directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "akarypid@yahoo.gr" <akary...@yahoo.gr>
Subject DIGEST-MD5: digest response format violation. Mismatched response.
Date Wed, 13 Jan 2016 14:42:35 GMT
Hello,

Context: I am running a 2.0.0-M20 server instance and all testing/trials below where made
with Apache Directory Studio 2.0.0.v20150606-M9.

Also, thank you in advance to anyone who takes the time to read through all this and possibly
reply with pointers/solutions.

PROBLEM SUMMARY
----------------------------------
I am able to connect with simple authentication and the DN, but I want to be able to also
use DIGEST-MD5 and uid-only value instead of full DN. No matter what I do, I keep getting
this error when I try to connect:

      DIGEST-MD5: digest response format violation. Mismatched response.

DETAILS
----------------------------------
I have 2 connections in my Apache Directory Studio (first works, second is the one I can't
get to work).

The two have identical settings in the "Network Parameter", "Browser Options" and "Edit Options"
tabs. Basically it's the defaults, where the network parameters were changed to give the host
name (myhost.mydomain.com) and port number, and also to enable the StartTLS extension. In
fact the second connection was created as a copy of the first (working) one, where I only
made changes to the authentication tab:

    1. First (working) connection has method "Simple Authentication" 
    Bind DN or user: "uid=admin,ou=people,dc=devops,dc=mydomain,dc=com"

    2. Second (non-working) connection has method "DIGEST-MD5 (SASL)" method
    Bind DN or user: "admin"  
    In SASL settings SASL Realm: myhost.mydomain.com

The SASL realm is the server's FQDN from 'hostname -f' command. All other settings are defaults.
When connecting I get this failure in Directory Studio client:

CUT START ========================================
Error while opening connection
- [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation.
Mismatched response.]
java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response
format violation. Mismatched response.]
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1278)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:1246)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:448)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1173)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457)
    at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303)
    at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
    at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
    at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)

[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation.
Mismatched response.]
CUT END  ========================================

Any idea on what may be causing this?

    * I think the uid and the userPassword values are 100% correct, since (1) works with
those.
    * I also think the SASL realm is correct - using some other value (e.g. wronghost.mydomain.com)
gives "DIGEST-MD5: digest response format violation. Nonexistent realm: wronghost.mydomain.com]
" 

SERVER SETTINGS
----------------------------------
When I use the working connection (1) and "Open Configuration", in the "LDAP/LDAPS Servers"
tab, I've change the "SASL Settings" tab as follows:

SASL Host: myhost.mydomain.com        - NOTE this matches the realm
SASL Principal: ldap/myhost.mydomain.com Search Base Dn: ou=people,dc=devops,dc=mydomain,dc=com

In the list of SASL Realms I've added "myhost.mydomain.com" which is the same as the SASL
host.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message