directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yang, Gang CTR (US)" <gang.yang....@mail.mil>
Subject RE: Diguest-MD5 authentication
Date Tue, 05 Feb 2013 17:49:18 GMT
After some experiments based on the errors I was getting and tips I found from searching the
Internet, here's a summary on using diguest-MD5 authentication with Apache DS so far:



On the ApacheDS server side: (using Apache Directory Studio for configuration)

- Define a host domain name in host file for ldap.example.com

- Use host domain name instead of 127.0.0.1 in ApacheDS configuration for SASL Host

- Make sure the Search Base DN parameter in SASL settings points to where the users entries
are stored in DIT

- Store the user password in clear text. In order to acchieve this, some discussions from
the mailing list suggested to disable the default passwordPolicies and passwordHashing interceptors

- Restart ApacheDS after chaning the configuration



On the client side: (using Apache Directory Studio)

- Use host domain name instead of 127.0.0.1 in connection configuration for Hostname under
Network Parameters

- Use uid alone w/o "uid=" instead of full DN of the user for Bind DN or User under Authentication

- Make sure to select the right SASL realm, example.com in my case, in SASL Settings



Ater doing all these, I'm still getting the error:



LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for Gang.Yang
in realm : example.com



Anyone who's knowledgeable in this area, please help. I'm using a newly downloaded latest
ApacheDS and Apache Directory Studio (2.0.0-M10 and 2.0.0-M4).



Thanks in advance,

Gang



________________________________
From: Yang, Gang CTR (US) [gang.yang.ctr@mail.mil]
Sent: Monday, February 04, 2013 12:28 PM
To: users@directory.apache.org
Subject: Diguest-MD5 authentication

Hi,



I'm using the latest ApacheDS and Apache Directory Studio. I can bind using Simple authentication,
but failed using Diguest-MD5 or Kerboros. I'm sure it's the configuration, but I could not
find any section in the user's guide (basic or advanced) that tells me how. Any help and pointers
are appreciated.



Thanks,

Gang

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message