directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cristiano Gavião <cvgav...@gmail.com>
Subject Re: [ApacheDS] DIGEST-MD5: cannot acquire password
Date Tue, 15 Feb 2011 20:55:46 GMT
Hi Pierre...

I am sending the zip with 3 files: a server.xml, an ldif data and a java 
class to test.

As I said, I've created a fake host on my Hosts file point to localhost. 
Let me know if you need more info.

thanks again

Cristiano

On 15/02/11 16:30, Pierre-Arnaud Marcelot wrote:
> Le 15 févr. 2011 à 19:56, Cristiano Gavião<cvgaviao@gmail.com>  a écrit :
>
>> Hi Pierre. Thanks for answer, but I think I didn't understand what do you mean about
should be stored as plaintext...
>>
>> Are you saying that when I'm using Studio to create the userPassword attribute for
some user, should I select plaintext in the "Select Hash Method" combobox?
> Yeah, that's what I meant.
>
>> If it is, I've removed the created passwords again and recreated all using plainText
but nothing change at all.
>>
>> public static void main(String[] args) throws NamingException {
>>
>>         Hashtable env = new Hashtable();
>>         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
>>         env.put(Context.PROVIDER_URL, "ldap://ldap.mycompany.com:20389");
>>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>         env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
>>         env.put(Context.SECURITY_PRINCIPAL, "uid=cvgaviao,ou=users,o=mycompany");
>>         env.put("com.sun.jndi.ldap.trace.ber", System.err);
>> //        env.put(Context.SECURITY_PRINCIPAL, "uid=cvgaviao,ou=users,o=mycompany");
>> //       env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
>>         env.put( "javax.security.sasl.qop", "auth-conf" );
>>
>>
>>         try {
>>             Context ctx = new InitialContext(env);
>>             NamingEnumeration<?>  enm = ctx.list("");
>>             while (enm.hasMore()) {
>>                 System.out.println(enm.next());
>>             }
>>             ctx.close();
>>         } catch (NamingException e) {
>>             System.out.println(e.getMessage());
>>         }
>>     }
>>
>> I'm still getting:
>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for
uid=cvgaviao,ou=users,o=mob4biz in realm : MYCOMPANY.COM]
>>
>> :-(
> Can you also send us the complete server.xml and an LDIF extract of
> required entries for testing the issue?
>
> Thanks,
> Pierre-Arnaud
>
>> cheers
>>
>> Cristiano
>>
>> On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
>>> Hi Cristiano,
>>>
>>> AFAIR, ApacheDS requires passwords to be stored as plaintext to be able to use
DIGEST-MD5 or CRAM-MD5 authentication mechanisms.
>>>
>>> Regards,
>>> Pierre-Arnaud
>>> On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
>>>> Hi,
>>>>
>>>> I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
>>>> I've created my first server (on localhost and I've put dns on etc/hosts)
>>>> containing two partitions: system and mycompany. I've created o=mycompany
>>>> context with two units: ou=users and ou=groups.
>>>>
>>>> It's was nice and easy to create and connect to and search my new ldap
>>>> tree... :-)
>>>>
>>>> But this first time I was using simple mechanism and I want something a
>>>> little more secure. So, I've decide to setup DIGEST-MD5 mechanism and I've
>>>> changed server.xml with this:
>>>> Host: ldap.mycompany.com
>>>> Principal: ldap/ldap.mycompany.com@MYCOMPANY.COM
>>>> BaseDN: ou=users,o=mycompany
>>>>
>>>> I've remove the users that I've create before and created new ones and setup
>>>> userPassword to a MD5 new one.
>>>>
>>>> Well, no so easy this time... doesn't work using both java Ldap api or
>>>> studio connection. I'm getting the same error:
>>>>
>>>>   LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire
>>>> password for johnUser in realm : MYCOMPANY.COM
>>>>
>>>> and I can't find anything about the problem on net.
>>>>
>>>> I don't know more what to do. Could anyone help me with this please?
>>>>
>>>> thanks a lot
>>>>
>>>> Cristiano
>>>>


Mime
View raw message