After some experiments based on the errors I was getting and tips I found from searching the Internet, here's a summary on using diguest-MD5 authentication with Apache DS so far:
On the ApacheDS server side: (using Apache Directory Studio for configuration) - Define a host domain name in host file for ldap.example.com - Use host domain name instead of 127.0.0.1 in ApacheDS configuration for SASL Host - Make sure the Search Base DN parameter in SASL settings points to where the users entries are stored in DIT - Store the user password in clear text. In order to acchieve this, some discussions from the mailing list suggested to disable the default passwordPolicies and passwordHashing interceptors - Restart ApacheDS after chaning the configuration On the client side: (using Apache Directory Studio) - Use host domain name instead of 127.0.0.1 in connection configuration for Hostname under Network Parameters - Use uid alone w/o "uid=" instead of full DN of the user for Bind DN or User under Authentication - Make sure to select the right SASL realm, example.com in my case, in SASL Settings Ater doing all these, I'm still getting the error: LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for Gang.Yang in realm : example.com Anyone who's knowledgeable in this area, please help. I'm using a newly downloaded latest ApacheDS and Apache Directory Studio (2.0.0-M10 and 2.0.0-M4). Thanks in advance, Gang ________________________________ From: Yang, Gang CTR (US) [gang.yang....@mail.mil] Sent: Monday, February 04, 2013 12:28 PM To: users@directory.apache.org Subject: Diguest-MD5 authentication Hi, I'm using the latest ApacheDS and Apache Directory Studio. I can bind using Simple authentication, but failed using Diguest-MD5 or Kerboros. I'm sure it's the configuration, but I could not find any section in the user's guide (basic or advanced) that tells me how. Any help and pointers are appreciated. Thanks, Gang