Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 07A4E11D0A for ; Fri, 15 Aug 2014 21:00:39 +0000 (UTC) Received: (qmail 82581 invoked by uid 500); 15 Aug 2014 21:00:38 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 82545 invoked by uid 500); 15 Aug 2014 21:00:38 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 82530 invoked by uid 99); 15 Aug 2014 21:00:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Aug 2014 21:00:38 +0000 X-ASF-Spam-Status: No, hits=-2.8 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_HI,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of iikonne@us.ibm.com designates 32.97.110.149 as permitted sender) Received: from [32.97.110.149] (HELO e31.co.us.ibm.com) (32.97.110.149) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Aug 2014 21:00:32 +0000 Received: from /spool/local by e31.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 15 Aug 2014 15:00:12 -0600 Received: from d03dlp01.boulder.ibm.com (9.17.202.177) by e31.co.us.ibm.com (192.168.1.131) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 15 Aug 2014 15:00:09 -0600 Received: from b03cxnp08028.gho.boulder.ibm.com (b03cxnp08028.gho.boulder.ibm.com [9.17.130.20]) by d03dlp01.boulder.ibm.com (Postfix) with ESMTP id 470C11FF0040 for ; Fri, 15 Aug 2014 15:00:08 -0600 (MDT) Received: from d03av05.boulder.ibm.com (d03av05.boulder.ibm.com [9.17.195.85]) by b03cxnp08028.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id s7FL09Qk16187482 for ; Fri, 15 Aug 2014 23:00:09 +0200 Received: from d03av05.boulder.ibm.com (localhost [127.0.0.1]) by d03av05.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s7FL08bB015920 for ; Fri, 15 Aug 2014 15:00:09 -0600 Received: from d03nm127.boulder.ibm.com (d03nm127.boulder.ibm.com [9.63.33.48]) by d03av05.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id s7FL08oT015903 for ; Fri, 15 Aug 2014 15:00:08 -0600 In-Reply-To: References: <53E28613.9090200@gmail.com> <53E29DBD.1020104@gmail.com> To: users@directory.apache.org MIME-Version: 1.0 Subject: Re: SASL DIGEST-MD5 Authentication X-KeepSent: 8F1E93A7:7FA42C79-86257D35:00730FDA; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.5.3FP5SHF238 December 19, 2013 From: Ike Ikonne Message-ID: Date: Fri, 15 Aug 2014 16:00:05 -0500 X-MIMETrack: Serialize by Router on D03NM127/03/M/IBM(Release 9.0.1FP1|April 03, 2014) at 08/15/2014 15:00:05, Serialize complete at 08/15/2014 15:00:05 Content-Type: multipart/alternative; boundary="=_alternative 00735C1D86257D35_=" X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 14081521-8236-0000-0000-000004A5900F X-Virus-Checked: Checked by ClamAV on apache.org --=_alternative 00735C1D86257D35_= Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: quoted-printable Hi Kiran, Thanks, the example that you sent made a huge difference; I have now=20 managed to get DIGEST-MD5 to work. One of the problem is that I needed to restart=20 APACHE DS for all the configurations to take effect, that is my observation. Again, thank you for the wonderful example, it made a difference; now,=20 would CRAM-MD5 follow the same pattern? Thanks, Ike From: Kiran Ayyagari To: "users@directory.apache.org" ,=20 Date: 08/15/2014 02:11 PM Subject: Re: SASL DIGEST-MD5 Authentication I have successfully tested DIGEST-MD5(SASL) using Studio Here is my server configuration http://pastebin.com/b0tsyVGK I have added the below entry in my /etc/hosts file 127.0.0.1 example.com I have added a user entry with DN uid=3Dkirana,ou=3Dsystem The Studio connection network tab looks like this http://i.imgur.com/qfg2Aii.png and the Authentication tab like this http://i.imgur.com/eUFu3Gq.png HTH On Thu, Aug 14, 2014 at 6:10 AM, Ike Ikonne wrote: > Hi all, > > Anyone has any more suggestions on how I can get DIGEST-MD5 SASL > to work for me? I haven't had any luck yet and I have tried all the > suggestions > from the group and I do thank you all for that, I still have a need to > get that authentication mechanism to work in my environment. > > Thanks, > > Ike > > > > > From: Kiran Ayyagari > To: "users@directory.apache.org" , > Date: 08/07/2014 12:08 AM > Subject: Re: SASL DIGEST-MD5 Authentication > > > > On Thu, Aug 7, 2014 at 4:10 AM, Ike Ikonne wrote: > > > Hi, > > > > I use JNDI API on JRE 1.7 to establish connection to APACHE DS. > > I am able to establish SIMPLE authentication to APACHE DS, I am > > just trying to get DIGEST-MD5 to work. Here are my enironment: > > > > Hashtable env =3D new Hashtable(); > > env.put(Context.INITIAL=5FCONTEXT=5FFACTORY, ldapCtxFactory); > > > > if (authMethod !=3D null) > > env.put(Context.SECURITY=5FAUTHENTICATION, authMethod); > > if (principal !=3D null) > > env.put(Context.SECURITY=5FPRINCIPAL, principal); > > if (credentials !=3D null) > > env.put(Context.SECURITY=5FCREDENTIALS, credentials); > > if (referral !=3D null) > > env.put(Context.REFERRAL, referral); > > if (ldapVer !=3D null) > > env.put("java.naming.ldap.version", ldapVer); > > env.put("java.naming.security.sasl.realm", "example.com"); > > > > Tell me, do I need to configure the example.com realm or is it > > configured as a default by APACHE DS? > > > your must be able to resolve your realm name (here example.com), either > add an entry in your hosts file or in your internal DNS server > > > > > Thanks, > > > > Ike > > > > > > > > > > From: Emmanuel L=E9charny > > To: users@directory.apache.org, > > Date: 08/06/2014 04:28 PM > > Subject: Re: SASL DIGEST-MD5 Authentication > > > > > > > > Le 06/08/14 22:40, Ike Ikonne a =E9crit : > > > Hi all, > > > > > > Again, thanks all for your response; so, do I need to make any > > > external configuration other than the configuration to the APACHE=20 DS? > > > How do I change the default realm to point to my domain realm? > > > Do I need to install/setup cyrus-sasl library to make this to work? > > > > No. We depends on the JVM which supports SASL. > > > > What client are you using ? > > > > > > > > > -- > Kiran Ayyagari > http://keydap.com > > --=20 Kiran Ayyagari http://keydap.com --=_alternative 00735C1D86257D35_=--