Hi Pierre. Thanks for answer, but I think I didn't understand what do
you mean about should be stored as plaintext...
Are you saying that when I'm using Studio to create the userPassword
attribute for some user, should I select plaintext in the "Select Hash
Method" combobox?
If it is, I've removed the created passwords again and recreated all
using plainText but nothing change at all.
public static void main(String[] args) throws NamingException {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://ldap.mycompany.com:20389";);
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
env.put(Context.SECURITY_PRINCIPAL,
"uid=cvgaviao,ou=users,o=mycompany");
env.put("com.sun.jndi.ldap.trace.ber", System.err);
// env.put(Context.SECURITY_PRINCIPAL,
"uid=cvgaviao,ou=users,o=mycompany");
// env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
env.put( "javax.security.sasl.qop", "auth-conf" );
try {
Context ctx = new InitialContext(env);
NamingEnumeration<?> enm = ctx.list("");
while (enm.hasMore()) {
System.out.println(enm.next());
}
ctx.close();
} catch (NamingException e) {
System.out.println(e.getMessage());
}
}
I'm still getting:
[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
password for uid=cvgaviao,ou=users,o=mob4biz in realm : MYCOMPANY.COM]
:-(
cheers
Cristiano
On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
Hi Cristiano,
AFAIR, ApacheDS requires passwords to be stored as plaintext to be able to use
DIGEST-MD5 or CRAM-MD5 authentication mechanisms.
Regards,
Pierre-Arnaud
On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
Hi,
I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
I've created my first server (on localhost and I've put dns on etc/hosts)
containing two partitions: system and mycompany. I've created o=mycompany
context with two units: ou=users and ou=groups.
It's was nice and easy to create and connect to and search my new ldap
tree... :-)
But this first time I was using simple mechanism and I want something a
little more secure. So, I've decide to setup DIGEST-MD5 mechanism and I've
changed server.xml with this:
Host: ldap.mycompany.com
Principal: ldap/[email protected]
BaseDN: ou=users,o=mycompany
I've remove the users that I've create before and created new ones and setup
userPassword to a MD5 new one.
Well, no so easy this time... doesn't work using both java Ldap api or
studio connection. I'm getting the same error:
LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
password for johnUser in realm : MYCOMPANY.COM
and I can't find anything about the problem on net.
I don't know more what to do. Could anyone help me with this please?
thanks a lot
Cristiano
