directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nowhere <spina.r...@gmail.com>
Subject Re: ApacheDs - DIGEST-MD5
Date Wed, 18 Feb 2009 13:34:58 GMT

Hi Stefan,
thanks for you interesting...
I can't say what is my command line...I don't understand what you mean,
sorry :(
Perhaps you mean java command line? I use: java AdvancedBindDemo fullname
inClearText where fullname exists on my server. If I change my code from:

---> // Step 3: Bind with found DN and given password
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
            // Perform a lookup in order to force a bind operation with JNDI
            ctx.lookup(dn); <------

TO:

---> // Step 3: Bind with found DN and given password
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, "fullname");
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
            // Perform a lookup in order to force a bind operation with JNDI
            ctx.lookup(dn); <---

Where I force cn I wish to use (and replace full dn) it works fine. With dn
I get the exception I said in previous post.

Anyway I can tell you it works for several users, yes... my problem is
getting it working with full dn and not only uid or cn...Sorry if I can't
explain it in a better way.
Thanks...any else question or help will be appreciated,
greetings :-)



Stefan Zoerner-2 wrote:
> 
> Which command line arguments do you use?
> admin admin? Or another user?
> 
> If this works:
> 
> env.put(Context.SECURITY_PRINCIPAL, "admin");
> env.put(Context.SECURITY_CREDENTIALS, "admin");
> 
> it should work for other users as well. No? Have you tried it out with 
> another user (for instance hard coded in the first place).
> 
> 
> Nowhere wrote:
>> Hi, I found it works fine so:
>> 
>>   Hashtable env = new Hashtable();
>>         env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>>         env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/");
>>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>         env.put(Context.SECURITY_PRINCIPAL, "admin");
>>         env.put(Context.SECURITY_CREDENTIALS, "admin");
>> 	 // Specify realm 
>>          env.put( "java.naming.security.sasl.realm", "example.com" ); 
>> 
>>          // Request privacy protection 
>>          env.put( "javax.security.sasl.qop", "auth-conf" ); 
>> 
>> but I would like to perform a search and authenticate with the user found
>> as
>> the following code shows:
>> 
>>  ctx = new InitialDirContext(env);
>>           
>>             // Step 2: Search the directory
>>             String base = "dc=example,dc=com";
>>             String filter = "(&(objectClass=inetOrgPerson)(uid={0}))";      
    
>>             SearchControls ctls = new SearchControls();
>>             ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
>>             ctls.setReturningAttributes(new String[0]);
>>             ctls.setReturningObjFlag(true);
>>             NamingEnumeration enm = ctx.search(base, filter, new String[]
>> {
>> uid }, ctls);
>>             
>>             String dn = null;
>>             if (enm.hasMore()) {
>>                 SearchResult result = (SearchResult) enm.next();
>>                 dn = result.getNameInNamespace();
>>                 
>>                 System.out.println("dn: "+dn);
>>             }
>>             
>>             if (dn == null || enm.hasMore()) {
>>                 // uid not found or not unique
>>                 throw new NamingException("Authentication failed");
>>             }
>>             
>>             // Step 3: Bind with found DN and given password
>>             ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
>>             ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
>>             // Perform a lookup in order to force a bind operation with
>> JNDI
>>             ctx.lookup(dn);
>>             System.out.println("Authentication successful");
>> 
>> It uses dn found, that isn't only cn. Can't I change this server
>> beahoviur
>> and execute bind with full dn?
>> For more clarity I upload the entire java class.
>> Thanks in advance!
>> 
>> 
>> Nowhere wrote:
>>> Hi, here I'm again...was I mistake of mine, It doesn't work with
>>> DIGEST-MD5 (I left "simple" in my previous test) :(
>>> I repeat the not working configuration:
>>>
>>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>>         env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/");
>>>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>>         env.put(Context.SECURITY_PRINCIPAL,
>>> "cn=admin,dc=example,dc=com");
>>>         env.put(Context.SECURITY_CREDENTIALS, "admin");
>>> 	 // Specify realm 
>>>          env.put( "java.naming.security.sasl.realm", "example.com" ); 
>>>
>>>          // Request privacy protection 
>>>          env.put( "javax.security.sasl.qop", "auth-conf" ); 
>>> ...
>>>
>>> and I upload my server.xml, if it can help.
>>>
>>> Any suggestion? 
>>>
>>>
>>> Nowhere wrote:
>>>> Hi all,
>>>> I don't know if this is the right place, but I have a problem
>>>> connecting
>>>> my ApacheDS using DIGEST-MD5:
>>>>
>>>> i wrote a simple java class that works fine with simple authentication.
>>>> Here it's:
>>>> public static void main(String[] args) throws NamingException {
>>>>
>>>>         if (args.length < 2) {
>>>>             System.err.println("Usage: java AdvancedBindDemo <uid>
>>>> <password>");
>>>>             System.exit(1);
>>>>         }
>>>>
>>>>         Hashtable env = new Hashtable();
>>>>         env.put(Context.INITIAL_CONTEXT_FACTORY,
>>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>>>         env.put(Context.PROVIDER_URL, "ldap://localhost:10389/");
>>>>         env.put(Context.SECURITY_AUTHENTICATION, "simple");
>>>>         env.put(Context.SECURITY_PRINCIPAL,
>>>> "cn=admin,dc=example,dc=com");
>>>>         env.put(Context.SECURITY_CREDENTIALS, "admin");
>>>>
>>>> ...
>>>>
>>>> But if a replace "env.put(Context.SECURITY_AUTHENTICATION, "simple")"
>>>> with env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5") and sends
>>>> pwd
>>>> in clear or encrypted it sends me the following error:
>>>>
>>>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>>>> password
>>>> for cn=admin,dc=example,dc=com in realm : example.com]
>>>>
>>>>  I've tried (by Apache Studio ) to set password for
>>>> "cn=admin,dc=example,dc=com" both in clear text then using MD5..
>>>> What's wrong? Something in my server.xml? If you need it, let me knom!
>>>> I hope someone can help me, i'm a newbie in LDAP authentication!
>>>> Thanks in advance!
>>>>
>>>  http://www.nabble.com/file/p22076693/server.xml server.xml 
>>>
>> http://www.nabble.com/file/p22077027/AdvancedBindDemo.java
>> AdvancedBindDemo.java 
> 
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/ApacheDs---DIGEST-MD5-tp22076098p22078860.html
Sent from the Apache Directory Project mailing list archive at Nabble.com.


Mime
View raw message