Return-Path: 
 <users-return-7082-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-users-archive@www.apache.org
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3D9471884F
	for <apmail-directory-users-archive@www.apache.org>;
 Wed, 13 Jan 2016 17:03:39 +0000 (UTC)
Received: (qmail 22451 invoked by uid 500); 13 Jan 2016 17:03:39 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 22403 invoked by uid 500); 13 Jan 2016 17:03:39 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 22390 invoked by uid 99); 13 Jan 2016 17:03:38 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Jan 2016 17:03:38 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id CF96F1A0355
	for <users@directory.apache.org>; Wed, 13 Jan 2016 17:03:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 2.902
X-Spam-Level: **
X-Spam-Status: No, score=2.902 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=3, URIBL_BLOCKED=0.001, URI_TRY_3LD=0.001]
	autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=yahoo.gr
Received: from mx1-eu-west.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id Caa1t0ZSmDcu for <users@directory.apache.org>;
	Wed, 13 Jan 2016 17:03:25 +0000 (UTC)
Received: from nm15-vm3.bullet.mail.ir2.yahoo.com
 (nm15-vm3.bullet.mail.ir2.yahoo.com [212.82.96.200])
	by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with
 ESMTPS id B748731AD2
	for <users@directory.apache.org>; Wed, 13 Jan 2016 17:03:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.gr; s=s2048;
 t=1452704598; bh=2vc1bb1W5sbKfe6sx+hsabaIv/E0kcS8dtJ8eViTSqM=;
 h=Date:From:To:In-Reply-To:References:Subject:From:Subject;
 b=Z3DxdVL80eHB6wr8YTAG/7y5DRdhT0Tq9nVDIoln70MyNfgFyVVv/x94c+ogKKtilCUaUqnXuHfBX6Vyr3eDrXG0RMT/Wanu4kjl8luhvG8T62fLzvcwcmzLhREYt/zUbaoxgAhlGyvAd5PeNqoJ8QogVJl/k4MWrf9k1MxDmGeBBlDkysogTebETYnqK4+gtV3bVcPxJpzKsOhyUj/8+FHQmTEpFu7WJBL0wcOqSCRjDF9V3lBxN/VsWUxlwRBo40H9mz566L8ceNUeygBQ6UhHWB8rhRXvUkwKGcQGAIjKvPakqLs8YJ4/iHbEZ5FN4e6+BfLtaiLcbDLelXMOzQ==
Received: from [212.82.98.126] by nm15.bullet.mail.ir2.yahoo.com with NNFMP;
 13 Jan 2016 17:03:18 -0000
Received: from [46.228.39.98] by tm19.bullet.mail.ir2.yahoo.com with NNFMP;
 13 Jan 2016 17:03:18 -0000
Received: from [127.0.0.1] by smtp135.mail.ir2.yahoo.com with NNFMP;
 13 Jan 2016 17:03:17 -0000
X-Yahoo-Newman-Id: 396541.91687.bm@smtp135.mail.ir2.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 9zp.bXEVM1kGjCzFaV_7scPGxDZszHR8gtnpQhSjRGX8DvO
 De0Z50WVBmcw9UnTsd2J9VrhLiW0hJjwFen6DmO5JWzB21kpehVxV1jU9g_B
 Ax.KFgtTn0yiPIF5FQhlffdOe9jzjRDMYZMurPmdVS9HWCY7nonXGzF2_rjq
 m34uJV0IyAqmtHPYvsBpsyNUQC2OcQVzcdrhgTRfIfAyLUEKFzdgrS3Ff09a
 Zgy.8gxpohrExxSiMlYTBUbt6ekKR42Vok.E43FKnMk4SuBTiiEQbGkrluab
 LpP2cQHtgGYaH2dMdAsS2b6pXOp3smpi7vU9SuU6i0vcsn1bFHLhNY2IOp_1
 XHwl1jqVuYjzoLymYbsDwYoCLV7fxUOU1POH.O7auCuRlNkLTNL9Id6V2yz6
 fYB5ZABDr3eoOWFYE2gxgUS3qgZ4CHqRnxgL8y5UxUrIQSbNd6lNMmA7VHPj
 Qdn5q8u7jaK5DvMD8TDNzDzYx_5I5n76uUrtkEoRqM1EoaYu9M2368VzrBt6
 Z1w9f1i2TgW5WcW8oT.LE_j3EH7TySxokc5ArPHtesA--
X-Yahoo-SMTP: zqOro8aswBATGnFGyBkfgkPClVMj
Received: by 66.196.81.114; Wed, 13 Jan 2016 17:03:13 +0000 
Date: Wed, 13 Jan 2016 17:03:11 +0000 (UTC)
From: "akarypid@yahoo.gr" <akarypid@yahoo.gr>
To: "users@directory.apache.org" <users@directory.apache.org>
Message-ID: <1234733093.7295143.1452704591637.JavaMail.yahoo@mail.yahoo.com>
In-Reply-To: <1876654989.7136615.1452696155162.JavaMail.yahoo@mail.yahoo.com>
References: 
 <1876654989.7136615.1452696155162.JavaMail.yahoo.ref@mail.yahoo.com>
 <1876654989.7136615.1452696155162.JavaMail.yahoo@mail.yahoo.com>
Subject: Re: DIGEST-MD5: digest response format violation. Mismatched
 response.
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_7295142_1478948994.1452704591633"

------=_Part_7295142_1478948994.1452704591633
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

'Well duh' moment... My passwords are stored hashed...

Sent from Yahoo Mail on Android=20
=20
  On Wed, 13 Jan, 2016 at 14:42, akarypid@yahoo.gr<akarypid@yahoo.gr> wrote=
:   Hello,

Context: I am running a 2.0.0-M20 server instance and all testing/trials be=
low where made with Apache Directory Studio 2.0.0.v20150606-M9.

Also, thank you in advance to anyone who takes the time to read through all=
 this and possibly reply with pointers/solutions.

PROBLEM SUMMARY
----------------------------------
I am able to connect with simple authentication and the DN, but I want to b=
e able to also use DIGEST-MD5 and uid-only value instead of full DN. No mat=
ter what I do, I keep getting this error when I try to connect:

=C2=A0 =C2=A0 =C2=A0 DIGEST-MD5: digest response format violation. Mismatch=
ed response.

DETAILS
----------------------------------
I have 2 connections in my Apache Directory Studio (first works, second is =
the one I can't get to work).

The two have identical settings in the "Network Parameter", "Browser Option=
s" and "Edit Options" tabs. Basically it's the defaults, where the network =
parameters were changed to give the host name (myhost.mydomain.com) and por=
t number, and also to enable the StartTLS extension. In fact the second con=
nection was created as a copy of the first (working) one, where I only made=
 changes to the authentication tab:

=C2=A0=C2=A0=C2=A0 1. First (working) connection has method "Simple Authent=
ication"=C2=A0
=C2=A0=C2=A0=C2=A0 Bind DN or user: "uid=3Dadmin,ou=3Dpeople,dc=3Ddevops,dc=
=3Dmydomain,dc=3Dcom"

=C2=A0=C2=A0=C2=A0 2. Second (non-working) connection has method "DIGEST-MD=
5 (SASL)" method
=C2=A0=C2=A0=C2=A0 Bind DN or user: "admin"=C2=A0=C2=A0
=C2=A0=C2=A0=C2=A0 In SASL settings SASL Realm: myhost.mydomain.com

The SASL realm is the server's FQDN from 'hostname -f' command. All other s=
ettings are defaults. When connecting I get this failure in Directory Studi=
o client:

CUT START =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Error while opening connection
- [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response f=
ormat violation. Mismatched response.]
java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5=
: digest response format violation. Mismatched response.]
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.io.api.Di=
rectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.jav=
a:1278)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.io.api.Di=
rectoryApiConnectionWrapper.access$9(DirectoryApiConnectionWrapper.java:124=
6)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.io.api.Di=
rectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:448)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.io.api.Di=
rectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.jav=
a:1173)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.io.api.Di=
rectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:457)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.io.api.Di=
rectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:303)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.jobs.Open=
ConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
=C2=A0=C2=A0=C2=A0 at org.apache.directory.studio.connection.core.jobs.Stud=
ioConnectionJob.run(StudioConnectionJob.java:109)
=C2=A0=C2=A0=C2=A0 at org.eclipse.core.internal.jobs.Worker.run(Worker.java=
:54)

[LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response for=
mat violation. Mismatched response.]
CUT END=C2=A0 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

Any idea on what may be causing this?

=C2=A0=C2=A0=C2=A0 * I think the uid and the userPassword values are 100% c=
orrect, since (1) works with those.
=C2=A0=C2=A0=C2=A0 * I also think the SASL realm is correct - using some ot=
her value (e.g. wronghost.mydomain.com) gives "DIGEST-MD5: digest response =
format violation. Nonexistent realm: wronghost.mydomain.com] "=C2=A0

SERVER SETTINGS
----------------------------------
When I use the working connection (1) and "Open Configuration", in the "LDA=
P/LDAPS Servers" tab, I've change the "SASL Settings" tab as follows:

SASL Host: myhost.mydomain.com=C2=A0=C2=A0=C2=A0 =C2=A0=C2=A0=C2=A0 - NOTE =
this matches the realm
SASL Principal: ldap/myhost.mydomain.com Search Base Dn: ou=3Dpeople,dc=3Dd=
evops,dc=3Dmydomain,dc=3Dcom

In the list of SASL Realms I've added "myhost.mydomain.com" which is the sa=
me as the SASL host. =20

------=_Part_7295142_1478948994.1452704591633--