Writing an Authentication Plug-in for a Sun ONE Directory Server
- Writing an Authentication Plug-in for a Sun· ONE Directory Server
- Deciding Whether to Write a Plug-in
- Types of Plug-ins
- Working in the Plug-in Application Program Interface
- Authentication in the Directory Server
- UNIX Authentication Plug-in
- Testing the Plug-in
- About the Author
- Related Resources
- Ordering Sun Documents
- Accessing Sun Documentation Online
Writing an Authentication Plug-in for a Sun™ ONE Directory Server
There are several reasons that the Sun™ ONE Directory Server is one of Sun's most popular products. Primarily, some of the most important features of the directory server have been implemented as plug-ins to have better code decoupling. This is the case for CoS, roles, ACL, replication, chaining, and the like. In addition, the directory server's performance capabilities, scalability, and robustness, as well as its extensibility, mainly provided by the plug-in interface. Plug-ins are a common architectural solution for adding new features in a standard, well documented, and maintainable way, and the plug-in interface is part of the supported product. The Sun ONE Directory Server plug-in mechanism is so well integrated with the server that numerous key features such as matching rules, syntax checking, authentication, password storage, and replication are provided by corresponding plug-ins. To give you an idea of how plug-ins are relevant to the server, the last version of the directory server shipped with no less than 30 standard plug-ins.
This Sun BluePrints™ OnLine article focuses on writing an authentication plug-in that overrides the standard bind-based authentication, using, instead, a common crypt/password mechanism (the well-known UNIX authentication method). In this article, we provide information to help you better understand the tasks involved in writing a plug-in, we explain the impact and benefit plug-ins can provide to the directory server, and we describe the type of plugin we write in this article, preoperation plug-in. While the Sun ONE Directory Server 5.2 includes a new, substantially redesigned plug-in application programming interface (API), this article addresses the functionality of the Sun ONE Directory Server 5.1 and its related plug-in API.
This article contains the following sections:
"Deciding Whether to Write a Plug-in" on page 2
"Types of Plug-ins" on page 3
"Working in the Plug-in Application Program Interface" on page 4
"Authentication in the Directory Server" on page 6
"UNIX Authentication Plug-in" on page 7
"Testing the Plug-in" on page 16
NOTE
It is important to note that the use of the plug-in API by customers is not supported by Sun. While the API and its functions have been used successfully within Sun, it is being documented for the first time with the Sun ONE Directory Server version 5.2.