On 07/09/2016 11:17 AM, Guillermo López Alejos wrote: > Hello again, > > Sorry for the misplaced tag in the subject. This question is about the Apache > Directory Studio client. > > Kind regards, > > Guillermo > > -----Mensaje original----- > De: Guillermo López Alejos > Enviado el: 08 July 2016 20:29 > Para: '[email protected]' > Asunto: [ApacheDS] Testing SASL hashed password > > Hi, > > I'm on the process of deploying my first LDAP server with SASL. My objective > is to provide LDAP authentication to clients while hiding underlying > authentication details. All tests carried out in the server succeeded, so now > it's time for client-side testing. > > I wanted to make it as simple as possible, so I tried with Apache Directory > Studio password verification capabilities. The problem is that after adding a > password entry that is SASL formatted ("{SASL}[email protected]"), the > "Verify" button becomes greyed. I think this is because the hash method is > "Plaintext". > > Can anyone point out how to test SASL-LDAP authentication with Apache > Directory Studio?
The "Verify" button in the password editor can only be used to compare the (hashed) userPassword attribute. This is done by applying the same hash algorithm and using the same salt found in the existing password. This only works for "real" passwords stored in userPassword attribute. When using SASL you need to run the SASL flow by creating a new connection and selecting your used SASL mechanism on the 2nd wizard page. Currently only DIGEST-MD5 and GSSAPI are implemented. Kind Regards, Stefan
