directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Example of using DIGEST-MD5 against MS Active Directory
Date Tue, 31 Dec 2013 15:29:53 GMT
On Tue, Dec 31, 2013 at 8:00 PM, Andrew Hastie <andrew@ahastie.net> wrote:

> Thanks Kiran - That works perfectly for me now.
>
> I fell over the fact that the implementation class LdapNetworkConnection
> does accept an instance of SaslDigestMd5Request whereas the interface class
> LdapConnection does not. I see this commented in the source[2]:-
>
> // TODO: all the SASL bind methods are not declared in this interface, but
> implemented in LdapNetworkConnection. Is that intended?
>
> part of the reason was that there are two implementations of this interface
one of them is a connection to an embedded instance in which SASL bind has
no meaning.

[2]
> http://svn.apache.org/repos/asf/directory/shared/trunk/
> ldap/client/api/src/main/java/org/apache/directory/ldap/
> client/api/LdapConnection.java
>
>
>
> On 31/12/13 13:19, Kiran Ayyagari wrote:
>
>> use SaslDigestMd5Request class
>>
>> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>>
>> [1]
>> http://svn.apache.org/repos/asf/directory/apacheds/trunk/
>> server-integ/src/test/java/org/apache/directory/server/
>> operations/bind/SaslBindIT.java
>>
>>
>> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<andrew@ahastie.net>
>>  wrote:
>>
>>  Hi,
>>>
>>> I'm experimenting with the API in an attempt to authenticate a
>>> User+Password combination against an instance of MS ActiveDirectory. I
>>> have
>>> both LDPA and LDAPS working fine, but when I try and use
>>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>>
>>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>>> Message ID : 1
>>>      BindResponse
>>>          Ldap Result
>>>              Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>>
>>> Does anyone have an example of the correct usage of the API when using
>>> DIGEST-MD5? I assume this should work at the current release of the API
>>> as
>>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the
>>> Apache
>>> Directory Studio, along with the Bind User or DN, password and SASL
>>> Realm.
>>> Which leads me to question how should I specify the "SASL Realm" via the
>>> API?
>>>
>>> Any thoughts or suggestions gratefully received.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>>
>>
>>


-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message