directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cristiano Gavião <cvgav...@gmail.com>
Subject Re: [ApacheDS] DIGEST-MD5: cannot acquire password
Date Tue, 15 Feb 2011 18:55:23 GMT
Hi Pierre. Thanks for answer, but I think I didn't understand what do 
you mean about should be stored as plaintext...

Are you saying that when I'm using Studio to create the userPassword 
attribute for some user, should I select plaintext in the "Select Hash 
Method" combobox?

If it is, I've removed the created passwords again and recreated all 
using plainText but nothing change at all.

public static void main(String[] args) throws NamingException {

         Hashtable env = new Hashtable();
         env.put(Context.INITIAL_CONTEXT_FACTORY, 
"com.sun.jndi.ldap.LdapCtxFactory");
         env.put(Context.PROVIDER_URL, "ldap://ldap.mycompany.com:20389");
         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
         env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
         env.put(Context.SECURITY_PRINCIPAL, 
"uid=cvgaviao,ou=users,o=mycompany");
         env.put("com.sun.jndi.ldap.trace.ber", System.err);
//        env.put(Context.SECURITY_PRINCIPAL, 
"uid=cvgaviao,ou=users,o=mycompany");
  //       env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
         env.put( "javax.security.sasl.qop", "auth-conf" );


         try {
             Context ctx = new InitialContext(env);
             NamingEnumeration<?> enm = ctx.list("");
             while (enm.hasMore()) {
                 System.out.println(enm.next());
             }
             ctx.close();
         } catch (NamingException e) {
             System.out.println(e.getMessage());
         }
     }

I'm still getting:
[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire 
password for uid=cvgaviao,ou=users,o=mob4biz in realm : MYCOMPANY.COM]

:-(

cheers

Cristiano

On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
> Hi Cristiano,
>
> AFAIR, ApacheDS requires passwords to be stored as plaintext to be able to use DIGEST-MD5
or CRAM-MD5 authentication mechanisms.
>
> Regards,
> Pierre-Arnaud
> On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
>> Hi,
>>
>> I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
>> I've created my first server (on localhost and I've put dns on etc/hosts)
>> containing two partitions: system and mycompany. I've created o=mycompany
>> context with two units: ou=users and ou=groups.
>>
>> It's was nice and easy to create and connect to and search my new ldap
>> tree... :-)
>>
>> But this first time I was using simple mechanism and I want something a
>> little more secure. So, I've decide to setup DIGEST-MD5 mechanism and I've
>> changed server.xml with this:
>> Host: ldap.mycompany.com
>> Principal: ldap/ldap.mycompany.com@MYCOMPANY.COM
>> BaseDN: ou=users,o=mycompany
>>
>> I've remove the users that I've create before and created new ones and setup
>> userPassword to a MD5 new one.
>>
>> Well, no so easy this time... doesn't work using both java Ldap api or
>> studio connection. I'm getting the same error:
>>
>>   LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>> password for johnUser in realm : MYCOMPANY.COM
>>
>> and I can't find anything about the problem on net.
>>
>> I don't know more what to do. Could anyone help me with this please?
>>
>> thanks a lot
>>
>> Cristiano
>>


Mime
View raw message