Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 36536 invoked from network); 17 Nov 2010 20:08:26 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 17 Nov 2010 20:08:26 -0000 Received: (qmail 80901 invoked by uid 500); 17 Nov 2010 20:08:57 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 80843 invoked by uid 500); 17 Nov 2010 20:08:57 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Delivered-To: moderator for users@directory.apache.org Received: (qmail 75189 invoked by uid 99); 17 Nov 2010 20:04:05 -0000 X-ASF-Spam-Status: No, hits=-2.3 required=10.0 tests=RCVD_IN_DNSWL_MED,RFC_ABUSE_POST,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of Steven.Hammond@polycom.com designates 140.242.64.158 as permitted sender) From: "Hammond, Steven" To: "users@directory.apache.org" Date: Wed, 17 Nov 2010 12:03:35 -0800 Subject: RE: Passthrough authentication with Apache Directory Server Thread-Topic: Passthrough authentication with Apache Directory Server Thread-Index: AcuCbCjKQ7LIF/pnSsKny5MFmzEqggEIor4w Message-ID: References: <4CDC6A14.8040404@gmx.de> <4CDC6D54.2000200@gmx.de> <4CDC6FDC.7050805@gmx.de> <4CDD3E67.7030600@gmx.de> In-Reply-To: <4CDD3E67.7030600@gmx.de> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-cr-hashedpuzzle: AR6Z Ae1Y CDiR CSn+ EG2L Ewed FZbc FczA IZb3 Iz01 JLIt JjPm J83d KJFq KKh9 LA7z;1;dQBzAGUAcgBzAEAAZABpAHIAZQBjAHQAbwByAHkALgBhAHAAYQBjAGgAZQAuAG8AcgBnAA==;Sosha1_v1;7;{CA9FDA6E-AB9C-477F-8832-D6E9D0ACB049};cwB0AGUAdgBlAG4ALgBoAGEAbQBtAG8AbgBkAEAAcABvAGwAeQBjAG8AbQAuAGMAbwBtAA==;Wed, 17 Nov 2010 20:03:35 GMT;UgBFADoAIABQAGEAcwBzAHQAaAByAG8AdQBnAGgAIABhAHUAdABoAGUAbgB0AGkAYwBhAHQAaQBvAG4AIAB3AGkAdABoACAAQQBwAGEAYwBoAGUAIABEAGkAcgBlAGMAdABvAHIAeQAgAFMAZQByAHYAZQByAA== x-cr-puzzleid: {CA9FDA6E-AB9C-477F-8832-D6E9D0ACB049} acceptlanguage: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 I cannot contribute the code, but I can describe the basic use When initializing the ApacheDS server, which we did in code, not in a confi= g file: NtlmMechanismHandler ntlmMechanismHandler =3D new NtlmMechanismHandle= r(); ntlmMechanismHandler.setNtlmProvider(new JcifsNtlmProvider()); ldapServer.removeSaslMechanismHandler(SupportedSaslMechanisms.NTLM); ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.NTLM, ntlm= MechanismHandler); ldapServer.removeSaslMechanismHandler(SupportedSaslMechanisms.GSS_SPN= EGO); ldapServer.addSaslMechanismHandler(SupportedSaslMechanisms.GSS_SPNEGO= , ntlmMechanismHandler); Then in generateChallenge we created a Type2Message message from the type1 = bytes using JCIFS Getting the serverNonce from code like http://www.jarvana.com/jarvana/view/= com/liferay/portal/portal-impl/6.0.3/portal-impl-6.0.3-sources.jar!/com/lif= eray/portal/security/ntlm/NetlogonConnection.java?format=3Dok=20 Then authenticate uses code similar the logon function in http://www.jarvan= a.com/jarvana/view/com/liferay/portal/portal-impl/6.0.2/portal-impl-6.0.2-s= ources.jar!/com/liferay/portal/security/ntlm/Netlogon.java?format=3Dok=20 -----Original Message----- From: Antoine Levy-Lambert [mailto:antoine@gmx.de]=20 Sent: Friday, November 12, 2010 6:17 AM To: users@directory.apache.org Subject: Re: Passthrough authentication with Apache Directory Server Hi, I would also be interested to see (and reuse) this code. Regards, Antoine On 11/12/2010 4:44 AM, Kiran Ayyagari wrote: > hi Steven, > > On Fri, Nov 12, 2010 at 10:24 AM, Hammond, Steven > wrote: >> It is kindof implemented. We are using it with 1.5.3, but we had to wri= te our own JcifsNtlmInterceptor > Is there any chance that you (with your organization) would consider > to contribute this code to ApacheDS? > > Kiran Ayyagari