directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cristiano Gavião <cvgav...@gmail.com>
Subject Re: [ApacheDS] DIGEST-MD5: cannot acquire password
Date Thu, 24 Feb 2011 18:49:27 GMT
Hi Pierre, have you reproduced the described problem?

cheers

Cristiano

On 15/02/11 17:55, Cristiano Gavião wrote:
> Hi Pierre...
>
> I am sending the zip with 3 files: a server.xml, an ldif data and a 
> java class to test.
>
> As I said, I've created a fake host on my Hosts file point to 
> localhost. Let me know if you need more info.
>
> thanks again
>
> Cristiano
>
> On 15/02/11 16:30, Pierre-Arnaud Marcelot wrote:
>> Le 15 févr. 2011 à 19:56, Cristiano Gavião<cvgaviao@gmail.com>  a 
>> écrit :
>>
>>> Hi Pierre. Thanks for answer, but I think I didn't understand what 
>>> do you mean about should be stored as plaintext...
>>>
>>> Are you saying that when I'm using Studio to create the userPassword 
>>> attribute for some user, should I select plaintext in the "Select 
>>> Hash Method" combobox?
>> Yeah, that's what I meant.
>>
>>> If it is, I've removed the created passwords again and recreated all 
>>> using plainText but nothing change at all.
>>>
>>> public static void main(String[] args) throws NamingException {
>>>
>>>         Hashtable env = new Hashtable();
>>>         env.put(Context.INITIAL_CONTEXT_FACTORY, 
>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>>         env.put(Context.PROVIDER_URL, 
>>> "ldap://ldap.mycompany.com:20389");
>>>         env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>>         env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
>>>         env.put(Context.SECURITY_PRINCIPAL, 
>>> "uid=cvgaviao,ou=users,o=mycompany");
>>>         env.put("com.sun.jndi.ldap.trace.ber", System.err);
>>> //        env.put(Context.SECURITY_PRINCIPAL, 
>>> "uid=cvgaviao,ou=users,o=mycompany");
>>> //       env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
>>>         env.put( "javax.security.sasl.qop", "auth-conf" );
>>>
>>>
>>>         try {
>>>             Context ctx = new InitialContext(env);
>>>             NamingEnumeration<?>  enm = ctx.list("");
>>>             while (enm.hasMore()) {
>>>                 System.out.println(enm.next());
>>>             }
>>>             ctx.close();
>>>         } catch (NamingException e) {
>>>             System.out.println(e.getMessage());
>>>         }
>>>     }
>>>
>>> I'm still getting:
>>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot 
>>> acquire password for uid=cvgaviao,ou=users,o=mob4biz in realm : 
>>> MYCOMPANY.COM]
>>>
>>> :-(
>> Can you also send us the complete server.xml and an LDIF extract of
>> required entries for testing the issue?
>>
>> Thanks,
>> Pierre-Arnaud
>>
>>> cheers
>>>
>>> Cristiano
>>>
>>> On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
>>>> Hi Cristiano,
>>>>
>>>> AFAIR, ApacheDS requires passwords to be stored as plaintext to be 
>>>> able to use DIGEST-MD5 or CRAM-MD5 authentication mechanisms.
>>>>
>>>> Regards,
>>>> Pierre-Arnaud
>>>> On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
>>>>> Hi,
>>>>>
>>>>> I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
>>>>> I've created my first server (on localhost and I've put dns on 
>>>>> etc/hosts)
>>>>> containing two partitions: system and mycompany. I've created 
>>>>> o=mycompany
>>>>> context with two units: ou=users and ou=groups.
>>>>>
>>>>> It's was nice and easy to create and connect to and search my new 
>>>>> ldap
>>>>> tree... :-)
>>>>>
>>>>> But this first time I was using simple mechanism and I want 
>>>>> something a
>>>>> little more secure. So, I've decide to setup DIGEST-MD5 mechanism 
>>>>> and I've
>>>>> changed server.xml with this:
>>>>> Host: ldap.mycompany.com
>>>>> Principal: ldap/ldap.mycompany.com@MYCOMPANY.COM
>>>>> BaseDN: ou=users,o=mycompany
>>>>>
>>>>> I've remove the users that I've create before and created new ones 
>>>>> and setup
>>>>> userPassword to a MD5 new one.
>>>>>
>>>>> Well, no so easy this time... doesn't work using both java Ldap 
>>>>> api or
>>>>> studio connection. I'm getting the same error:
>>>>>
>>>>>   LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot 
>>>>> acquire
>>>>> password for johnUser in realm : MYCOMPANY.COM
>>>>>
>>>>> and I can't find anything about the problem on net.
>>>>>
>>>>> I don't know more what to do. Could anyone help me with this please?
>>>>>
>>>>> thanks a lot
>>>>>
>>>>> Cristiano
>>>>>
>


Mime
View raw message