From api-return-210-apmail-directory-api-archive=directory.apache.org@directory.apache.org Mon Sep 06 14:03:43 2010 Return-Path: Delivered-To: apmail-directory-api-archive@minotaur.apache.org Received: (qmail 80586 invoked from network); 6 Sep 2010 14:03:43 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 6 Sep 2010 14:03:43 -0000 Received: (qmail 93148 invoked by uid 500); 6 Sep 2010 14:03:43 -0000 Delivered-To: apmail-directory-api-archive@directory.apache.org Received: (qmail 93120 invoked by uid 500); 6 Sep 2010 14:03:42 -0000 Mailing-List: contact api-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: api@directory.apache.org Delivered-To: mailing list api@directory.apache.org Received: (qmail 93112 invoked by uid 99); 6 Sep 2010 14:03:41 -0000 Received: from Unknown (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Sep 2010 14:03:41 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=RCVD_IN_DNSWL_NONE,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [209.85.214.178] (HELO mail-iw0-f178.google.com) (209.85.214.178) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 06 Sep 2010 14:03:18 +0000 Received: by iwn35 with SMTP id 35so5743234iwn.37 for ; Mon, 06 Sep 2010 07:02:57 -0700 (PDT) MIME-Version: 1.0 Received: by 10.231.15.203 with SMTP id l11mr6208529iba.182.1283781776855; Mon, 06 Sep 2010 07:02:56 -0700 (PDT) Sender: mail@stefan-seelmann.de Received: by 10.231.13.73 with HTTP; Mon, 6 Sep 2010 07:02:56 -0700 (PDT) In-Reply-To: References: <97F4356AEA71904482CD192135C038F96A3BC61F0B@BANPMAILBOX01.citrite.net> Date: Mon, 6 Sep 2010 16:02:56 +0200 X-Google-Sender-Auth: RMZ66Rkel6Gg8pJ0IswJDoae-eA Message-ID: Subject: Re: Using LDAPConnection class... From: Stefan Seelmann To: api@directory.apache.org Content-Type: text/plain; charset=UTF-8 X-Virus-Checked: Checked by ClamAV on apache.org On Mon, Sep 6, 2010 at 3:37 PM, Kiran Ayyagari wrote: > On Mon, Sep 6, 2010 at 6:51 PM, Arvind N wrote: >> For this I always get an error message >> ** the error message is 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece ** >> Googled quite a bit to not avail and to dig deeper hit ethereal. >> Noticed that in the LDAP protocol extract, the bind request had something like this >> .... >> DN: cn=Arvind N >> .. >> >> To cross verify if I had done anything wrong... >> >> I downloaded a java based LDAP browser JXplorer and provided the same input of >> User DN of "Arvind N" and the same credentials and it logged in just fine >> In this login ethereal trace noticed the below difference... and this seems to work always... >> >> .... >> DN: Arvind N >> ..... >> >> >> Other then the above difference I did not notice any other difference in the LDAP packet >> between JXplorer(Which logged in just fine) and Apache LDAP Client API( failed to login).... >> Do let me know how can I make Apache LDAP client API to send DN: as plain DN: Arvind N, >> which I think should make the thing work just fine... > client-api requires the user name in the form of a DN so 'Arvind N' > cannot be used as it is not a valid DN. JXplorer must be doing some > behind the scenes work to make it work with AD. AD accepts either - the full DN, that looks typically like "cn=Arvind N,cn=Users,dc=MyDomain,dc=com" - or the samAccountName and the domain in format "Arvind N@DOMAIN" @Arvind: Could you try to use the full DN of your user? @Emmanuel, Kiran: JXplorer makes the same as Apache Directory Studio: It uses JNDI and JNDI accepts a non-DN as principal. I think we should allow the same for the new API. WDYT? Kind Regards, Stefan