Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, opening a JIRA will provide a way to keep track on this issue. You will have to register to *CREATE A NEW ISSUE*. Pls explain in detail the environment and problem and how to implement your workaround. Here is the link for the JIRAs http://issues.apache.org/jira/browse/GERONIMO I'll keep playing with the password hashing as I am still not having consistent results. Cheers! Hernan Phani Madgula wrote: Hi Hernan/Aaron I developed a small application that uses pure programmatic security login, using Nescape Java LDAP SDK. When I store password in MD5/SHA, I applied corresponding hashing on password sent by user and compared with the passoword retrieved from the LDAP server. To know how the password is stored in LDAP, we can check for prefix {md5} for MD5, and {sha} for SHA. The following is the code snippet String uname = req.getParameter(userName); String password = req.getParameter(password); boolean loginSucceed = false; String hashMethod = PLAIN; String hashedPassword = password; String ldapPassword = getLdapPassword(uname); //Retrieve password from LDAP for the user if(ldapPassword.startsWith({md5})){ hashMethod = MD5; }else if(ldapPassword.startsWith ({sha})){ hashMethod = SHA; } if(hashMethod.equals(SHA)){ hashedPassword = getSHAHashedPassword(password); }else if(hashMethod.equals(MD5)){ hashedPassword = getMD5HashedPassword(password); } System.out.println(AuthenticateServlet:service:hashedPassword:+hashedPassword); System.out.println(AuthenticateServlet:service:ldapPassword:+ldapPassword); if(hashedPassword.equals (ldapPassword))loginSucceed=true; . So, with programmatic login, we can solve the problem. I guess hashing is not part of specification. With declarative security management, I guess, current application login implementation must consider MD5/SHA also. If the above points are valid, we can have a JIRA on this..? Thanks phani On 1/27/06, *Phani Madgula* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Hernan/Aaron The following is the export of my LDAP entries. I could export using JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2. In the below LDAP export, there are two users balaji1, balaji2 whose passwords are MD5 hashed. Where as for other users, the passwords are stored PLAIN. So, with balaji1/balaji2, I am getting Userid/password wrong message in the browser while authenticating. I am trying to find the answers for Aaron's questions. I will update soon. version: 1 dn: ou=system objectClass: organizationalUnit objectClass: top ou: system userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0= dn: uid=admin,ou=system objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top cn: system administrator displayName: Directory Superuser sn: administrator uid: admin userPassword:: c2VjcmV0 dn: ou=users,ou=system objectClass: organizationalUnit objectClass: top ou: users dn: uid=system,ou=users,ou=system objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person objectclass: top cn: John Doe facsimiletelephonenumber: +1 408 555 5556 givenname: John l: Las Vegas mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ou: People ou: Human Resources roomnumber: 4613 sn: Doe telephonenumber: +1 408 555 uid: system userPassword:: bWFuYWdlcg== dn: uid=user1,ou=users,ou=system objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person objectclass: top cn: User facsimiletelephonenumber: +1 408 555 5556 givenname: User1 l: Las Vegas mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ou: People ou: Human Resources roomnumber: 4613 sn: One telephonenumber: +1 408 555 uid: user1 userPassword:: dXNlcjE= dn: uid=user2,ou=users,ou=system objectclass: inetOrgPerson objectclass: organizationalPerson objectclass: person objectclass: top cn: User facsimiletelephonenumber: +1 408 555 5556 givenname: User2 l: Las Vegas mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ou: People ou: Human Resources roomnumber: 4613 sn: Two telephonenumber: +1 408 555 uid: user2 userPassword:: dXNlcjI= dn: uid=admin,ou=users,ou=system objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: admin sn: admin uid: admin userPassword:: YWRtaW4= dn: uid=user3,ou=users,ou=system objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson cn: user3 sn: user3 uid: user3 userPassword::
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan/Aaron I developed a small application that uses pure programmatic security login, using Nescape Java LDAP SDK. When I store password in MD5/SHA, I applied corresponding hashing on password sent by user and compared with the passowordretrieved from the LDAP server. To know how the password is stored in LDAP, we can check for prefix {md5} for MD5, and {sha} for SHA. The following is the code snippet String uname = req.getParameter(userName); String password = req.getParameter(password); boolean loginSucceed = false; String hashMethod = PLAIN;String hashedPassword = password; String ldapPassword = getLdapPassword(uname); //Retrieve password from LDAP for the userif(ldapPassword.startsWith({md5})){hashMethod = MD5;}else if(ldapPassword.startsWith ({sha})){hashMethod = SHA;} if(hashMethod.equals(SHA)){hashedPassword = getSHAHashedPassword(password);}else if(hashMethod.equals(MD5)){hashedPassword = getMD5HashedPassword(password);} System.out.println(AuthenticateServlet:service:hashedPassword:+hashedPassword);System.out.println(AuthenticateServlet:service:ldapPassword:+ldapPassword);if(hashedPassword.equals (ldapPassword))loginSucceed=true;. So, with programmatic login, we can solve the problem. I guess hashing is not part of specification. With declarative security management, I guess, current application login implementation must consider MD5/SHA also. If the above points are valid, we can have a JIRA on this..? Thanks phani On 1/27/06, Phani Madgula [EMAIL PROTECTED] wrote: Hi Hernan/Aaron The following is the export of my LDAP entries. I could export using JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2. In the below LDAP export, there are two users balaji1, balaji2 whose passwords are MD5 hashed. Where as for other users, the passwords are stored PLAIN. So, with balaji1/balaji2, I am getting Userid/password wrong message in the browser while authenticating. I am trying to find the answers for Aaron's questions. I will update soon. version: 1dn: ou=systemobjectClass: organizationalUnitobjectClass: topou: systemuserPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0= dn: uid=admin,ou=systemobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: personobjectClass: topcn: system administratordisplayName: Directory Superuser sn: administrator uid: adminuserPassword:: c2VjcmV0 dn: ou=users,ou=systemobjectClass: organizationalUnitobjectClass: topou: users dn: uid=system,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: John Doefacsimiletelephonenumber: +1 408 555 5556givenname: John l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613 sn: Doetelephonenumber: +1 408 555 uid: systemuserPassword:: bWFuYWdlcg== dn: uid=user1,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User1 l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: One telephonenumber: +1 408 555 uid: user1userPassword:: dXNlcjE= dn: uid=user2,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User2 l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Two telephonenumber: +1 408 555 uid: user2userPassword:: dXNlcjI= dn: uid=admin,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: adminsn: adminuid: adminuserPassword:: YWRtaW4= dn: uid=user3,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user3sn: user3uid: user3userPassword:: dXNlcjM= dn: uid=user4,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user4sn: user4uid: user4userPassword:: dXNlcjQ= dn: uid=phani1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: phani1sn: phani1uid: phani1userPassword:: cGhhbmkx dn: uid=balaji1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji1sn: balaji1uid: balaji1userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0= dn: uid=balaji2,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji2sn: balaji2uid: balaji2userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0= dn: ou=groups,ou=systemobjectClass: organizationalUnitobjectClass: topou: groups dn: cn=admin,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: adminuniqueMember: uid=system,ou=users,ou=system dn: cn=guest,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: guestuniqueMember: uid=user2,ou=users,ou=systemuniqueMember:
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan/Aaron The following is the export of my LDAP entries. I could export using JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2. In the below LDAP export, there are two users balaji1, balaji2 whose passwords are MD5 hashed. Where as for other users, the passwords are stored PLAIN. So, with balaji1/balaji2, I am getting Userid/password wrong message in the browser while authenticating. I am trying to find the answers for Aaron's questions. I will update soon. version: 1dn: ou=systemobjectClass: organizationalUnitobjectClass: topou: systemuserPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0= dn: uid=admin,ou=systemobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: personobjectClass: topcn: system administratordisplayName: Directory Superusersn: administrator uid: adminuserPassword:: c2VjcmV0 dn: ou=users,ou=systemobjectClass: organizationalUnitobjectClass: topou: users dn: uid=system,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: John Doefacsimiletelephonenumber: +1 408 555 5556givenname: John l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Doetelephonenumber: +1 408 555 uid: systemuserPassword:: bWFuYWdlcg== dn: uid=user1,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User1 l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Onetelephonenumber: +1 408 555 uid: user1userPassword:: dXNlcjE= dn: uid=user2,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User2 l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Twotelephonenumber: +1 408 555 uid: user2userPassword:: dXNlcjI= dn: uid=admin,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: adminsn: adminuid: adminuserPassword:: YWRtaW4= dn: uid=user3,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user3sn: user3uid: user3userPassword:: dXNlcjM= dn: uid=user4,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user4sn: user4uid: user4userPassword:: dXNlcjQ= dn: uid=phani1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: phani1sn: phani1uid: phani1userPassword:: cGhhbmkx dn: uid=balaji1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji1sn: balaji1uid: balaji1userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0= dn: uid=balaji2,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji2sn: balaji2uid: balaji2userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0= dn: ou=groups,ou=systemobjectClass: organizationalUnitobjectClass: topou: groups dn: cn=admin,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: adminuniqueMember: uid=system,ou=users,ou=system dn: cn=guest,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: guestuniqueMember: uid=user2,ou=users,ou=systemuniqueMember: uid=user1,ou=users,ou=system dn: ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: configuration dn: ou=partitions,ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: partitions dn: ou=services,ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: services dn: ou=interceptors,ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: interceptors dn: prefNodeName=sysPrefRoot,ou=systemobjectClass: extensibleObjectprefNodeName: sysPrefRoot dn: uid=phani-users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user1sn: user1uid: phani-users Thanks phani On 1/26/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani,Can you export an LDIF so we can see your LDAP conf? I think the problem may be there. So far I have been able to add new users and alter the groups with my other LDAP client. Jxplorer isgiving me some problems while importing/updating from LDIFs.Can you summarize the steps you do for adding the user? Cheers!HernanPhani Madgula wrote: Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani,So far I am only getting this error while using Jxplorer. What otherclient have you tried? Cheers!HernanHernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article.I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappingsrole-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /rolerole role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipalname=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
I don't know much about LDAP, but... Is password hashing part of the standard? Is there some way for our LDAP realm to figure out whether the server expects a password in plain text or MD5 or SHA? I know we can send the hashed password, it's just a question of figuring out which password method the LDAP server is expecting. If nothing else, we could add a configuration option for the password hashing mechanism, but I would hope we could tell from the server's initial challenge or something. Thanks, Aaron On 1/25/06, Phani Madgula [EMAIL PROTECTED] wrote: Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, Can you export an LDIF so we can see your LDAP conf? I think the problem may be there. So far I have been able to add new users and alter the groups with my other LDAP client. Jxplorer is giving me some problems while importing/updating from LDIFs. Can you summarize the steps you do for adding the user? Cheers! Hernan Phani Madgula wrote: Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi, Thanks for help. I am currently porting an application on geronimo using Apache Directory Server Service.. I am facing a problem with passwords. I have an application that uses LDAP authentication. I have an user in LDAP Server, lets say, user3 with password pass123. We can store the passwords in LDAP server either in BASE64 encoding or in MD5 digest or in SHA. If I store password in BASE64 encoding, the application is authenticating successfully when I give correct userid/password as user3/pass123. When I store password in MD5, the authentication is failing with user3/pass123 as userid/password, eventhough they are correct as said above. When I tried to investigate the problem, I found the following.LDAP server is storing the password as BASE64Encoding({md5}+BASE64Encoding(MD5(pass123))). Here pass123 is the password. MD5(pass123) is MD5 on pass123. So, when I send the password as pass123, the LDAP server is not performing similar operation on this, as above, and compare it for authentication. I guess, the responsibility does not lie on programmer to perform similar operation and send it for authentication. Is it a problem with LDAP server?Any comments on this? Thanks phani On 1/20/06, Cristian Roldan [EMAIL PROTECTED] wrote: Hi, I have used the IBM's ldap client, but you could you any ldap client. ldapsearch -h localhost -p 1389 -D uid=admin,ou=system -w secret -b ou=system objectClass=* if everything works ok this should be the output: ou=systemou=systemobjectClass=organizationalUnitobjectClass=top ou=systemou=systemobjectClass=organizationalUnitobjectClass=top ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=configuration ou=interceptors,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=interceptors ou=partitions,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=partitions ou=services,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=services ou=groups,ou=systemobjectClass=organizationalUnitobjectClass=topou=groups ou=users,ou=systemobjectClass=organizationalUnitobjectClass=topou=users prefNodeName=sysPrefRoot,ou=systemobjectClass=extensibleObjectprefNodeName=sysPrefRoot uid=admin,ou=systemsn=administratorobjectClass=inetOrgPersonobjectClass=organizationalPersonobjectClass=personobjectClass=topcn=system administratoruid=adminuserPassword=secretdisplayName=Directory Superuser Bye. Phani Madgula [EMAIL PROTECTED] escribió: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani 1GB gratis, Antivirus y AntispamCorreo Yahoo!, el mejor correo web del mundo Abrí tu cuenta aquí
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml Iadded the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realmprincipal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When Iprovide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani,Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAPCheers!HernanPhani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
How to connect to LDAP server on Geronimo from an LDAP client?
Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
hi phani, try JXplorer ( http://pegacat.com/jxplorer/ ) Regards Krish On 1/20/06, Phani Madgula [EMAIL PROTECTED] wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi, I have used the IBM's ldap client, but you could you any ldap client.ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -w secret -b "ou=system" "objectClass=*"if everything works ok this should be the output:ou=systemou=systemobjectClass=organizationalUnitobjectClass=top ou=systemou=systemobjectClass=organizationalUnitobjectClass=top ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=configuration ou=interceptors,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=interceptors ou=partitions,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=partitions ou=services,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=services ou=groups,ou=systemobjectClass=organizationalUnitobjectClass=topou=groups ou=users,ou=systemobjectClass=organizationalUnitobjectClass=topou=users prefNodeName=sysPrefRoot,ou=systemobjectClass=extensibleObjectprefNodeName=sysPrefRoot uid=admin,ou=systemsn=administratorobjectClass=inetOrgPersonobjectClass=organizationalPersonobjectClass=personobjectClass=topcn=system administratoruid=adminuserPassword=secretdisplayName=Directory SuperuserBye. Phani Madgula [EMAIL PROTECTED] escribió:HiI am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo.I always get "Can not connect to the LDAP server : ERROR 91".Any solution?thanks phani 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo Abrí tu cuenta aquí