directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <ste...@labeo.de>
Subject Re: ApacheDs - DIGEST-MD5
Date Wed, 18 Feb 2009 12:35:31 GMT
Which command line arguments do you use?
admin admin? Or another user?

If this works:

env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "admin");

it should work for other users as well. No? Have you tried it out with 
another user (for instance hard coded in the first place).


Nowhere wrote:
> Hi, I found it works fine so:
> 
>   Hashtable env = new Hashtable();
>         env.put(Context.INITIAL_CONTEXT_FACTORY,
> "com.sun.jndi.ldap.LdapCtxFactory");
>         env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/");
>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>         env.put(Context.SECURITY_PRINCIPAL, "admin");
>         env.put(Context.SECURITY_CREDENTIALS, "admin");
> 	 // Specify realm 
>          env.put( "java.naming.security.sasl.realm", "example.com" ); 
> 
>          // Request privacy protection 
>          env.put( "javax.security.sasl.qop", "auth-conf" ); 
> 
> but I would like to perform a search and authenticate with the user found as
> the following code shows:
> 
>  ctx = new InitialDirContext(env);
>           
>             // Step 2: Search the directory
>             String base = "dc=example,dc=com";
>             String filter = "(&(objectClass=inetOrgPerson)(uid={0}))";          

>             SearchControls ctls = new SearchControls();
>             ctls.setSearchScope(SearchControls.SUBTREE_SCOPE);
>             ctls.setReturningAttributes(new String[0]);
>             ctls.setReturningObjFlag(true);
>             NamingEnumeration enm = ctx.search(base, filter, new String[] {
> uid }, ctls);
>             
>             String dn = null;
>             if (enm.hasMore()) {
>                 SearchResult result = (SearchResult) enm.next();
>                 dn = result.getNameInNamespace();
>                 
>                 System.out.println("dn: "+dn);
>             }
>             
>             if (dn == null || enm.hasMore()) {
>                 // uid not found or not unique
>                 throw new NamingException("Authentication failed");
>             }
>             
>             // Step 3: Bind with found DN and given password
>             ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
>             ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
>             // Perform a lookup in order to force a bind operation with JNDI
>             ctx.lookup(dn);
>             System.out.println("Authentication successful");
> 
> It uses dn found, that isn't only cn. Can't I change this server beahoviur
> and execute bind with full dn?
> For more clarity I upload the entire java class.
> Thanks in advance!
> 
> 
> Nowhere wrote:
>> Hi, here I'm again...was I mistake of mine, It doesn't work with
>> DIGEST-MD5 (I left "simple" in my previous test) :(
>> I repeat the not working configuration:
>>
>> env.put(Context.INITIAL_CONTEXT_FACTORY,
>> "com.sun.jndi.ldap.LdapCtxFactory");
>>         env.put(Context.PROVIDER_URL, "ldap://ldap.example.com:10389/");
>>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>         env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=example,dc=com");
>>         env.put(Context.SECURITY_CREDENTIALS, "admin");
>> 	 // Specify realm 
>>          env.put( "java.naming.security.sasl.realm", "example.com" ); 
>>
>>          // Request privacy protection 
>>          env.put( "javax.security.sasl.qop", "auth-conf" ); 
>> ...
>>
>> and I upload my server.xml, if it can help.
>>
>> Any suggestion? 
>>
>>
>> Nowhere wrote:
>>> Hi all,
>>> I don't know if this is the right place, but I have a problem connecting
>>> my ApacheDS using DIGEST-MD5:
>>>
>>> i wrote a simple java class that works fine with simple authentication.
>>> Here it's:
>>> public static void main(String[] args) throws NamingException {
>>>
>>>         if (args.length < 2) {
>>>             System.err.println("Usage: java AdvancedBindDemo <uid>
>>> <password>");
>>>             System.exit(1);
>>>         }
>>>
>>>         Hashtable env = new Hashtable();
>>>         env.put(Context.INITIAL_CONTEXT_FACTORY,
>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>>         env.put(Context.PROVIDER_URL, "ldap://localhost:10389/");
>>>         env.put(Context.SECURITY_AUTHENTICATION, "simple");
>>>         env.put(Context.SECURITY_PRINCIPAL,
>>> "cn=admin,dc=example,dc=com");
>>>         env.put(Context.SECURITY_CREDENTIALS, "admin");
>>>
>>> ...
>>>
>>> But if a replace "env.put(Context.SECURITY_AUTHENTICATION, "simple")"
>>> with env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5") and sends pwd
>>> in clear or encrypted it sends me the following error:
>>>
>>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>>> password
>>> for cn=admin,dc=example,dc=com in realm : example.com]
>>>
>>>  I've tried (by Apache Studio ) to set password for
>>> "cn=admin,dc=example,dc=com" both in clear text then using MD5..
>>> What's wrong? Something in my server.xml? If you need it, let me knom!
>>> I hope someone can help me, i'm a newbie in LDAP authentication!
>>> Thanks in advance!
>>>
>>  http://www.nabble.com/file/p22076693/server.xml server.xml 
>>
> http://www.nabble.com/file/p22077027/AdvancedBindDemo.java
> AdvancedBindDemo.java 



Mime
View raw message