...
Limitations of the example
...
This example is intended as a demonstration, on how to write your custom interceptor. Don't consider it bullet proof. It has not been tested under production conditions, etc.
At least the following limitation should be mentioned
- The default hash algorithm MD5 is considered weak.
- Exception handling is poor. E.g. is someone configures an unsupported hash algorithm, the interceptor fails to create an appropriate LDAP error.
- If a multivalued password attribute is used, the interceptor will simply ignore that fact (does not apply to userPassword as of RFC 2256)