Hi Pierre,
I will try again with your suggestions and let you know when I've done.
thank you
Cristiano
On 25/02/11 11:44, Pierre-Arnaud Marcelot wrote:
Hi Cristiano,
Sorry for the late answer.
I installed a testing instance of ApacheDS 1.5.7 with the files you sent.
I was indeed able to test the issue but it is main a configuration issue.
Some properties in your server.xml were not correctly set.
The 'searchBaseDn' in the 'ldapServer' bean needs to be updated to the dn where
your users are stored.
Most likely "ou=users,o=mycompany" in your case.
In your Java sample file, you had also forgot to mention the SASL realm with
the following property added to the environment:
env.put("java.naming.security.sasl.realm", "mycompany.com");
Also make sure to use the id of the user you want to bind and not it's complete
in the case of DIGEST-MD5 bind.
With all these correct settings you should be able to bind successfully with
one of your users.
Regards,
Pierre-Arnaud
On jeudi 24 février 2011 at 19:49, Cristiano Gavião wrote:
Hi Pierre, have you reproduced the described problem?
cheers
Cristiano
On 15/02/11 17:55, Cristiano Gavião wrote:
Hi Pierre...
I am sending the zip with 3 files: a server.xml, an ldif data and a
java class to test.
As I said, I've created a fake host on my Hosts file point to
localhost. Let me know if you need more info.
thanks again
Cristiano
On 15/02/11 16:30, Pierre-Arnaud Marcelot wrote:
Le 15 févr. 2011 à 19:56, Cristiano Gavião<[email protected]> a
écrit :
Hi Pierre. Thanks for answer, but I think I didn't understand what
do you mean about should be stored as plaintext...
Are you saying that when I'm using Studio to create the userPassword
attribute for some user, should I select plaintext in the "Select
Hash Method" combobox?
Yeah, that's what I meant.
If it is, I've removed the created passwords again and recreated all
using plainText but nothing change at all.
public static void main(String[] args) throws NamingException {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,
"ldap://ldap.mycompany.com:20389";);
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
env.put(Context.SECURITY_PRINCIPAL,
"uid=cvgaviao,ou=users,o=mycompany");
env.put("com.sun.jndi.ldap.trace.ber", System.err);
// env.put(Context.SECURITY_PRINCIPAL,
"uid=cvgaviao,ou=users,o=mycompany");
// env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
env.put( "javax.security.sasl.qop", "auth-conf" );
try {
Context ctx = new InitialContext(env);
NamingEnumeration<?> enm = ctx.list("");
while (enm.hasMore()) {
System.out.println(enm.next());
}
ctx.close();
} catch (NamingException e) {
System.out.println(e.getMessage());
}
}
I'm still getting:
[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot
acquire password for uid=cvgaviao,ou=users,o=mob4biz in realm :
MYCOMPANY.COM]
:-(
Can you also send us the complete server.xml and an LDIF extract of
required entries for testing the issue?
Thanks,
Pierre-Arnaud
cheers
Cristiano
On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
Hi Cristiano,
AFAIR, ApacheDS requires passwords to be stored as plaintext to be
able to use DIGEST-MD5 or CRAM-MD5 authentication mechanisms.
Regards,
Pierre-Arnaud
On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
Hi,
I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
I've created my first server (on localhost and I've put dns on
etc/hosts)
containing two partitions: system and mycompany. I've created
o=mycompany
context with two units: ou=users and ou=groups.
It's was nice and easy to create and connect to and search my new
ldap
tree... :-)
But this first time I was using simple mechanism and I want
something a
little more secure. So, I've decide to setup DIGEST-MD5 mechanism
and I've
changed server.xml with this:
Host: ldap.mycompany.com
Principal: ldap/[email protected]
BaseDN: ou=users,o=mycompany
I've remove the users that I've create before and created new ones
and setup
userPassword to a MD5 new one.
Well, no so easy this time... doesn't work using both java Ldap
api or
studio connection. I'm getting the same error:
LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot
acquire
password for johnUser in realm : MYCOMPANY.COM
and I can't find anything about the problem on net.
I don't know more what to do. Could anyone help me with this please?
thanks a lot
Cristiano
