'Well duh' moment... My passwords are stored hashed... Sent from Yahoo Mail on Android On Wed, 13 Jan, 2016 at 14:42, [email protected]<[email protected]> wrote: Hello,
Context: I am running a 2.0.0-M20 server instance and all testing/trials below where made with Apache Directory Studio 2.0.0.v20150606-M9. Also, thank you in advance to anyone who takes the time to read through all this and possibly reply with pointers/solutions. PROBLEM SUMMARY ---------------------------------- I am able to connect with simple authentication and the DN, but I want to be able to also use DIGEST-MD5 and uid-only value instead of full DN. No matter what I do, I keep getting this error when I try to connect: DIGEST-MD5: digest response format violation. Mismatched response. DETAILS ---------------------------------- I have 2 connections in my Apache Directory Studio (first works, second is the one I can't get to work). The two have identical settings in the "Network Parameter", "Browser Options" and "Edit Options" tabs. Basically it's the defaults, where the network parameters were changed to give the host name (myhost.mydomain.com) and port number, and also to enable the StartTLS extension. In fact the second connection was created as a copy of the first (working) one, where I only made changes to the authentication tab: 1. First (working) connection has method "Simple Authentication" Bind DN or user: "uid=admin,ou=people,dc=devops,dc=mydomain,dc=com" 2. Second (non-working) connection has method "DIGEST-MD5 (SASL)" method Bind DN or user: "admin" In SASL settings SASL Realm: myhost.mydomain.com The SASL realm is the server's FQDN from 'hostname -f' command. All other settings are defaults. When connecting I get this failure in Directory Studio client: CUT START ======================================== Error while opening connection - [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Mismatched response.] java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Mismatched response.] at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1278) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1246) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:448) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1173) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457) at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303) at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114) at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Mismatched response.] CUT END ======================================== Any idea on what may be causing this? * I think the uid and the userPassword values are 100% correct, since (1) works with those. * I also think the SASL realm is correct - using some other value (e.g. wronghost.mydomain.com) gives "DIGEST-MD5: digest response format violation. Nonexistent realm: wronghost.mydomain.com] " SERVER SETTINGS ---------------------------------- When I use the working connection (1) and "Open Configuration", in the "LDAP/LDAPS Servers" tab, I've change the "SASL Settings" tab as follows: SASL Host: myhost.mydomain.com - NOTE this matches the realm SASL Principal: ldap/myhost.mydomain.com Search Base Dn: ou=people,dc=devops,dc=mydomain,dc=com In the list of SASL Realms I've added "myhost.mydomain.com" which is the same as the SASL host.
