From users-return-3725-apmail-directory-users-archive=directory.apache.org@directory.apache.org Tue Feb 15 18:56:05 2011 Return-Path: Delivered-To: apmail-directory-users-archive@www.apache.org Received: (qmail 34327 invoked from network); 15 Feb 2011 18:56:04 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 15 Feb 2011 18:56:04 -0000 Received: (qmail 58901 invoked by uid 500); 15 Feb 2011 18:56:02 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 57809 invoked by uid 500); 15 Feb 2011 18:55:58 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 57801 invoked by uid 99); 15 Feb 2011 18:55:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Feb 2011 18:55:57 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of cvgaviao@gmail.com designates 209.85.161.178 as permitted sender) Received: from [209.85.161.178] (HELO mail-gx0-f178.google.com) (209.85.161.178) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 15 Feb 2011 18:55:49 +0000 Received: by gxk25 with SMTP id 25so265610gxk.37 for ; Tue, 15 Feb 2011 10:55:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=PzLaJqQFEJpDXO49ns3B5UdVVccQkiu2hcE3MgPqZIk=; b=ANezX60+rwdpK6QBfIDV2kSlMDpZ9WsRQhpctd/HJFFRwOkVd7wR9vwXvMHENVVu1y NTM1I/P21pbgUQ1xnyE22unc6xhoNPpsInr48qnEJ+wqeRUVAs777knZobG5C6HouoC2 hB3enDSKDgM6J5ec0UUO7hrS9T1kLj+dhQhXU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=dr3HG+Fln3AAh717Wg+jnCsZKEuXdxH30uTYLWbK3FkuwtfrqDsFQ0DQ2OfIo3tu7K D0FSm6BSlfFoo4i1qMnw0//hrqQh6HUVHsyqmSvxrpPwqThnPg9Tffg/u6E20+q6KkCI Igp1QqS5Lde7TOUnSyL0mlKZdkafH/5MwPhHo= Received: by 10.100.105.8 with SMTP id d8mr2309275anc.192.1297796128330; Tue, 15 Feb 2011 10:55:28 -0800 (PST) Received: from 18712411221.telemar.net.br ([187.124.11.221]) by mx.google.com with ESMTPS id t1sm5328736ano.3.2011.02.15.10.55.25 (version=SSLv3 cipher=OTHER); Tue, 15 Feb 2011 10:55:27 -0800 (PST) Message-ID: <4D5ACC1B.1000500@gmail.com> Date: Tue, 15 Feb 2011 15:55:23 -0300 From: =?UTF-8?B?Q3Jpc3RpYW5vIEdhdmnDo28=?= User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7 MIME-Version: 1.0 To: users@directory.apache.org Subject: Re: [ApacheDS] DIGEST-MD5: cannot acquire password References: <6D29A8E1F4E44B468CC387AD29D87159@gmail.com> In-Reply-To: <6D29A8E1F4E44B468CC387AD29D87159@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Hi Pierre. Thanks for answer, but I think I didn't understand what do you mean about should be stored as plaintext... Are you saying that when I'm using Studio to create the userPassword attribute for some user, should I select plaintext in the "Select Hash Method" combobox? If it is, I've removed the created passwords again and recreated all using plainText but nothing change at all. public static void main(String[] args) throws NamingException { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://ldap.mycompany.com:20389"); env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5"); env.put( "java.naming.security.sasl.realm", "MYCOMPANY.COM" ); env.put(Context.SECURITY_PRINCIPAL, "uid=cvgaviao,ou=users,o=mycompany"); env.put("com.sun.jndi.ldap.trace.ber", System.err); // env.put(Context.SECURITY_PRINCIPAL, "uid=cvgaviao,ou=users,o=mycompany"); // env.put(Context.SECURITY_CREDENTIALS, "c123qweg"); env.put( "javax.security.sasl.qop", "auth-conf" ); try { Context ctx = new InitialContext(env); NamingEnumeration enm = ctx.list(""); while (enm.hasMore()) { System.out.println(enm.next()); } ctx.close(); } catch (NamingException e) { System.out.println(e.getMessage()); } } I'm still getting: [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for uid=cvgaviao,ou=users,o=mob4biz in realm : MYCOMPANY.COM] :-( cheers Cristiano On 15/02/11 15:26, Pierre-Arnaud Marcelot wrote: > Hi Cristiano, > > AFAIR, ApacheDS requires passwords to be stored as plaintext to be able to use DIGEST-MD5 or CRAM-MD5 authentication mechanisms. > > Regards, > Pierre-Arnaud > On mardi 15 février 2011 at 19:05, Cristiano Gavião wrote: >> Hi, >> >> I'm studying DS and Studio 1.5.7. I'm using a MacOSX 10.6. >> I've created my first server (on localhost and I've put dns on etc/hosts) >> containing two partitions: system and mycompany. I've created o=mycompany >> context with two units: ou=users and ou=groups. >> >> It's was nice and easy to create and connect to and search my new ldap >> tree... :-) >> >> But this first time I was using simple mechanism and I want something a >> little more secure. So, I've decide to setup DIGEST-MD5 mechanism and I've >> changed server.xml with this: >> Host: ldap.mycompany.com >> Principal: ldap/ldap.mycompany.com@MYCOMPANY.COM >> BaseDN: ou=users,o=mycompany >> >> I've remove the users that I've create before and created new ones and setup >> userPassword to a MD5 new one. >> >> Well, no so easy this time... doesn't work using both java Ldap api or >> studio connection. I'm getting the same error: >> >> LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire >> password for johnUser in realm : MYCOMPANY.COM >> >> and I can't find anything about the problem on net. >> >> I don't know more what to do. Could anyone help me with this please? >> >> thanks a lot >> >> Cristiano >>