Hi all, Again, thanks all for your response; so, do I need to make any external configuration other than the configuration to the APACHE DS? How do I change the default realm to point to my domain realm? Do I need to install/setup cyrus-sasl library to make this to work?
Here is my configuration: dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=con fig objectclass: top objectclass: ads-base objectclass: ads-dsBasedServer objectclass: ads-ldapServer objectclass: ads-server ads-confidentialityrequired: FALSE ads-maxpdusize: 2000000 ads-maxsizelimit: 1000 ads-maxtimelimit: 15000 ads-replenabled: true ads-replpingersleep: 5 ads-saslhost: iikonne.xxx.xxx.com ads-saslprincipal: ldap/[email protected] ads-saslrealms: example.com ads-saslrealms: apache.org ads-serverid: ldapServer ads-enabled: TRUE ads-searchbasedn: ou=users,ou=system From: Pierre Smits <[email protected]> To: Apache Directory Users List <[email protected]>, Date: 08/06/2014 03:25 PM Subject: Re: SASL DIGEST-MD5 Authentication Ike, Of course, you have to change example.com and EXAMPLE.COM for your realms. Regards, Pierre Smits *ORRTIZ.COM <http://www.orrtiz.com>* Services & Solutions for Cloud- Based Manufacturing, Professional Services and Retail & Trade http://www.orrtiz.com On Wed, Aug 6, 2014 at 10:01 PM, Ike Ikonne <[email protected]> wrote: > Hi > > After making the change that you suggested, I get the following from the > server > > LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response > format violation. Nonexis > tent realm: example.com > > Here is how my apache directory configuration looks like: > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config > objectclass: ads-server > objectclass: ads-ldapServer > objectclass: ads-dsBasedServer > objectclass: ads-base > objectclass: top > ads-serverId: ldapServer > ads-confidentialityRequired: FALSE > ads-maxSizeLimit: 1000 > ads-maxTimeLimit: 15000 > ads-maxpdusize: 2000000 > ads-saslHost: iikonne.xxx.com > ads-saslPrincipal: ldap/[email protected] > ads-saslRealms: example.com > ads-saslRealms: apache.org > ads-searchBaseDN: ou=users,ou=system > ads-replEnabled: true > ads-replPingerSleep: 5 > ads-enabled: TRUE > > > > > > From: Emmanuel Lécharny <[email protected]> > To: [email protected], > Date: 08/06/2014 02:47 PM > Subject: Re: SASL DIGEST-MD5 Authentication > > > > Le 06/08/14 21:16, Ike Ikonne a écrit : > > Hi all, > > > > I would appreciate it if someone could direct me on how to setup > > APACHE DS to support SASL DIGEST-MD5. How can I setup > > the realm for the example.com default domain? > > You have to set the saslHost parameter in the ldapServer entry : > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config > objectclass: ads-server > objectclass: ads-ldapServer > objectclass: ads-dsBasedServer > objectclass: ads-base > objectclass: top > ads-serverId: ldapServer > ads-confidentialityRequired: FALSE > ads-maxSizeLimit: 1000 > ads-maxTimeLimit: 15000 > ads-maxpdusize: 2000000 > ads-saslHost: ldap.example.com <<<---- > ads-saslPrincipal: ldap/[email protected] > ads-saslRealms: example.com > ads-saslRealms: apache.org > ads-searchBaseDN: ou=users,ou=system > ads-replEnabled: true > ads-replPingerSleep: 5 > ads-enabled: TRUE > > >
