directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ike Ikonne <iiko...@us.ibm.com>
Subject Re: SASL DIGEST-MD5 Authentication
Date Wed, 06 Aug 2014 20:40:54 GMT
Hi all,

Again, thanks all for your response;  so, do I need to make any 
external configuration other than the configuration to the APACHE DS?
How do I change the default realm to point to my domain realm?
Do I need to install/setup cyrus-sasl library to make this to work?

Here is my configuration:

dn: 
ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=con
 fig
objectclass: top
objectclass: ads-base
objectclass: ads-dsBasedServer
objectclass: ads-ldapServer
objectclass: ads-server
ads-confidentialityrequired: FALSE
ads-maxpdusize: 2000000
ads-maxsizelimit: 1000
ads-maxtimelimit: 15000
ads-replenabled: true
ads-replpingersleep: 5
ads-saslhost: iikonne.xxx.xxx.com
ads-saslprincipal: ldap/iikonne.xxx.xxx.com@xxx.COM
ads-saslrealms: example.com
ads-saslrealms: apache.org
ads-serverid: ldapServer
ads-enabled: TRUE
ads-searchbasedn: ou=users,ou=system



From:   Pierre Smits <pierre.smits@gmail.com>
To:     Apache Directory Users List <users@directory.apache.org>, 
Date:   08/06/2014 03:25 PM
Subject:        Re: SASL DIGEST-MD5 Authentication



Ike,

Of course, you have to change example.com and EXAMPLE.COM for your realms.

Regards,

Pierre Smits

*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com


On Wed, Aug 6, 2014 at 10:01 PM, Ike Ikonne <iikonne@us.ibm.com> wrote:

> Hi
>
> After making the change that you suggested, I get the following from the
> server
>
> LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response
> format violation. Nonexis
> tent realm: example.com
>
> Here is how my apache directory configuration looks like:
>
> dn:
> 
ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
> objectclass: ads-server
> objectclass: ads-ldapServer
> objectclass: ads-dsBasedServer
> objectclass: ads-base
> objectclass: top
> ads-serverId: ldapServer
> ads-confidentialityRequired: FALSE
> ads-maxSizeLimit: 1000
> ads-maxTimeLimit: 15000
> ads-maxpdusize: 2000000
> ads-saslHost: iikonne.xxx.com
> ads-saslPrincipal: ldap/ldap.example.com@EXAMPLE.COM
> ads-saslRealms: example.com
> ads-saslRealms: apache.org
> ads-searchBaseDN: ou=users,ou=system
> ads-replEnabled: true
> ads-replPingerSleep: 5
> ads-enabled: TRUE
>
>
>
>
>
> From:   Emmanuel Lécharny <elecharny@gmail.com>
> To:     users@directory.apache.org,
> Date:   08/06/2014 02:47 PM
> Subject:        Re: SASL DIGEST-MD5 Authentication
>
>
>
> Le 06/08/14 21:16, Ike Ikonne a écrit :
> > Hi all,
> >
> > I would appreciate it if someone could direct me on how to setup
> > APACHE DS to support SASL DIGEST-MD5.  How can I setup
> > the realm for the example.com default domain?
>
> You have to set the saslHost parameter in the ldapServer entry :
>
> dn:
> 
ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config
> objectclass: ads-server
> objectclass: ads-ldapServer
> objectclass: ads-dsBasedServer
> objectclass: ads-base
> objectclass: top
> ads-serverId: ldapServer
> ads-confidentialityRequired: FALSE
> ads-maxSizeLimit: 1000
> ads-maxTimeLimit: 15000
> ads-maxpdusize: 2000000
> ads-saslHost: ldap.example.com                           <<<----
> ads-saslPrincipal: ldap/ldap.example.com@EXAMPLE.COM
> ads-saslRealms: example.com
> ads-saslRealms: apache.org
> ads-searchBaseDN: ou=users,ou=system
> ads-replEnabled: true
> ads-replPingerSleep: 5
> ads-enabled: TRUE
>
>
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message