directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Seelmann <m...@stefan-seelmann.de>
Subject Re: [Studio] Testing SASL hashed password
Date Sat, 09 Jul 2016 16:49:34 GMT
On 07/09/2016 11:17 AM, Guillermo López Alejos wrote:
> Hello again,
> 
> Sorry for the misplaced tag in the subject. This question is about the Apache Directory
Studio client.
> 
> Kind regards,
> 
> Guillermo
> 
> -----Mensaje original-----
> De: Guillermo López Alejos 
> Enviado el: 08 July 2016 20:29
> Para: 'users@directory.apache.org'
> Asunto: [ApacheDS] Testing SASL hashed password
> 
> Hi,
> 
> I'm on the process of deploying my first LDAP server with SASL. My objective is to provide
LDAP authentication to clients while hiding underlying authentication details. All tests carried
out in the server succeeded, so now it's time for client-side testing.
> 
> I wanted to make it as simple as possible, so I tried with Apache Directory Studio password
verification capabilities. The problem is that after adding a password entry that is SASL
formatted ("{SASL}someone@DOMAIN.ORG"), the "Verify" button becomes greyed. I think this is
because the hash method is "Plaintext".
> 
> Can anyone point out how to test SASL-LDAP authentication with Apache Directory Studio?

The "Verify" button in the password editor can only be used to compare
the (hashed) userPassword attribute. This is done by applying the same
hash algorithm and using the same salt found in the existing password.
This only works for "real" passwords stored in userPassword attribute.

When using SASL you need to run the SASL flow by creating a new
connection and selecting your used SASL mechanism on the 2nd wizard
page. Currently only DIGEST-MD5 and GSSAPI are implemented.

Kind Regards,
Stefan


Mime
View raw message