directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ike Ikonne <iiko...@us.ibm.com>
Subject Re: SASL DIGEST-MD5 Authentication
Date Wed, 06 Aug 2014 20:01:45 GMT
Hi 

After making the change that you suggested, I get the following from the 
server

LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response 
format violation. Nonexis
tent realm: example.com

Here is how my apache directory configuration looks like:

dn:
ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
objectclass: ads-server
objectclass: ads-ldapServer
objectclass: ads-dsBasedServer
objectclass: ads-base
objectclass: top
ads-serverId: ldapServer
ads-confidentialityRequired: FALSE
ads-maxSizeLimit: 1000
ads-maxTimeLimit: 15000
ads-maxpdusize: 2000000
ads-saslHost: iikonne.xxx.com 
ads-saslPrincipal: ldap/ldap.example.com@EXAMPLE.COM
ads-saslRealms: example.com
ads-saslRealms: apache.org
ads-searchBaseDN: ou=users,ou=system
ads-replEnabled: true
ads-replPingerSleep: 5
ads-enabled: TRUE





From:   Emmanuel Lécharny <elecharny@gmail.com>
To:     users@directory.apache.org, 
Date:   08/06/2014 02:47 PM
Subject:        Re: SASL DIGEST-MD5 Authentication



Le 06/08/14 21:16, Ike Ikonne a écrit :
> Hi all,
>
> I would appreciate it if someone could direct me on how to setup
> APACHE DS to support SASL DIGEST-MD5.  How can I setup
> the realm for the example.com default domain?

You have to set the saslHost parameter in the ldapServer entry :

dn:
ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
objectclass: ads-server
objectclass: ads-ldapServer
objectclass: ads-dsBasedServer
objectclass: ads-base
objectclass: top
ads-serverId: ldapServer
ads-confidentialityRequired: FALSE
ads-maxSizeLimit: 1000
ads-maxTimeLimit: 15000
ads-maxpdusize: 2000000
ads-saslHost: ldap.example.com                           <<<----
ads-saslPrincipal: ldap/ldap.example.com@EXAMPLE.COM
ads-saslRealms: example.com
ads-saslRealms: apache.org
ads-searchBaseDN: ou=users,ou=system
ads-replEnabled: true
ads-replPingerSleep: 5
ads-enabled: TRUE



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message