Return-Path: X-Original-To: apmail-directory-api-archive@minotaur.apache.org Delivered-To: apmail-directory-api-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1A93E10A91 for ; Tue, 11 Mar 2014 11:09:40 +0000 (UTC) Received: (qmail 58335 invoked by uid 500); 11 Mar 2014 11:09:23 -0000 Delivered-To: apmail-directory-api-archive@directory.apache.org Received: (qmail 56651 invoked by uid 500); 11 Mar 2014 11:09:13 -0000 Mailing-List: contact api-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: api@directory.apache.org Delivered-To: mailing list api@directory.apache.org Received: (qmail 56334 invoked by uid 99); 11 Mar 2014 11:09:00 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Mar 2014 11:09:00 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [88.98.24.71] (HELO shcp03.hosting.zen.net.uk) (88.98.24.71) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 11 Mar 2014 11:08:53 +0000 Received: from [212.135.39.3] (port=38650 helo=[62.185.32.82]) by shcp03.hosting.zen.net.uk with esmtpa (Exim 4.80.1) (envelope-from ) id 1WNKXt-0004O1-Po for api@directory.apache.org; Tue, 11 Mar 2014 11:08:29 +0000 Message-ID: <531EEEB1.2010103@ahastie.net> Date: Tue, 11 Mar 2014 11:08:33 +0000 From: Andrew Hastie User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7 MIME-Version: 1.0 To: api@directory.apache.org Subject: [LDAP API] SASL Ream name format when binding against Microsoft AD Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - shcp03.hosting.zen.net.uk X-AntiAbuse: Original Domain - directory.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - ahastie.net X-Get-Message-Sender-Via: shcp03.hosting.zen.net.uk: authenticated_id: andrew+ahastie.net/only user confirmed/virtual account not confirmed X-Virus-Checked: Checked by ClamAV on apache.org Hi all. I am looking for some advice on the following topic and hoping someone out there may have hit the same problem before: I'm experimenting with the API in an attempt to authenticate a User+Password combination against an instance of MS Active Directory. My problem occurs when I use the SASL Mechanism "DIGEST-MD5", and relates to how I set the value for the SASL Realm. Here's an example of what I see: 1. I have a standard user account in the MS Active Directory. 2. Say the Windows "Realm" is COMPANY1 and my userID is "somebody" If I set the UserID to "somebody" and the Realm to "COMPANY1", this works OK. If I set the UserID to "somebody" and the Realm to "company1", this works OK. But if set the UserID to "somebody" and the Realm to "Company1", the bind request is rejected. I have read in several places that the Realm name when using GSSAPI/Kerberos should be supplied in upper case, so I guess there must be something connected with case sensitivity somewhere. Is anyone able to shed any light as to where I am going wrong here? Thanks Andrew