Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4B09217809 for ; Tue, 3 Feb 2015 15:28:57 +0000 (UTC) Received: (qmail 48495 invoked by uid 500); 3 Feb 2015 15:28:58 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 48449 invoked by uid 500); 3 Feb 2015 15:28:58 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 48436 invoked by uid 99); 3 Feb 2015 15:28:58 -0000 Received: from mail-relay.apache.org (HELO mail-relay.apache.org) (140.211.11.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 03 Feb 2015 15:28:58 +0000 Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com [209.85.213.170]) by mail-relay.apache.org (ASF Mail Server at mail-relay.apache.org) with ESMTPSA id D09241A0118 for ; Tue, 3 Feb 2015 15:28:57 +0000 (UTC) Received: by mail-ig0-f170.google.com with SMTP id l13so25103376iga.1 for ; Tue, 03 Feb 2015 07:28:57 -0800 (PST) MIME-Version: 1.0 X-Received: by 10.107.8.67 with SMTP id 64mr29690734ioi.67.1422977337115; Tue, 03 Feb 2015 07:28:57 -0800 (PST) Received: by 10.36.11.195 with HTTP; Tue, 3 Feb 2015 07:28:57 -0800 (PST) In-Reply-To: References: Date: Tue, 3 Feb 2015 23:28:57 +0800 Message-ID: Subject: Re: sasl authentication problem. From: Kiran Ayyagari To: "users@directory.apache.org" Content-Type: multipart/alternative; boundary=001a113f8f8ab3ca3e050e30baa0 --001a113f8f8ab3ca3e050e30baa0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Tue, Feb 3, 2015 at 7:26 PM, =EC=B5=9C=EA=B7=9C=EC=9A=B0 wrote: > Hello apacheds users. > > I'm getting "INVALID_CREDENTIALS : DIGEST-MD5: cannot acquire password fo= r > uid=3Dadmin in realm : example.com" error when I try to authenticate by > DIGEST-MD5 (SASL). > > steps I've done is here. > > * ON SERVER > SASL Host : (server ip address) > SASL Principal : ldap/(server ip address)@EXAMPLE.COM > Search Base Dn : ou=3Dusers,dc=3Dexample,dc=3Dcom > > AND > > > ads-enabled=3DFALSE,ads-pwdId=3Ddefault,ou=3DpasswordPolicies,ads-interce= ptorId=3DauthenticationInterceptor,ou=3Dinterceptors,ads-directoryServiceId= =3Ddefault,ou=3Dconfig > > > ads-enabled=3DFALSE,ads-interceptorId=3DpasswordHashingInterceptor,ou=3Di= nterceptors,ads-directoryServiceId=3Ddefault,ou=3Dconfig > > > THEN ON CLIENT > > Authentication Method > DIGEST-MD5 (SASL) > > Bind DN or user : uid=3Dadmin > Bind password **** > > SASL Setting > SASL Realm : example.com > Quality of protection : authentication only > protection strength : high > > > for sure there is the user "uid=3Dadmin,ou=3Dusers,dc=3Dexmaple,dc=3Dcom= ". > > what did I wrong? I have no problem logging in by simple authentication. > any suggestion? > make sure the password is stored in plain text and make sure the IP address / hostname used in the client is same as the one in SAML principal > > > -- > > > KyuWoo Choi > PAIO co.,ltd. > www.paio.co.kr > apple@paio.co.kr > TEL : 070-8621-0707 > MO : 010-2834-2335 > FAX : 02-6919-9010 > SNS : www.facebook.com/paiofarm > --=20 Kiran Ayyagari http://keydap.com --001a113f8f8ab3ca3e050e30baa0--