun ONE Directory Server 5.1 and its related plug-in API.

This article contains the following sections:

  • "Deciding Whether to Write a Plug-in" on page 2

  • "Types of Plug-ins" on page 3

  • "Working in the Plug-in Application Program Interface" on page 4

  • "Authentication in the Directory Server" on page 6

  • "UNIX Authentication Plug-in" on page 7

  • "Testing the Plug-in" on page 16

NOTE

It is important to note that the use of the plug-in API by customers is not supported by Sun. While the API and its functions have been used successfully within Sun, it is being documented for the first time with the Sun ONE Directory Server version 5.2.

  • + Share This
  • 🔖 Save To Your Account