that works. Thansks.

How can I start the KDCServer programatically? I start ldap server as follows,

 public CarbonLdapServer(String workingDirectory) throws DirectoryServerException {

        this.ldapServer = new LdapServer();
       

        // set server initial properties
        this.ldapServer.setAllowAnonymousAccess(false);
        this.ldapServer.setSearchBaseDn("ou=system");
        this.ldapServer.setMaxTimeLimit(15000);
        this.ldapServer.setMaxSizeLimit(1000);


        // adding the tcp transport
        TcpTransport tcpTransport = new TcpTransport();
        tcpTransport.setAddress("localhost");
        tcpTransport.setEnableSSL(false);
        tcpTransport.setPort(10389);
        tcpTransport.setBackLog(50);
        tcpTransport.setNbThreads(8);

        this.ldapServer.setTransports(tcpTransport);


        // add the directory service
        DefaultCarbonService defaultCarbonService = new DefaultCarbonService();
        this.ldapServer.setDirectoryService(defaultCarbonService.getDefaultDirectoryService(workingDirectory));

        // adding the sasl mechanisum handlers
        HashMap mechanisumHandlers = new HashMap();
        mechanisumHandlers.put("SIMPLE", new SimpleMechanismHandler());
        this.ldapServer.setSaslMechanismHandlers(mechanisumHandlers);


    }

    public void start() throws DirectoryServerException {
        try {
            ldapServer.start();
        } catch (Exception e) {
            throw new DirectoryServerException("Can not start the server ", e);
        }
    }


is there a similar way to start the KDC as well?

thanks,
Amila.

On Sat, Feb 6, 2010 at 8:58 AM, Amila Suriarachchi <amilasuriarachchi@gmail.com> wrote:


On Wed, Feb 3, 2010 at 2:14 AM, Stefan Seelmann <seelmann@apache.org> wrote:
Amila Suriarachchi wrote:
I tried to do the authentication with the following values. (after following the given tutorial )

Bind DN or user : hnelson@EXAMPLE.COM <mailto:hnelson@EXAMPLE.COM>

Bind Password : secret

At kerborose settings

set : Obtain TGT from KDC
set : Use Native System Configuration

That's ok.


Then tried to Authenticate and got the following exception at client side

The authentication failed
 - Request: 1 cancelled
 javax.naming.CommunicationException: Request: 1 cancelled
snip

And following at server side.

[18:41:16] WARN [org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler] - Additional pre-authentication required (25)
[18:41:16] WARN [org.apache.directory.server.kerberos.shared.store.operations.StoreUtils] - No server entry found for kerberos principal name ldap/localhost@EXAMPLE.COM

Sorry, there was a small bug in the server.xml. Please set the searchBaseDn of ldapServer:

 <ldapServer ...
           saslHost="localhost"
           saslPrincipal="ldap/localhost@EXAMPLE.COM"
           searchBaseDn="ou=users,dc=example,dc=com"
           ...>

thanks for info.
I'll have a look with this change.

thanks,
Amila.


Kind Regards,
Stefan






--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/



--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/