directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pierre-Arnaud Marcelot <paj...@gmail.com>
Subject Re: [ApacheDS] DIGEST-MD5: cannot acquire password
Date Tue, 15 Feb 2011 19:30:27 GMT
Le 15 févr. 2011 à 19:56, Cristiano Gavião <cvgaviao@gmail.com> a écrit :

> Hi Pierre. Thanks for answer, but I think I didn't understand what do you mean about
should be stored as plaintext...
>
> Are you saying that when I'm using Studio to create the userPassword attribute for some
user, should I select plaintext in the "Select Hash Method" combobox?

Yeah, that's what I meant.

> If it is, I've removed the created passwords again and recreated all using plainText
but nothing change at all.
>
> public static void main(String[] args) throws NamingException {
>
>        Hashtable env = new Hashtable();
>        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
>        env.put(Context.PROVIDER_URL, "ldap://ldap.mycompany.com:20389");
>        env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>        env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
>        env.put(Context.SECURITY_PRINCIPAL, "uid=cvgaviao,ou=users,o=mycompany");
>        env.put("com.sun.jndi.ldap.trace.ber", System.err);
> //        env.put(Context.SECURITY_PRINCIPAL, "uid=cvgaviao,ou=users,o=mycompany");
> //       env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
>        env.put( "javax.security.sasl.qop", "auth-conf" );
>
>
>        try {
>            Context ctx = new InitialContext(env);
>            NamingEnumeration<?> enm = ctx.list("");
>            while (enm.hasMore()) {
>                System.out.println(enm.next());
>            }
>            ctx.close();
>        } catch (NamingException e) {
>            System.out.println(e.getMessage());
>        }
>    }
>
> I'm still getting:
> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for uid=cvgaviao,ou=users,o=mob4biz
in realm : MYCOMPANY.COM]
>
> :-(

Can you also send us the complete server.xml and an LDIF extract of
required entries for testing the issue?

Thanks,
Pierre-Arnaud

> cheers
>
> Cristiano
>
> On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
>> Hi Cristiano,
>>
>> AFAIR, ApacheDS requires passwords to be stored as plaintext to be able to use DIGEST-MD5
or CRAM-MD5 authentication mechanisms.
>>
>> Regards,
>> Pierre-Arnaud
>> On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
>>> Hi,
>>>
>>> I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
>>> I've created my first server (on localhost and I've put dns on etc/hosts)
>>> containing two partitions: system and mycompany. I've created o=mycompany
>>> context with two units: ou=users and ou=groups.
>>>
>>> It's was nice and easy to create and connect to and search my new ldap
>>> tree... :-)
>>>
>>> But this first time I was using simple mechanism and I want something a
>>> little more secure. So, I've decide to setup DIGEST-MD5 mechanism and I've
>>> changed server.xml with this:
>>> Host: ldap.mycompany.com
>>> Principal: ldap/ldap.mycompany.com@MYCOMPANY.COM
>>> BaseDN: ou=users,o=mycompany
>>>
>>> I've remove the users that I've create before and created new ones and setup
>>> userPassword to a MD5 new one.
>>>
>>> Well, no so easy this time... doesn't work using both java Ldap api or
>>> studio connection. I'm getting the same error:
>>>
>>>  LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>>> password for johnUser in realm : MYCOMPANY.COM
>>>
>>> and I can't find anything about the problem on net.
>>>
>>> I don't know more what to do. Could anyone help me with this please?
>>>
>>> thanks a lot
>>>
>>> Cristiano
>>>
>

Mime
View raw message