Which command line arguments do you use?
admin admin? Or another user?
If this works:
env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "admin");
it should work for other users as well. No? Have you tried it out with
another user (for instance hard coded in the first place).
Nowhere wrote:
Hi, I found it works fine so:
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/";);
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "admin");
// Specify realm
env.put( "java.naming.security.sasl.realm", "example.com" );
// Request privacy protection
env.put( "javax.security.sasl.qop", "auth-conf" );
but I would like to perform a search and authenticate with the user found as
the following code shows:
ctx = new InitialDirContext(env);
// Step 2: Search the directory
String base = "dc=example,dc=com";
String filter = "(&(objectClass=inetOrgPerson)(uid={0}))";
SearchControls ctls = new SearchControls();
ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
ctls.setReturningAttributes(new String[0]);
ctls.setReturningObjFlag(true);
NamingEnumeration enm = ctx.search(base, filter, new String[] {
uid }, ctls);
String dn = null;
if (enm.hasMore()) {
SearchResult result = (SearchResult) enm.next();
dn = result.getNameInNamespace();
System.out.println("dn: "+dn);
}
if (dn == null || enm.hasMore()) {
// uid not found or not unique
throw new NamingException("Authentication failed");
}
// Step 3: Bind with found DN and given password
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
// Perform a lookup in order to force a bind operation with JNDI
ctx.lookup(dn);
System.out.println("Authentication successful");
It uses dn found, that isn't only cn. Can't I change this server beahoviur
and execute bind with full dn?
For more clarity I upload the entire java class.
Thanks in advance!
Nowhere wrote:
Hi, here I'm again...was I mistake of mine, It doesn't work with
DIGEST-MD5 (I left "simple" in my previous test) :(
I repeat the not working configuration:
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/";);
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=example,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "admin");
// Specify realm
env.put( "java.naming.security.sasl.realm", "example.com" );
// Request privacy protection
env.put( "javax.security.sasl.qop", "auth-conf" );
...
and I upload my server.xml, if it can help.
Any suggestion?
Nowhere wrote:
Hi all,
I don't know if this is the right place, but I have a problem connecting
my ApacheDS using DIGEST-MD5:
i wrote a simple java class that works fine with simple authentication.
Here it's:
public static void main(String[] args) throws NamingException {
if (args.length < 2) {
System.err.println("Usage: java AdvancedBindDemo <uid>
<password>");
System.exit(1);
}
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:10389/";);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=admin,dc=example,dc=com");
env.put(Context.SECURITY_CREDENTIALS, "admin");
...
But if a replace "env.put(Context.SECURITY_AUTHENTICATION, "simple")"
with env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5") and sends pwd
in clear or encrypted it sends me the following error:
[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
password
for cn=admin,dc=example,dc=com in realm : example.com]
I've tried (by Apache Studio ) to set password for
"cn=admin,dc=example,dc=com" both in clear text then using MD5..
What's wrong? Something in my server.xml? If you need it, let me knom!
I hope someone can help me, i'm a newbie in LDAP authentication!
Thanks in advance!
http://www.nabble.com/file/p22076693/server.xml server.xml
http://www.nabble.com/file/p22077027/AdvancedBindDemo.java
AdvancedBindDemo.java
