Hi Stefan,
thanks for you interesting...
I can't say what is my command line...I don't understand what you mean,
sorry :(
Perhaps you mean java command line? I use: java AdvancedBindDemo fullname
inClearText where fullname exists on my server. If I change my code from:
---> // Step 3: Bind with found DN and given password
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
// Perform a lookup in order to force a bind operation with JNDI
ctx.lookup(dn); <------
TO:
---> // Step 3: Bind with found DN and given password
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, "fullname");
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
// Perform a lookup in order to force a bind operation with JNDI
ctx.lookup(dn); <---
Where I force cn I wish to use (and replace full dn) it works fine. With dn
I get the exception I said in previous post.
Anyway I can tell you it works for several users, yes... my problem is
getting it working with full dn and not only uid or cn...Sorry if I can't
explain it in a better way.
Thanks...any else question or help will be appreciated,
greetings :-)
Stefan Zoerner-2 wrote:
>
> Which command line arguments do you use?
> admin admin? Or another user?
>
> If this works:
>
> env.put(Context.SECURITY_PRINCIPAL, "admin");
> env.put(Context.SECURITY_CREDENTIALS, "admin");
>
> it should work for other users as well. No? Have you tried it out with
> another user (for instance hard coded in the first place).
>
>
> Nowhere wrote:
>> Hi, I found it works fine so:
>>
>> Hashtable env = new Hashtable();
>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>> env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/";);
>> env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>> env.put(Context.SECURITY_PRINCIPAL, "admin");
>> env.put(Context.SECURITY_CREDENTIALS, "admin");
>> // Specify realm
>> env.put( "java.naming.security.sasl.realm", "example.com" );
>>
>> // Request privacy protection
>> env.put( "javax.security.sasl.qop", "auth-conf" );
>>
>> but I would like to perform a search and authenticate with the user found
>> as
>> the following code shows:
>>
>> ctx = new InitialDirContext(env);
>>
>> // Step 2: Search the directory
>> String base = "dc=example,dc=com";
>> String filter = "(&(objectClass=inetOrgPerson)(uid={0}))";
>>
>> SearchControls ctls = new SearchControls();
>> ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
>> ctls.setReturningAttributes(new String[0]);
>> ctls.setReturningObjFlag(true);
>> NamingEnumeration enm = ctx.search(base, filter, new String[]
>> {
>> uid }, ctls);
>>
>> String dn = null;
>> if (enm.hasMore()) {
>> SearchResult result = (SearchResult) enm.next();
>> dn = result.getNameInNamespace();
>>
>> System.out.println("dn: "+dn);
>> }
>>
>> if (dn == null || enm.hasMore()) {
>> // uid not found or not unique
>> throw new NamingException("Authentication failed");
>> }
>>
>> // Step 3: Bind with found DN and given password
>> ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
>> ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
>> // Perform a lookup in order to force a bind operation with
>> JNDI
>> ctx.lookup(dn);
>> System.out.println("Authentication successful");
>>
>> It uses dn found, that isn't only cn. Can't I change this server
>> beahoviur
>> and execute bind with full dn?
>> For more clarity I upload the entire java class.
>> Thanks in advance!
>>
>>
>> Nowhere wrote:
>>> Hi, here I'm again...was I mistake of mine, It doesn't work with
>>> DIGEST-MD5 (I left "simple" in my previous test) :(
>>> I repeat the not working configuration:
>>>
>>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>> env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/";);
>>> env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>> env.put(Context.SECURITY_PRINCIPAL,
>>> "cn=admin,dc=example,dc=com");
>>> env.put(Context.SECURITY_CREDENTIALS, "admin");
>>> // Specify realm
>>> env.put( "java.naming.security.sasl.realm", "example.com" );
>>>
>>> // Request privacy protection
>>> env.put( "javax.security.sasl.qop", "auth-conf" );
>>> ...
>>>
>>> and I upload my server.xml, if it can help.
>>>
>>> Any suggestion?
>>>
>>>
>>> Nowhere wrote:
>>>> Hi all,
>>>> I don't know if this is the right place, but I have a problem
>>>> connecting
>>>> my ApacheDS using DIGEST-MD5:
>>>>
>>>> i wrote a simple java class that works fine with simple authentication.
>>>> Here it's:
>>>> public static void main(String[] args) throws NamingException {
>>>>
>>>> if (args.length < 2) {
>>>> System.err.println("Usage: java AdvancedBindDemo <uid>
>>>> <password>");
>>>> System.exit(1);
>>>> }
>>>>
>>>> Hashtable env = new Hashtable();
>>>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>>> env.put(Context.PROVIDER_URL, "ldap://localhost:10389/";);
>>>> env.put(Context.SECURITY_AUTHENTICATION, "simple");
>>>> env.put(Context.SECURITY_PRINCIPAL,
>>>> "cn=admin,dc=example,dc=com");
>>>> env.put(Context.SECURITY_CREDENTIALS, "admin");
>>>>
>>>> ...
>>>>
>>>> But if a replace "env.put(Context.SECURITY_AUTHENTICATION, "simple")"
>>>> with env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5") and sends
>>>> pwd
>>>> in clear or encrypted it sends me the following error:
>>>>
>>>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>>>> password
>>>> for cn=admin,dc=example,dc=com in realm : example.com]
>>>>
>>>> I've tried (by Apache Studio ) to set password for
>>>> "cn=admin,dc=example,dc=com" both in clear text then using MD5..
>>>> What's wrong? Something in my server.xml? If you need it, let me knom!
>>>> I hope someone can help me, i'm a newbie in LDAP authentication!
>>>> Thanks in advance!
>>>>
>>> http://www.nabble.com/file/p22076693/server.xml server.xml
>>>
>> http://www.nabble.com/file/p22077027/AdvancedBindDemo.java
>> AdvancedBindDemo.java
>
>
>
>
--
View this message in context:
http://www.nabble.com/ApacheDs---DIGEST-MD5-tp22076098p22078860.html
Sent from the Apache Directory Project mailing list archive at Nabble.com.
