Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani,
opening a JIRA will provide a way to keep track on this issue. You will have to register to *CREATE
A NEW ISSUE*. Pls explain in detail the environment and problem and how to implement your workaround.
Here is the link for the JIRAs
http://issues.apache.org/jira/browse/GERONIMO
I'll keep playing with the password hashing as I am still not having consistent
results.
Cheers!
Hernan
Phani Madgula wrote:
Hi Hernan/Aaron
I developed a small application that uses pure programmatic security
login, using Nescape Java LDAP SDK.
When I store password in MD5/SHA, I applied corresponding hashing on
password sent by user and compared with the passoword retrieved from the
LDAP server. To know how the password is stored in LDAP, we can check
for prefix {md5} for MD5, and {sha} for SHA.
The following is the code snippet
String uname = req.getParameter(userName);
String password = req.getParameter(password);
boolean loginSucceed = false;
String hashMethod = PLAIN;
String hashedPassword = password;
String ldapPassword = getLdapPassword(uname); //Retrieve password
from LDAP for the user
if(ldapPassword.startsWith({md5})){
hashMethod = MD5;
}else if(ldapPassword.startsWith ({sha})){
hashMethod = SHA;
}
if(hashMethod.equals(SHA)){
hashedPassword = getSHAHashedPassword(password);
}else if(hashMethod.equals(MD5)){
hashedPassword = getMD5HashedPassword(password);
}
System.out.println(AuthenticateServlet:service:hashedPassword:+hashedPassword);
System.out.println(AuthenticateServlet:service:ldapPassword:+ldapPassword);
if(hashedPassword.equals (ldapPassword))loginSucceed=true;
.
So, with programmatic login, we can solve the problem. I guess hashing
is not part of specification. With declarative security management, I
guess, current application login implementation must consider MD5/SHA also.
If the above points are valid, we can have a JIRA on this..?
Thanks
phani
On 1/27/06, *Phani Madgula* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Hi Hernan/Aaron
The following is the export of my LDAP entries. I could export using
JXplorer. I also used another LDAP client called LDAP Browser/Editor
2.8.2.
In the below LDAP export, there are two users balaji1, balaji2 whose
passwords are MD5 hashed.
Where as for other users, the passwords are stored PLAIN. So, with
balaji1/balaji2, I am getting Userid/password wrong message in the
browser while authenticating.
I am trying to find the answers for Aaron's questions. I will update
soon.
version: 1
dn: ou=system
objectClass: organizationalUnit
objectClass: top
ou: system
userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=
dn: uid=admin,ou=system
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: system administrator
displayName: Directory Superuser
sn: administrator
uid: admin
userPassword:: c2VjcmV0
dn: ou=users,ou=system
objectClass: organizationalUnit
objectClass: top
ou: users
dn: uid=system,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: John Doe
facsimiletelephonenumber: +1 408 555 5556
givenname: John
l: Las Vegas
mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
ou: People
ou: Human Resources
roomnumber: 4613
sn: Doe
telephonenumber: +1 408 555
uid: system
userPassword:: bWFuYWdlcg==
dn: uid=user1,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User1
l: Las Vegas
mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
ou: People
ou: Human Resources
roomnumber: 4613
sn: One
telephonenumber: +1 408 555
uid: user1
userPassword:: dXNlcjE=
dn: uid=user2,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User2
l: Las Vegas
mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
ou: People
ou: Human Resources
roomnumber: 4613
sn: Two
telephonenumber: +1 408 555
uid: user2
userPassword:: dXNlcjI=
dn: uid=admin,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: admin
sn: admin
uid: admin
userPassword:: YWRtaW4=
dn: uid=user3,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user3
sn: user3
uid: user3
userPassword::
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan/Aaron
I developed a small application that uses pure programmatic security login, using Nescape Java LDAP SDK.
When I store password in MD5/SHA, I applied corresponding hashing on password sent by user and compared with the passowordretrieved from the LDAP server. To know how the password is stored in LDAP, we can check for prefix {md5} for MD5, and {sha} for SHA.
The following is the code snippet
String uname = req.getParameter(userName); String password = req.getParameter(password);
boolean loginSucceed = false;
String hashMethod = PLAIN;String hashedPassword = password;
String ldapPassword = getLdapPassword(uname); //Retrieve password from LDAP for the userif(ldapPassword.startsWith({md5})){hashMethod = MD5;}else if(ldapPassword.startsWith
({sha})){hashMethod = SHA;}
if(hashMethod.equals(SHA)){hashedPassword = getSHAHashedPassword(password);}else if(hashMethod.equals(MD5)){hashedPassword = getMD5HashedPassword(password);}
System.out.println(AuthenticateServlet:service:hashedPassword:+hashedPassword);System.out.println(AuthenticateServlet:service:ldapPassword:+ldapPassword);if(hashedPassword.equals
(ldapPassword))loginSucceed=true;.
So, with programmatic login, we can solve the problem. I guess hashing is not part of specification. With declarative security management, I guess, current application login implementation must consider MD5/SHA also.
If the above points are valid, we can have a JIRA on this..?
Thanks
phani
On 1/27/06, Phani Madgula [EMAIL PROTECTED] wrote:
Hi Hernan/Aaron
The following is the export of my LDAP entries. I could export using JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2.
In the below LDAP export, there are two users balaji1, balaji2 whose passwords are MD5 hashed.
Where as for other users, the passwords are stored PLAIN. So, with balaji1/balaji2, I am getting Userid/password wrong message in the browser while authenticating.
I am trying to find the answers for Aaron's questions. I will update soon.
version: 1dn: ou=systemobjectClass: organizationalUnitobjectClass: topou: systemuserPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=
dn: uid=admin,ou=systemobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: personobjectClass: topcn: system administratordisplayName: Directory Superuser
sn: administrator uid: adminuserPassword:: c2VjcmV0
dn: ou=users,ou=systemobjectClass: organizationalUnitobjectClass: topou: users
dn: uid=system,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: John Doefacsimiletelephonenumber: +1 408 555 5556givenname: John
l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613
sn: Doetelephonenumber: +1 408 555 uid: systemuserPassword:: bWFuYWdlcg==
dn: uid=user1,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User1
l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: One
telephonenumber: +1 408 555 uid: user1userPassword:: dXNlcjE=
dn: uid=user2,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User2
l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Two
telephonenumber: +1 408 555 uid: user2userPassword:: dXNlcjI=
dn: uid=admin,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: adminsn: adminuid: adminuserPassword:: YWRtaW4=
dn: uid=user3,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user3sn: user3uid: user3userPassword:: dXNlcjM=
dn: uid=user4,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user4sn: user4uid: user4userPassword:: dXNlcjQ=
dn: uid=phani1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: phani1sn: phani1uid: phani1userPassword:: cGhhbmkx
dn: uid=balaji1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji1sn: balaji1uid: balaji1userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0=
dn: uid=balaji2,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji2sn: balaji2uid: balaji2userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0=
dn: ou=groups,ou=systemobjectClass: organizationalUnitobjectClass: topou: groups
dn: cn=admin,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: adminuniqueMember: uid=system,ou=users,ou=system
dn: cn=guest,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: guestuniqueMember: uid=user2,ou=users,ou=systemuniqueMember:
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan/Aaron The following is the export of my LDAP entries. I could export using JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2. In the below LDAP export, there are two users balaji1, balaji2 whose passwords are MD5 hashed. Where as for other users, the passwords are stored PLAIN. So, with balaji1/balaji2, I am getting Userid/password wrong message in the browser while authenticating. I am trying to find the answers for Aaron's questions. I will update soon. version: 1dn: ou=systemobjectClass: organizationalUnitobjectClass: topou: systemuserPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0= dn: uid=admin,ou=systemobjectClass: inetOrgPersonobjectClass: organizationalPersonobjectClass: personobjectClass: topcn: system administratordisplayName: Directory Superusersn: administrator uid: adminuserPassword:: c2VjcmV0 dn: ou=users,ou=systemobjectClass: organizationalUnitobjectClass: topou: users dn: uid=system,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: John Doefacsimiletelephonenumber: +1 408 555 5556givenname: John l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Doetelephonenumber: +1 408 555 uid: systemuserPassword:: bWFuYWdlcg== dn: uid=user1,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User1 l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Onetelephonenumber: +1 408 555 uid: user1userPassword:: dXNlcjE= dn: uid=user2,ou=users,ou=systemobjectclass: inetOrgPersonobjectclass: organizationalPersonobjectclass: personobjectclass: topcn: Userfacsimiletelephonenumber: +1 408 555 5556givenname: User2 l: Las Vegasmail: [EMAIL PROTECTED]ou: Peopleou: Human Resourcesroomnumber: 4613sn: Twotelephonenumber: +1 408 555 uid: user2userPassword:: dXNlcjI= dn: uid=admin,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: adminsn: adminuid: adminuserPassword:: YWRtaW4= dn: uid=user3,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user3sn: user3uid: user3userPassword:: dXNlcjM= dn: uid=user4,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user4sn: user4uid: user4userPassword:: dXNlcjQ= dn: uid=phani1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: phani1sn: phani1uid: phani1userPassword:: cGhhbmkx dn: uid=balaji1,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji1sn: balaji1uid: balaji1userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0= dn: uid=balaji2,ou=users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: balaji2sn: balaji2uid: balaji2userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0= dn: ou=groups,ou=systemobjectClass: organizationalUnitobjectClass: topou: groups dn: cn=admin,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: adminuniqueMember: uid=system,ou=users,ou=system dn: cn=guest,ou=groups,ou=systemobjectClass: groupOfUniqueNamescn: guestuniqueMember: uid=user2,ou=users,ou=systemuniqueMember: uid=user1,ou=users,ou=system dn: ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: configuration dn: ou=partitions,ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: partitions dn: ou=services,ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: services dn: ou=interceptors,ou=configuration,ou=systemobjectClass: organizationalUnitobjectClass: topou: interceptors dn: prefNodeName=sysPrefRoot,ou=systemobjectClass: extensibleObjectprefNodeName: sysPrefRoot dn: uid=phani-users,ou=systemobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersoncn: user1sn: user1uid: phani-users Thanks phani On 1/26/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani,Can you export an LDIF so we can see your LDAP conf? I think the problem may be there. So far I have been able to add new users and alter the groups with my other LDAP client. Jxplorer isgiving me some problems while importing/updating from LDIFs.Can you summarize the steps you do for adding the user? Cheers!HernanPhani Madgula wrote: Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani,So far I am only getting this error while using Jxplorer. What otherclient have you tried? Cheers!HernanHernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article.I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappingsrole-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /rolerole role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipalname=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
I don't know much about LDAP, but... Is password hashing part of the standard? Is there some way for our LDAP realm to figure out whether the server expects a password in plain text or MD5 or SHA? I know we can send the hashed password, it's just a question of figuring out which password method the LDAP server is expecting. If nothing else, we could add a configuration option for the password hashing mechanism, but I would hope we could tell from the server's initial challenge or something. Thanks, Aaron On 1/25/06, Phani Madgula [EMAIL PROTECTED] wrote: Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, Can you export an LDIF so we can see your LDAP conf? I think the problem may be there. So far I have been able to add new users and alter the groups with my other LDAP client. Jxplorer is giving me some problems while importing/updating from LDIFs. Can you summarize the steps you do for adding the user? Cheers! Hernan Phani Madgula wrote: Hi Hernan, I am using AG1.0. I tried with other LDAP clients. I observed that, some clients store passwords in SHA, by deafult. The authentication is failing in either case [MD5 or SHA] Thanks phani On 1/25/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Phani, So far I am only getting this error while using Jxplorer. What other client have you tried? Cheers! Hernan Hernan Cunico wrote: Hi Phani, sorry for the delay in the reply. I am having some issues too while validating the user. Maybe you arlready replied this in a previous note but, what version of Geronimo are you using? Cheers! Hernan Phani Madgula wrote: Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml I added the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/ principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When I provide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, *Hernan Cunico* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi Phani, Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP Cheers! Hernan Phani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi,
Thanks for help. I am currently porting an application on geronimo using Apache Directory Server Service..
I am facing a problem with passwords.
I have an application that uses LDAP authentication. I have an user in LDAP Server, lets say, user3 with password pass123.
We can store the passwords in LDAP server either in BASE64 encoding or in MD5 digest or in SHA.
If I store password in BASE64 encoding, the application is authenticating successfully when I give correct userid/password as user3/pass123.
When I store password in MD5, the authentication is failing with user3/pass123 as userid/password, eventhough they are correct as said above.
When I tried to investigate the problem, I found the following.LDAP server is storing the password as BASE64Encoding({md5}+BASE64Encoding(MD5(pass123))). Here pass123 is the password.
MD5(pass123) is MD5 on pass123.
So, when I send the password as pass123, the LDAP server is not performing similar operation on this, as above, and compare it for authentication. I guess, the responsibility does not lie on programmer to perform similar operation and send it for authentication.
Is it a problem with LDAP server?Any comments on this?
Thanks
phani
On 1/20/06, Cristian Roldan [EMAIL PROTECTED] wrote:
Hi,
I have used the IBM's ldap client, but you could you any ldap client.
ldapsearch -h localhost -p 1389 -D uid=admin,ou=system -w secret -b ou=system objectClass=*
if everything works ok this should be the output:
ou=systemou=systemobjectClass=organizationalUnitobjectClass=top
ou=systemou=systemobjectClass=organizationalUnitobjectClass=top
ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=configuration
ou=interceptors,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=interceptors
ou=partitions,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=partitions
ou=services,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=services
ou=groups,ou=systemobjectClass=organizationalUnitobjectClass=topou=groups
ou=users,ou=systemobjectClass=organizationalUnitobjectClass=topou=users
prefNodeName=sysPrefRoot,ou=systemobjectClass=extensibleObjectprefNodeName=sysPrefRoot
uid=admin,ou=systemsn=administratorobjectClass=inetOrgPersonobjectClass=organizationalPersonobjectClass=personobjectClass=topcn=system administratoruid=adminuserPassword=secretdisplayName=Directory Superuser
Bye.
Phani Madgula [EMAIL PROTECTED] escribió:
Hi
I am facing a problem while connecting to LDAP server from an LDAP client.
I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo.
I always get Can not connect to the LDAP server : ERROR 91.
Any solution?
thanks
phani
1GB gratis, Antivirus y AntispamCorreo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi Hernan, Thanks for the link. It is quite helpful informative. I did similar operations, as specified in my previous mail, by deploying the sample application given in the article. I added a new user user3/pass123 in ou=users, ou=system in Directory server, and in geronimo-web.xml Iadded the user3 in role mappings role-mappings role role-name=content-administrator realm realm-name=ldap-realm principal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=admin designated-run-as=true/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=system/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user3/ /realm /role role role-name=guest realm realm-name=ldap-realmprincipal class=org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal name=guest designated-run-as=true/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user1/principal class=org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal name=user2/ /realm /role /role-mappings I used Jxplorer LDAP client to create the new user users3. When Iprovide password in PLAIN format which uses BASE64 encoding through LDAP client, the application is authenticating successfully. When I store it in MD5, the authentication is failing for user3. Any issue while using MD5 ? thanks phani On 1/21/06, Hernan Cunico [EMAIL PROTECTED] wrote: Hi Phani,Here is an article that may help you configure LDAP http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAPCheers!HernanPhani Madgula wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
How to connect to LDAP server on Geronimo from an LDAP client?
Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
hi phani, try JXplorer ( http://pegacat.com/jxplorer/ ) Regards Krish On 1/20/06, Phani Madgula [EMAIL PROTECTED] wrote: Hi I am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo. I always get Can not connect to the LDAP server : ERROR 91. Any solution? thanks phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Hi, I have used the IBM's ldap client, but you could you any ldap client.ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -w secret -b "ou=system" "objectClass=*"if everything works ok this should be the output:ou=systemou=systemobjectClass=organizationalUnitobjectClass=top ou=systemou=systemobjectClass=organizationalUnitobjectClass=top ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=configuration ou=interceptors,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=interceptors ou=partitions,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=partitions ou=services,ou=configuration,ou=systemobjectClass=organizationalUnitobjectClass=topou=services ou=groups,ou=systemobjectClass=organizationalUnitobjectClass=topou=groups ou=users,ou=systemobjectClass=organizationalUnitobjectClass=topou=users prefNodeName=sysPrefRoot,ou=systemobjectClass=extensibleObjectprefNodeName=sysPrefRoot uid=admin,ou=systemsn=administratorobjectClass=inetOrgPersonobjectClass=organizationalPersonobjectClass=personobjectClass=topcn=system administratoruid=adminuserPassword=secretdisplayName=Directory SuperuserBye. Phani Madgula [EMAIL PROTECTED] escribió:HiI am facing a problem while connecting to LDAP server from an LDAP client. I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo.I always get "Can not connect to the LDAP server : ERROR 91".Any solution?thanks phani 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo Abrí tu cuenta aquí
