On Tue, Mar 11, 2014 at 4:38 PM, Andrew Hastie <[email protected]> wrote:
> Hi all. > > I am looking for some advice on the following topic and hoping someone out > there may have hit the same problem before: > > I'm experimenting with the API in an attempt to authenticate a > User+Password combination against an instance of MS Active Directory. My > problem occurs when I use the SASL Mechanism "DIGEST-MD5", and relates to > how I set the value for the SASL Realm. Here's an example of what I see: > > 1. I have a standard user account in the MS Active Directory. > 2. Say the Windows "Realm" is COMPANY1 and my userID is "somebody" > > If I set the UserID to "somebody" and the Realm to "COMPANY1", this works > OK. > If I set the UserID to "somebody" and the Realm to "company1", this works > OK. > But if set the UserID to "somebody" and the Realm to "Company1", the bind > request is rejected. > > looks like AD is rejecting the last realm name, check the server settings, LDAP API doesn't modify or make use of this value other than passing it to the server > I have read in several places that the Realm name when using > GSSAPI/Kerberos should be supplied in upper case, so I guess there must be > something connected with case sensitivity somewhere. > > realm names are case-sensitive (they need not be in upper case, but that is a general convention to distinguish from the DNS host names) > Is anyone able to shed any light as to where I am going wrong here? > > Thanks > Andrew > > -- Kiran Ayyagari http://keydap.com
