directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cristiano Gavião <cvgav...@gmail.com>
Subject Re: [ApacheDS] DIGEST-MD5: cannot acquire password
Date Mon, 28 Feb 2011 15:34:22 GMT
Hi Pierre,

I will try again with your suggestions and let you know when I've done.

thank you

Cristiano

On 25/02/11 11:44, Pierre-Arnaud Marcelot wrote:
> Hi Cristiano,
>
> Sorry for the late answer.
>
> I installed a testing instance of ApacheDS 1.5.7 with the files you sent.
> I was indeed able to test the issue but it is main a configuration issue.
> Some properties in your server.xml were not correctly set.
>
> The 'searchBaseDn' in the 'ldapServer' bean needs to be updated to the dn where your
users are stored.
> Most likely "ou=users,o=mycompany" in your case.
>
> In your Java sample file, you had also forgot to mention the SASL realm with the following
property added to the environment:
> env.put("java.naming.security.sasl.realm", "mycompany.com");
>
> Also make sure to use the id of the user you want to bind and not it's complete in the
case of DIGEST-MD5 bind.
>
> With all these correct settings you should be able to bind successfully with one of your
users.
>
> Regards,
> Pierre-Arnaud
> On jeudi 24 février 2011 at 19:49, Cristiano Gavião wrote:
>> Hi Pierre, have you reproduced the described problem?
>>
>> cheers
>>
>> Cristiano
>>
>> On 15/02/11 17:55, Cristiano Gavião wrote:
>>> Hi Pierre...
>>>
>>> I am sending the zip with 3 files: a server.xml, an ldif data and a
>>> java class to test.
>>>
>>> As I said, I've created a fake host on my Hosts file point to
>>> localhost. Let me know if you need more info.
>>>
>>> thanks again
>>>
>>> Cristiano
>>>
>>> On 15/02/11 16:30, Pierre-Arnaud Marcelot wrote:
>>>> Le 15 févr. 2011 à 19:56, Cristiano Gavião<cvgaviao@gmail.com> 
a
>>>> écrit :
>>>>
>>>>> Hi Pierre. Thanks for answer, but I think I didn't understand what
>>>>> do you mean about should be stored as plaintext...
>>>>>
>>>>> Are you saying that when I'm using Studio to create the userPassword
>>>>> attribute for some user, should I select plaintext in the "Select
>>>>> Hash Method" combobox?
>>>> Yeah, that's what I meant.
>>>>
>>>>> If it is, I've removed the created passwords again and recreated all
>>>>> using plainText but nothing change at all.
>>>>>
>>>>> public static void main(String[] args) throws NamingException {
>>>>>
>>>>>   Hashtable env = new Hashtable();
>>>>>   env.put(Context.INITIAL_CONTEXT_FACTORY,
>>>>> "com.sun.jndi.ldap.LdapCtxFactory");
>>>>>   env.put(Context.PROVIDER_URL,
>>>>> "ldap://ldap.mycompany.com:20389");
>>>>>   env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
>>>>>   env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" );
>>>>>   env.put(Context.SECURITY_PRINCIPAL,
>>>>> "uid=cvgaviao,ou=users,o=mycompany");
>>>>>   env.put("com.sun.jndi.ldap.trace.ber", System.err);
>>>>> // env.put(Context.SECURITY_PRINCIPAL,
>>>>> "uid=cvgaviao,ou=users,o=mycompany");
>>>>> // env.put(Context.SECURITY_CREDENTIALS, "c123qweg");
>>>>>   env.put( "javax.security.sasl.qop", "auth-conf" );
>>>>>
>>>>>
>>>>>   try {
>>>>>   Context ctx = new InitialContext(env);
>>>>>   NamingEnumeration<?>  enm = ctx.list("");
>>>>>   while (enm.hasMore()) {
>>>>>   System.out.println(enm.next());
>>>>>   }
>>>>>   ctx.close();
>>>>>   } catch (NamingException e) {
>>>>>   System.out.println(e.getMessage());
>>>>>   }
>>>>>   }
>>>>>
>>>>> I'm still getting:
>>>>> [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot
>>>>> acquire password for uid=cvgaviao,ou=users,o=mob4biz in realm :
>>>>> MYCOMPANY.COM]
>>>>>
>>>>> :-(
>>>> Can you also send us the complete server.xml and an LDIF extract of
>>>> required entries for testing the issue?
>>>>
>>>> Thanks,
>>>> Pierre-Arnaud
>>>>
>>>>> cheers
>>>>>
>>>>> Cristiano
>>>>>
>>>>> On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote:
>>>>>> Hi Cristiano,
>>>>>>
>>>>>> AFAIR, ApacheDS requires passwords to be stored as plaintext to be
>>>>>> able to use DIGEST-MD5 or CRAM-MD5 authentication mechanisms.
>>>>>>
>>>>>> Regards,
>>>>>> Pierre-Arnaud
>>>>>> On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6.
>>>>>>> I've created my first server (on localhost and I've put dns on
>>>>>>> etc/hosts)
>>>>>>> containing two partitions: system and mycompany. I've created
>>>>>>> o=mycompany
>>>>>>> context with two units: ou=users and ou=groups.
>>>>>>>
>>>>>>> It's was nice and easy to create and connect to and search my
new
>>>>>>> ldap
>>>>>>> tree... :-)
>>>>>>>
>>>>>>> But this first time I was using simple mechanism and I want
>>>>>>> something a
>>>>>>> little more secure. So, I've decide to setup DIGEST-MD5 mechanism
>>>>>>> and I've
>>>>>>> changed server.xml with this:
>>>>>>> Host: ldap.mycompany.com
>>>>>>> Principal: ldap/ldap.mycompany.com@MYCOMPANY.COM
>>>>>>> BaseDN: ou=users,o=mycompany
>>>>>>>
>>>>>>> I've remove the users that I've create before and created new
ones
>>>>>>> and setup
>>>>>>> userPassword to a MD5 new one.
>>>>>>>
>>>>>>> Well, no so easy this time... doesn't work using both java Ldap
>>>>>>> api or
>>>>>>> studio connection. I'm getting the same error:
>>>>>>>
>>>>>>>   LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot
>>>>>>> acquire
>>>>>>> password for johnUser in realm : MYCOMPANY.COM
>>>>>>>
>>>>>>> and I can't find anything about the problem on net.
>>>>>>>
>>>>>>> I don't know more what to do. Could anyone help me with this
please?
>>>>>>>
>>>>>>> thanks a lot
>>>>>>>
>>>>>>> Cristiano


Mime
View raw message