Hi Pierre, have you reproduced the described problem?
cheers
Cristiano
On 15/02/11 17:55, Cristiano Gavião wrote:
Hi Pierre...
I am sending the zip with 3 files: a server.xml, an ldif data and a
java class to test.
As I said, I've created a fake host on my Hosts file point to
localhost. Let me know if you need more info.
thanks again
Cristiano
On 15/02/11 16:30, Pierre-Arnaud Marcelot wrote:
Le 15 févr. 2011 à 19:56, Cristiano Gavião<[email protected]> a
écrit :
Hi Pierre. Thanks for answer, but I think I didn't understand what
do you mean about should be stored as plaintext...
Are you saying that when I'm using Studio to create the userPassword
attribute for some user, should I select plaintext in the "Select
Hash Method" combobox?
Yeah, that's what I meant.
If it is, I've removed the created passwords again and recreated all
using plainText but nothing change at all.
public static void main(String[] args) throws NamingException {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"ldap://ldap.mycompany.com:20389";);
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
env.put(Context.SECURITY_PRINCIPAL,
"uid=cvgaviao,ou=users,o=mycompany");
env.put("com.sun.jndi.ldap.trace.ber", System.err);
// env.put(Context.SECURITY_PRINCIPAL,
"uid=cvgaviao,ou=users,o=mycompany");
// env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
env.put( "javax.security.sasl.qop", "auth-conf" );
try {
Context ctx = new InitialContext(env);
NamingEnumeration<?> enm = ctx.list("");
while (enm.hasMore()) {
System.out.println(enm.next());
}
ctx.close();
} catch (NamingException e) {
System.out.println(e.getMessage());
}
}
I'm still getting:
[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot
acquire password for uid=cvgaviao,ou=users,o=mob4biz in realm :
MYCOMPANY.COM]
:-(
Can you also send us the complete server.xml and an LDIF extract of
required entries for testing the issue?
Thanks,
Pierre-Arnaud
cheers
Cristiano
On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
Hi Cristiano,
AFAIR, ApacheDS requires passwords to be stored as plaintext to be
able to use DIGEST-MD5 or CRAM-MD5 authentication mechanisms.
Regards,
Pierre-Arnaud
On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
Hi,
I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
I've created my first server (on localhost and I've put dns on
etc/hosts)
containing two partitions: system and mycompany. I've created
o=mycompany
context with two units: ou=users and ou=groups.
It's was nice and easy to create and connect to and search my new
ldap
tree... :-)
But this first time I was using simple mechanism and I want
something a
little more secure. So, I've decide to setup DIGEST-MD5 mechanism
and I've
changed server.xml with this:
Host: ldap.mycompany.com
Principal: ldap/[email protected]
BaseDN: ou=users,o=mycompany
I've remove the users that I've create before and created new ones
and setup
userPassword to a MD5 new one.
Well, no so easy this time... doesn't work using both java Ldap
api or
studio connection. I'm getting the same error:
LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot
acquire
password for johnUser in realm : MYCOMPANY.COM
and I can't find anything about the problem on net.
I don't know more what to do. Could anyone help me with this please?
thanks a lot
Cristiano
