directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Hastie <and...@ahastie.net>
Subject [LDAP API] SASL Ream name format when binding against Microsoft AD
Date Tue, 11 Mar 2014 11:08:33 GMT
Hi all.

I am looking for some advice on the following topic and hoping someone 
out there may have hit the same problem before:

I'm experimenting with the API in an attempt to authenticate a 
User+Password combination against an instance of MS Active Directory. My 
problem occurs when I use the SASL Mechanism "DIGEST-MD5", and relates 
to how I set the value for the SASL Realm. Here's an example of what I see:

1. I have a standard user account in the MS Active Directory.
2. Say the Windows "Realm" is COMPANY1 and my userID is "somebody"

If I set the UserID to "somebody" and the Realm to "COMPANY1", this 
works OK.
If I set the UserID to "somebody" and the Realm to "company1", this 
works OK.
But if set the UserID to "somebody" and the Realm to "Company1", the 
bind request is rejected.

I have read in several places that the Realm name when using 
GSSAPI/Kerberos should be supplied in upper case, so I guess there must 
be something connected with case sensitivity somewhere.

Is anyone able to shed any light as to where I am going wrong here?

Thanks
Andrew


Mime
View raw message