Hi all, Here is my hash mechanism configuration, it is turned off: My apache DS is running on Windows 7 OS, the user that I am trying to authenticate is "uid=admin,ou=system" and my sasl base DN is pointed at ou=system .
dn: ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directo ryServiceId=default,ou=config objectclass: ads-interceptor objectclass: ads-base objectclass: top ads-interceptorclassname: org.apache.directory.server.core.hash.SshaPassword HashingInterceptor ads-interceptorid: passwordHashingInterceptor ads-interceptororder: 9 ads-enabled: FALSE From: Kiran Ayyagari <[email protected]> To: "[email protected]" <[email protected]>, Date: 08/07/2014 12:24 PM Subject: Re: SASL DIGEST-MD5 Authentication On Thu, Aug 7, 2014 at 10:46 PM, Ike Ikonne <[email protected]> wrote: > Hi Kiran, > > I have modified the hosts file where my Apache DS and client > are running to: > > # localhost name resolution is handled within DNS itself. > 127.0.0.1 localhost > 127.0.0.1 example.com > # ::1 localhost > > > Here is my Apache DS configuration: > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=con > fig > objectclass: top > objectclass: ads-base > objectclass: ads-dsBasedServer > objectclass: ads-ldapServer > objectclass: ads-server > ads-confidentialityrequired: FALSE > ads-maxpdusize: 2000000 > ads-maxsizelimit: 1000 > ads-maxtimelimit: 15000 > ads-replenabled: true > ads-replpingersleep: 5 > ads-saslhost: iikonne.xxx.xxx.com <------------ > ads-saslprincipal: ldap/[email protected] > ads-saslrealms: example.com <------ > ads-saslrealms: apache.org > ads-serverid: ldapServer > ads-enabled: TRUE > ads-searchbasedn: ou=system <------ > > > But, I still continue to get the error message: > > LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response > format violation. Nonexis > tent realm: example.com > > What could I still be doing wrong? > make sure the credentials are stored in plain text in the server By default they are all hashed and you need to disable the hashing interceptor 1. go to ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config 2. set ads-enabled to FALSE 3. restart the server > > > Thanks, > > Ike > > > > > > > From: Kiran Ayyagari <[email protected]> > To: "[email protected]" <[email protected]>, > Date: 08/07/2014 12:08 AM > Subject: Re: SASL DIGEST-MD5 Authentication > > > > On Thu, Aug 7, 2014 at 4:10 AM, Ike Ikonne <[email protected]> wrote: > > > Hi, > > > > I use JNDI API on JRE 1.7 to establish connection to APACHE DS. > > I am able to establish SIMPLE authentication to APACHE DS, I am > > just trying to get DIGEST-MD5 to work. Here are my enironment: > > > > Hashtable env = new Hashtable(); > > env.put(Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory); > > > > if (authMethod != null) > > env.put(Context.SECURITY_AUTHENTICATION, authMethod); > > if (principal != null) > > env.put(Context.SECURITY_PRINCIPAL, principal); > > if (credentials != null) > > env.put(Context.SECURITY_CREDENTIALS, credentials); > > if (referral != null) > > env.put(Context.REFERRAL, referral); > > if (ldapVer != null) > > env.put("java.naming.ldap.version", ldapVer); > > env.put("java.naming.security.sasl.realm", "example.com"); > > > > Tell me, do I need to configure the example.com realm or is it > > configured as a default by APACHE DS? > > > your must be able to resolve your realm name (here example.com), either > add an entry in your hosts file or in your internal DNS server > > > > > Thanks, > > > > Ike > > > > > > > > > > From: Emmanuel Lécharny <[email protected]> > > To: [email protected], > > Date: 08/06/2014 04:28 PM > > Subject: Re: SASL DIGEST-MD5 Authentication > > > > > > > > Le 06/08/14 22:40, Ike Ikonne a écrit : > > > Hi all, > > > > > > Again, thanks all for your response; so, do I need to make any > > > external configuration other than the configuration to the APACHE DS? > > > How do I change the default realm to point to my domain realm? > > > Do I need to install/setup cyrus-sasl library to make this to work? > > > > No. We depends on the JVM which supports SASL. > > > > What client are you using ? > > > > > > > > > -- > Kiran Ayyagari > http://keydap.com > > -- Kiran Ayyagari http://keydap.com
