hi, thanks for reply.
I tried to do the authentication with the following values. (after following the given tutorial ) Bind DN or user : [email protected] Bind Password : secret At kerborose settings set : Obtain TGT from KDC set : Use Native System Configuration Then tried to Authenticate and got the following exception at client side The authentication failed - Request: 1 cancelled javax.naming.CommunicationException: Request: 1 cancelled at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:60) at com.sun.jndi.ldap.Connection.readReply(Connection.java:411) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:340) at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:108) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667) at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2575) at com.sun.jndi.ldap.LdapCtx.ensureOpen(LdapCtx.java:2549) at com.sun.jndi.ldap.LdapCtx.reconnect(LdapCtx.java:2545) at javax.naming.ldap.InitialLdapContext.reconnect(InitialLdapContext.java:173) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$8.run(JNDIConnectionWrapper.java:1165) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:337) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doGssapiBind(JNDIConnectionWrapper.java:1159) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.access$700(JNDIConnectionWrapper.java:106) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper$7.run(JNDIConnectionWrapper.java:1041) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.runAndMonitor(JNDIConnectionWrapper.java:1272) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.doBind(JNDIConnectionWrapper.java:1065) at org.apache.directory.studio.connection.core.io.jndi.JNDIConnectionWrapper.bind(JNDIConnectionWrapper.java:254) at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:80) at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:123) at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:121) Request: 1 cancelled And following at server side. [18:41:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25) [18:41:16] WARN [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - No server entry found for kerberos principal name ldap/[email protected] [18:41:16] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client. java.lang.NullPointerException at org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.getEntry(GetPrincipal.java:97) at org.apache.directory.server.kerberos.shared.store.operations.GetPrincipal.execute(GetPrincipal.java:81) at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler.findPrincipal(GssapiMechanismHandler.java:174) at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler.getSubject(GssapiMechanismHandler.java:136) at org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler.handleMechanism(GssapiMechanismHandler.java:66) at org.apache.directory.server.ldap.handlers.BindHandler.handleSaslAuth(BindHandler.java:539) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:594) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:61) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:162) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:194) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:721) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:433) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:801) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434) at java.lang.Thread.run(Thread.java:619) What could be the reason? thanks, Amila. On Fri, Jan 29, 2010 at 3:12 PM, Stefan Seelmann <[email protected]>wrote: > Amila Suriarachchi wrote: > >> I could successfully run the following[1] tutorial with Apacheds 1.5.5. >> But this uses kinit as the login tool. >> Can I do the same thing with Apache Directory studio? >> > > Yes, you could use Kerberos/GSSAPI to authenticate to the ApacheDS LDAP > service. You have two options: > > If you use kinit and obtained a TGT from the ApacheDS Kerberos server you > have real single-sign-on. You just need to select 'GSSAPI (Kerberos)' as > authentication method for your connection [2] and you don't need to > authenticate again. > > Alternatively you could select 'Obtail TGT from KDC'. With that option you > need to provide the username and password to get a new TGT from the Kerberos > server. But note that this TGT can only be used within Studio, for accessing > the LDAP server. > > Kind Regards, > Stefan > > > [2] > http://directory.apache.org/studio/static/users_guide/ldap_browser/tools_connection_properties.html > > -- Amila Suriarachchi WSO2 Inc. blog: http://amilachinthaka.blogspot.com/
