Got it, thanks Kiran
-----Original Message----- From: Kiran Ayyagari [mailto:[email protected]] Sent: Thursday, March 26, 2015 3:36 PM To: [email protected] Subject: Re: Adding user to Active Directory with Kerberos binding On Thu, Mar 26, 2015 at 9:30 PM, Karim Hosny <[email protected]> wrote: > > Let me rephrase my question. > > When I use SaslGssApi it means that I use Kerberos for authentication > to the LDAP server, now this authentication process doesn't it use a > secure connection or is it done in plain text? And if it does use > secure connection then I shouldn't call the method startTLS() to > create a secure layer right? > > it is performed on an insecured connection, and kerberos doesn't need > a secure connection > -----Original Message----- > From: Kiran Ayyagari [mailto:[email protected]] > Sent: Thursday, March 26, 2015 3:20 PM > To: [email protected] > Subject: Re: Adding user to Active Directory with Kerberos binding > > On Thu, Mar 26, 2015 at 9:06 PM, Karim Hosny <[email protected]> wrote: > > > > > > > Hi Kiran, > > > > I didn't get any errors im just not sure that the proper way to > > create a secure connection over kerberos authentication is calling > > the method startTLS. > > > > I tried to call startTLS after successful kerberos authentication > > and it worked fine, but is the proper way? Should SaslGssApi create > > the startTLS, I believe kerberos authentication requires creating a > > secure communication to transfer the tickets, correct? > > > > sorry this is a very vague question, can't explain about how you can > > use > kerberos here, > you need to do your homework on what you want to achieve and be > precise on where you are stuck, then it is easier to help if we can. > > > Karim > > -----Original Message----- > > From: Kiran Ayyagari [mailto:[email protected]] > > Sent: Thursday, March 26, 2015 12:40 PM > > To: [email protected] > > Subject: Re: Adding user to Active Directory with Kerberos binding > > > > On Thu, Mar 26, 2015 at 3:49 PM, Karim Hosny <[email protected]> wrote: > > > > > Hi, > > > > > > So I got the certificates working and apache Directory working > > > fine over secure connection using startTLS and im able to add > > > users, but I need also to bind using Kerberos and add users but it > > > fails when I try it, my guess it requires to call startTLS > > > probably, but from what I understood you either connect using > > > startTLS or saslGssApi > correct? > > > > > bind using SaslGssApiRequest , let us know what error you got > > > > > > > > How can I bind using kerberos and be able to perform secure > > > sensitive operations? > > > > > > Thanks, > > > Karim > > > > > > > > > > > > -- > > Kiran Ayyagari > > http://keydap.com > > > > > > -- > Kiran Ayyagari > http://keydap.com > -- Kiran Ayyagari http://keydap.com
