directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nowhere <spina.r...@gmail.com>
Subject Re: ApacheDs - DIGEST-MD5
Date Wed, 18 Feb 2009 11:51:20 GMT

Hi, I found it works fine so:

  Hashtable env = new Hashtable();
        env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/");
        env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
        env.put(Context.SECURITY_PRINCIPAL, "admin");
        env.put(Context.SECURITY_CREDENTIALS, "admin");
	 // Specify realm 
         env.put( "java.naming.security.sasl.realm", "example.com" ); 

         // Request privacy protection 
         env.put( "javax.security.sasl.qop", "auth-conf" ); 

but I would like to perform a search and authenticate with the user found as
the following code shows:

 ctx = new InitialDirContext(env);
          
            // Step 2: Search the directory
            String base = "dc=example,dc=com";
            String filter = "(&(objectClass=inetOrgPerson)(uid={0}))";           
            SearchControls ctls = new SearchControls();
            ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
            ctls.setReturningAttributes(new String[0]);
            ctls.setReturningObjFlag(true);
            NamingEnumeration enm = ctx.search(base, filter, new String[] {
uid }, ctls);
            
            String dn = null;
            if (enm.hasMore()) {
                SearchResult result = (SearchResult) enm.next();
                dn = result.getNameInNamespace();
                
                System.out.println("dn: "+dn);
            }
            
            if (dn == null || enm.hasMore()) {
                // uid not found or not unique
                throw new NamingException("Authentication failed");
            }
            
            // Step 3: Bind with found DN and given password
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
            // Perform a lookup in order to force a bind operation with JNDI
            ctx.lookup(dn);
            System.out.println("Authentication successful");

It uses dn found, that isn't only cn. Can't I change this server beahoviur
and execute bind with full dn?
For more clarity I upload the entire java class.
Thanks in advance!


Nowhere wrote:
> 
> Hi, here I'm again...was I mistake of mine, It doesn't work with
> DIGEST-MD5 (I left "simple" in my previous test) :(
> I repeat the not working configuration:
> 
> env.put(Context.INITIAL_CONTEXT_FACTORY,
> "com.sun.jndi.ldap.LdapCtxFactory");
>         env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/");
>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>         env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=example,dc=com");
>         env.put(Context.SECURITY_CREDENTIALS, "admin");
> 	 // Specify realm 
>          env.put( "java.naming.security.sasl.realm", "example.com" ); 
> 
>          // Request privacy protection 
>          env.put( "javax.security.sasl.qop", "auth-conf" ); 
> ...
> 
> and I upload my server.xml, if it can help.
> 
> Any suggestion? 
> 
> 
> Nowhere wrote:
>> 
>> Hi all,
>> I don't know if this is the right place, but I have a problem connecting
>> my ApacheDS using DIGEST-MD5:
>> 
>> i wrote a simple java class that works fine with simple authentication.
>> Here it's:
>> public static void main(String[] args) throws NamingException {
>> 
>>         if (args.length < 2) {
>>             System.err.println("Usage: java AdvancedBindDemo <uid>
>> <password>");
>>             System.exit(1);
>>         }
>> 
>>         Hashtable env = new Hashtable();
>>         env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>>         env.put(Context.PROVIDER_URL, "ldap://localhost:10389/");
>>         env.put(Context.SECURITY_AUTHENTICATION, "simple");
>>         env.put(Context.SECURITY_PRINCIPAL,
>> "cn=admin,dc=example,dc=com");
>>         env.put(Context.SECURITY_CREDENTIALS, "admin");
>> 
>> ...
>> 
>> But if a replace "env.put(Context.SECURITY_AUTHENTICATION, "simple")"
>> with env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5") and sends pwd
>> in clear or encrypted it sends me the following error:
>> 
>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>> password
>> for cn=admin,dc=example,dc=com in realm : example.com]
>> 
>>  I've tried (by Apache Studio ) to set password for
>> "cn=admin,dc=example,dc=com" both in clear text then using MD5..
>> What's wrong? Something in my server.xml? If you need it, let me knom!
>> I hope someone can help me, i'm a newbie in LDAP authentication!
>> Thanks in advance!
>> 
>  http://www.nabble.com/file/p22076693/server.xml server.xml 
> 
http://www.nabble.com/file/p22077027/AdvancedBindDemo.java
AdvancedBindDemo.java 
-- 
View this message in context: http://www.nabble.com/ApacheDs---DIGEST-MD5-tp22076098p22077027.html
Sent from the Apache Directory Project mailing list archive at Nabble.com.


Mime
View raw message