You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Phani Madgula <ph...@gmail.com> on 2006/01/20 07:42:02 UTC
How to connect to LDAP server on Geronimo from an LDAP client?
Hi
I am facing a problem while connecting to LDAP server from an LDAP client.
I have installed Softerra LDAP browser and tried to connect to LDAP server
running on Geronimo.
I always get "Can not connect to the LDAP server : ERROR 91".
Any solution?
thanks
phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Aaron Mulder <am...@alumni.princeton.edu>.
I don't know much about LDAP, but... Is password hashing part of the
standard? Is there some way for our LDAP realm to figure out whether
the server expects a password in plain text or MD5 or SHA? I know we
can send the hashed password, it's just a question of figuring out
which password method the LDAP server is expecting. If nothing else,
we could add a configuration option for the password hashing
mechanism, but I would hope we could tell from the server's initial
challenge or something.
Thanks,
Aaron
On 1/25/06, Phani Madgula <ph...@gmail.com> wrote:
> Hi Hernan,
>
> I am using AG1.0. I tried with other LDAP clients.
> I observed that, some clients store passwords in SHA, by deafult.
> The authentication is failing in either case [MD5 or SHA]
>
> Thanks
> phani
>
>
>
> On 1/25/06, Hernan Cunico <hc...@gmail.com> wrote:
> > Hi Phani,
> > So far I am only getting this error while using Jxplorer. What other
> > client have you tried?
> >
> > Cheers!
> > Hernan
> >
> > Hernan Cunico wrote:
> > >
> > >> Hi Phani,
> > >> sorry for the delay in the reply. I am having some issues too while
> > >> validating the user.
> > >> Maybe you arlready replied this in a previous note but, what version
> > >> of Geronimo are you using?
> > >>
> > >> Cheers!
> > >> Hernan
> > >>
> > >> Phani Madgula wrote:
> > >>
> > >>> Hi Hernan,
> > >>>
> > >>> Thanks for the link. It is quite helpful & informative.
> > >>>
> > >>> I did similar operations, as specified in my previous mail, by
> > >>> deploying the sample application given in the article. I added a new
> > >>> user user3/pass123 in "ou=users, ou=system" in Directory server, and
> > >>> in geronimo-web.xml I added the user3 in role mappings
> > >>>
> > >>> <role-mappings>
> > >>> <role role-name="content-administrator">
> > >>> <realm realm-name="ldap-realm">
> > >>>
> > >>> <principal
> > >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> > >>>
> > >>> name="admin" designated-run-as="true"/>
> > >>> <principal
> > >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="system"/>
> > >>> <principal
> > >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="user3"/>
> > >>> </realm>
> > >>> </role>
> > >>>
> > >>> <role role-name="guest">
> > >>> <realm realm-name="ldap-realm">
> > >>> <principal
> > >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> > >>> "
> > >>> name="guest" designated-run-as="true"/>
> > >>> <principal
> > >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="user1"/>
> > >>> <principal
> > >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="user2"/>
> > >>> </realm>
> > >>> </role>
> > >>>
> > >>> </role-mappings>
> > >>>
> > >>> I used Jxplorer LDAP client to create the new user users3. When I
> > >>> provide password in PLAIN format which uses BASE64 encoding through
> > >>> LDAP client, the application is authenticating successfully. When I
> > >>> store it in MD5, the authentication is failing for user3.
> > >>>
> > >>> Any issue while using MD5 ?
> > >>>
> > >>> thanks
> > >>> phani
> > >>>
> > >>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> > >>> <mailto: hcunico@gmail.com> > wrote:
> > >>>
> > >>> Hi Phani,
> > >>> Here is an article that may help you configure LDAP
> > >>>
> > >>>
> > >>>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> > >>>
> > >>>
> > >>> Cheers!
> > >>> Hernan
> > >>>
> > >>> Phani Madgula wrote:
> > >>> > Hi
> > >>> >
> > >>> > I am facing a problem while connecting to LDAP server from an
> > >>> LDAP client.
> > >>> > I have installed Softerra LDAP browser and tried to connect to
> > >>> LDAP
> > >>> > server running on Geronimo.
> > >>> >
> > >>> > I always get "Can not connect to the LDAP server : ERROR 91".
> > >>> >
> > >>> > Any solution?
> > >>> >
> > >>> > thanks
> > >>> > phani
> > >>>
> > >>>
> > >>
> > >
> >
>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Hernan Cunico <hc...@gmail.com>.
Hi Phani,
opening a JIRA will provide a way to keep track on this issue. You will have to register to *CREATE
A NEW ISSUE*. Pls explain in detail the environment and problem and how to implement your workaround.
Here is the link for the JIRAs
http://issues.apache.org/jira/browse/GERONIMO
I'll keep playing with the password hashing as I am still not having consistent results.
Cheers!
Hernan
Phani Madgula wrote:
> Hi Hernan/Aaron
>
> I developed a small application that uses pure programmatic security
> login, using Nescape Java LDAP SDK.
> When I store password in MD5/SHA, I applied corresponding hashing on
> password sent by user and compared with the passoword retrieved from the
> LDAP server. To know how the password is stored in LDAP, we can check
> for prefix "{md5}" for MD5, and "{sha}" for SHA.
> The following is the code snippet
>
> String uname = req.getParameter("userName");
> String password = req.getParameter("password");
>
>
> boolean loginSucceed = false;
>
> String hashMethod = "PLAIN";
> String hashedPassword = password;
>
> String ldapPassword = getLdapPassword(uname); //Retrieve password
> from LDAP for the user
> if(ldapPassword.startsWith("{md5}")){
> hashMethod = "MD5";
> }else if(ldapPassword.startsWith ("{sha}")){
> hashMethod = "SHA";
> }
>
> if(hashMethod.equals("SHA")){
> hashedPassword = getSHAHashedPassword(password);
> }else if(hashMethod.equals("MD5")){
> hashedPassword = getMD5HashedPassword(password);
> }
>
> System.out.println("AuthenticateServlet:service:hashedPassword:"+hashedPassword);
> System.out.println("AuthenticateServlet:service:ldapPassword:"+ldapPassword);
> if(hashedPassword.equals (ldapPassword))loginSucceed=true;
>
> .
>
>
> So, with programmatic login, we can solve the problem. I guess hashing
> is not part of specification. With declarative security management, I
> guess, current application login implementation must consider MD5/SHA also.
>
> If the above points are valid, we can have a JIRA on this..?
>
>
> Thanks
> phani
>
>
> On 1/27/06, *Phani Madgula* <phanibalaji.madgula@gmail.com
> <ma...@gmail.com>> wrote:
>
> Hi Hernan/Aaron
>
> The following is the export of my LDAP entries. I could export using
> JXplorer. I also used another LDAP client called LDAP Browser/Editor
> 2.8.2.
>
> In the below LDAP export, there are two users balaji1, balaji2 whose
> passwords are MD5 hashed.
> Where as for other users, the passwords are stored PLAIN. So, with
> balaji1/balaji2, I am getting "Userid/password wrong" message in the
> browser while authenticating.
>
> I am trying to find the answers for Aaron's questions. I will update
> soon.
>
> version: 1
> dn: ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: system
> userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=
>
> dn: uid=admin,ou=system
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: system administrator
> displayName: Directory Superuser
> sn: administrator
> uid: admin
> userPassword:: c2VjcmV0
>
> dn: ou=users,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: users
>
> dn: uid=system,ou=users,ou=system
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: John Doe
> facsimiletelephonenumber: +1 408 555 5556
> givenname: John
> l: Las Vegas
> mail: system@apachecon.comm <ma...@apachecon.comm>
> ou: People
> ou: Human Resources
> roomnumber: 4613
> sn: Doe
> telephonenumber: +1 408 555 5555
> uid: system
> userPassword:: bWFuYWdlcg==
>
> dn: uid=user1,ou=users,ou=system
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: User
> facsimiletelephonenumber: +1 408 555 5556
> givenname: User1
> l: Las Vegas
> mail: user1@apachecon.comm <ma...@apachecon.comm>
> ou: People
> ou: Human Resources
> roomnumber: 4613
> sn: One
> telephonenumber: +1 408 555 5555
> uid: user1
> userPassword:: dXNlcjE=
>
> dn: uid=user2,ou=users,ou=system
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: User
> facsimiletelephonenumber: +1 408 555 5556
> givenname: User2
> l: Las Vegas
> mail: user2@apachecon.comm <ma...@apachecon.comm>
> ou: People
> ou: Human Resources
> roomnumber: 4613
> sn: Two
> telephonenumber: +1 408 555 5555
> uid: user2
> userPassword:: dXNlcjI=
>
> dn: uid=admin,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: admin
> sn: admin
> uid: admin
> userPassword:: YWRtaW4=
>
> dn: uid=user3,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: user3
> sn: user3
> uid: user3
> userPassword:: dXNlcjM=
>
> dn: uid=user4,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: user4
> sn: user4
> uid: user4
> userPassword:: dXNlcjQ=
>
> dn: uid=phani1,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: phani1
> sn: phani1
> uid: phani1
> userPassword:: cGhhbmkx
>
> dn: uid=balaji1,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: balaji1
> sn: balaji1
> uid: balaji1
> userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0=
>
> dn: uid=balaji2,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: balaji2
> sn: balaji2
> uid: balaji2
> userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0=
>
> dn: ou=groups,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: groups
>
> dn: cn=admin,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> cn: admin
> uniqueMember: uid=system,ou=users,ou=system
>
> dn: cn=guest,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> cn: guest
> uniqueMember: uid=user2,ou=users,ou=system
> uniqueMember: uid=user1,ou=users,ou=system
>
> dn: ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: configuration
>
> dn: ou=partitions,ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: partitions
>
> dn: ou=services,ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: services
>
> dn: ou=interceptors,ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: interceptors
>
> dn: prefNodeName=sysPrefRoot,ou=system
> objectClass: extensibleObject
> prefNodeName: sysPrefRoot
>
> dn: uid=phani-users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: user1
> sn: user1
> uid: phani-users
>
>
>
> Thanks
> phani
>
>
>
>
>
> On 1/26/06, *Hernan Cunico* <hcunico@gmail.com
> <ma...@gmail.com> > wrote:
>
> Hi Phani,
> Can you export an LDIF so we can see your LDAP conf? I think the
> problem may be there.
>
> So far I have been able to add new users and alter the groups
> with my other LDAP client. Jxplorer is
> giving me some problems while importing/updating from LDIFs.
>
> Can you summarize the steps you do for adding the user?
>
> Cheers!
> Hernan
>
> Phani Madgula wrote:
>> Hi Hernan,
>>
>> I am using AG1.0. I tried with other LDAP clients.
>> I observed that, some clients store passwords in SHA, by deafult.
>> The authentication is failing in either case [MD5 or SHA]
>>
>> Thanks
>> phani
>>
>>
>> On 1/25/06, *Hernan Cunico* <hcunico@gmail.com
> <ma...@gmail.com>
>> <mailto:hcunico@gmail.com <ma...@gmail.com>>> wrote:
>>
>> Hi Phani,
>> So far I am only getting this error while using Jxplorer.
> What other
>> client have you tried?
>>
>> Cheers!
>> Hernan
>>
>> Hernan Cunico wrote:
>> >
>> >> Hi Phani,
>> >> sorry for the delay in the reply. I am having some
> issues too while
>> >> validating the user.
>> >> Maybe you arlready replied this in a previous note but,
> what
>> version
>> >> of Geronimo are you using?
>> >>
>> >> Cheers!
>> >> Hernan
>> >>
>> >> Phani Madgula wrote:
>> >>
>> >>> Hi Hernan,
>> >>>
>> >>> Thanks for the link. It is quite helpful & informative.
>> >>>
>> >>> I did similar operations, as specified in my previous
> mail, by
>> >>> deploying the sample application given in the
> article. I added
>> a new
>> >>> user user3/pass123 in "ou=users, ou=system" in Directory
>> server, and
>> >>> in geronimo-web.xml I added the user3 in role mappings
>> >>>
>> >>> <role-mappings>
>> >>> <role role-name="content-administrator">
>> >>> <realm
> realm-name="ldap-realm">
>> >>>
>> >>> <principal
>> >>>
>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> "
>> >>>
>> >>> name="admin" designated-run-as="true"/>
>> >>> <principal
>> >>>
>> class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal "
>> >>>
>> >>> name="system"/>
>> >>> <principal
>> >>>
>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal
> "
>> >>>
>> >>> name="user3"/>
>> >>> </realm>
>> >>> </role>
>> >>>
>> >>> <role role-name="guest">
>> >>> <realm realm-name="ldap-realm">
>> >>> <principal
>> >>>
>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>> >>> "
>> >>> name="guest" designated-run-as="true"/>
>> >>> <principal
>> >>>
>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>> >>>
>> >>> name="user1"/>
>> >>> <principal
>> >>>
>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>> >>>
>> >>> name="user2"/>
>> >>> </realm>
>> >>> </role>
>> >>>
>> >>> </role-mappings>
>> >>>
>> >>> I used Jxplorer LDAP client to create the new user
> users3. When I
>> >>> provide password in PLAIN format which uses BASE64
> encoding
>> through
>> >>> LDAP client, the application is authenticating
> successfully. When I
>> >>> store it in MD5, the authentication is failing for user3.
>> >>>
>> >>> Any issue while using MD5 ?
>> >>>
>> >>> thanks
>> >>> phani
>> >>>
>> >>> On 1/21/06, *Hernan Cunico* < hcunico@gmail.com
> <ma...@gmail.com>
>> <mailto: hcunico@gmail.com <ma...@gmail.com>>
>> >>> <mailto: hcunico@gmail.com <ma...@gmail.com>
> <mailto:hcunico@gmail.com <ma...@gmail.com>>> > wrote:
>> >>>
>> >>> Hi Phani,
>> >>> Here is an article that may help you configure LDAP
>> >>>
>> >>>
>> >>>
>>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
>> >>>
>> >>>
>> >>> Cheers!
>> >>> Hernan
>> >>>
>> >>> Phani Madgula wrote:
>> >>> > Hi
>> >>> >
>> >>> > I am facing a problem while connecting to LDAP
> server
>> from an
>> >>> LDAP client.
>> >>> > I have installed Softerra LDAP browser and tried to
>> connect to
>> >>> LDAP
>> >>> > server running on Geronimo.
>> >>> >
>> >>> > I always get "Can not connect to the LDAP
> server : ERROR
>> 91".
>> >>> >
>> >>> > Any solution?
>> >>> >
>> >>> > thanks
>> >>> > phani
>> >>>
>> >>>
>> >>
>> >
>>
>>
>
>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Phani Madgula <ph...@gmail.com>.
Hi Hernan/Aaron
I developed a small application that uses pure programmatic security login,
using Nescape Java LDAP SDK.
When I store password in MD5/SHA, I applied corresponding hashing on
password sent by user and compared with the passoword retrieved from the
LDAP server. To know how the password is stored in LDAP, we can check for
prefix "{md5}" for MD5, and "{sha}" for SHA.
The following is the code snippet
String uname = req.getParameter("userName");
String password = req.getParameter("password");
boolean loginSucceed = false;
String hashMethod = "PLAIN";
String hashedPassword = password;
String ldapPassword = getLdapPassword(uname); //Retrieve password from
LDAP for the user
if(ldapPassword.startsWith("{md5}")){
hashMethod = "MD5";
}else if(ldapPassword.startsWith("{sha}")){
hashMethod = "SHA";
}
if(hashMethod.equals("SHA")){
hashedPassword = getSHAHashedPassword(password);
}else if(hashMethod.equals("MD5")){
hashedPassword = getMD5HashedPassword(password);
}
System.out.println
("AuthenticateServlet:service:hashedPassword:"+hashedPassword);
System.out.println
("AuthenticateServlet:service:ldapPassword:"+ldapPassword);
if(hashedPassword.equals(ldapPassword))loginSucceed=true;
.
So, with programmatic login, we can solve the problem. I guess hashing is
not part of specification. With declarative security management, I guess,
current application login implementation must consider MD5/SHA also.
If the above points are valid, we can have a JIRA on this..?
Thanks
phani
On 1/27/06, Phani Madgula <ph...@gmail.com> wrote:
>
> Hi Hernan/Aaron
>
> The following is the export of my LDAP entries. I could export using
> JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2.
>
>
> In the below LDAP export, there are two users balaji1, balaji2 whose
> passwords are MD5 hashed.
> Where as for other users, the passwords are stored PLAIN. So, with
> balaji1/balaji2, I am getting "Userid/password wrong" message in the browser
> while authenticating.
>
> I am trying to find the answers for Aaron's questions. I will update soon.
>
> version: 1
> dn: ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: system
> userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=
>
> dn: uid=admin,ou=system
> objectClass: inetOrgPerson
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: system administrator
> displayName: Directory Superuser
> sn: administrator
> uid: admin
> userPassword:: c2VjcmV0
>
> dn: ou=users,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: users
>
> dn: uid=system,ou=users,ou=system
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: John Doe
> facsimiletelephonenumber: +1 408 555 5556
> givenname: John
> l: Las Vegas
> mail: system@apachecon.comm
> ou: People
> ou: Human Resources
> roomnumber: 4613
> sn: Doe
> telephonenumber: +1 408 555 5555
> uid: system
> userPassword:: bWFuYWdlcg==
>
> dn: uid=user1,ou=users,ou=system
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: User
> facsimiletelephonenumber: +1 408 555 5556
> givenname: User1
> l: Las Vegas
> mail: user1@apachecon.comm
> ou: People
> ou: Human Resources
> roomnumber: 4613
> sn: One
> telephonenumber: +1 408 555 5555
> uid: user1
> userPassword:: dXNlcjE=
>
> dn: uid=user2,ou=users,ou=system
> objectclass: inetOrgPerson
> objectclass: organizationalPerson
> objectclass: person
> objectclass: top
> cn: User
> facsimiletelephonenumber: +1 408 555 5556
> givenname: User2
> l: Las Vegas
> mail: user2@apachecon.comm
> ou: People
> ou: Human Resources
> roomnumber: 4613
> sn: Two
> telephonenumber: +1 408 555 5555
> uid: user2
> userPassword:: dXNlcjI=
>
> dn: uid=admin,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: admin
> sn: admin
> uid: admin
> userPassword:: YWRtaW4=
>
> dn: uid=user3,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: user3
> sn: user3
> uid: user3
> userPassword:: dXNlcjM=
>
> dn: uid=user4,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: user4
> sn: user4
> uid: user4
> userPassword:: dXNlcjQ=
>
> dn: uid=phani1,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: phani1
> sn: phani1
> uid: phani1
> userPassword:: cGhhbmkx
>
> dn: uid=balaji1,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: balaji1
> sn: balaji1
> uid: balaji1
> userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0=
>
> dn: uid=balaji2,ou=users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: balaji2
> sn: balaji2
> uid: balaji2
> userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0=
>
> dn: ou=groups,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: groups
>
> dn: cn=admin,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> cn: admin
> uniqueMember: uid=system,ou=users,ou=system
>
> dn: cn=guest,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> cn: guest
> uniqueMember: uid=user2,ou=users,ou=system
> uniqueMember: uid=user1,ou=users,ou=system
>
> dn: ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: configuration
>
> dn: ou=partitions,ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: partitions
>
> dn: ou=services,ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: services
>
> dn: ou=interceptors,ou=configuration,ou=system
> objectClass: organizationalUnit
> objectClass: top
> ou: interceptors
>
> dn: prefNodeName=sysPrefRoot,ou=system
> objectClass: extensibleObject
> prefNodeName: sysPrefRoot
>
> dn: uid=phani-users,ou=system
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> cn: user1
> sn: user1
> uid: phani-users
>
>
> Thanks
> phani
>
>
>
>
>
> On 1/26/06, Hernan Cunico <hc...@gmail.com> wrote:
> >
> > Hi Phani,
> > Can you export an LDIF so we can see your LDAP conf? I think the problem
> > may be there.
> >
> > So far I have been able to add new users and alter the groups with my
> > other LDAP client. Jxplorer is
> > giving me some problems while importing/updating from LDIFs.
> >
> > Can you summarize the steps you do for adding the user?
> >
> > Cheers!
> > Hernan
> >
> > Phani Madgula wrote:
> > > Hi Hernan,
> > >
> > > I am using AG1.0. I tried with other LDAP clients.
> > > I observed that, some clients store passwords in SHA, by deafult.
> > > The authentication is failing in either case [MD5 or SHA]
> > >
> > > Thanks
> > > phani
> > >
> > >
> > > On 1/25/06, *Hernan Cunico* <hcunico@gmail.com
> > > <mailto:hcunico@gmail.com >> wrote:
> > >
> > > Hi Phani,
> > > So far I am only getting this error while using Jxplorer. What
> > other
> > > client have you tried?
> > >
> > > Cheers!
> > > Hernan
> > >
> > > Hernan Cunico wrote:
> > > >
> > > >> Hi Phani,
> > > >> sorry for the delay in the reply. I am having some issues too
> > while
> > > >> validating the user.
> > > >> Maybe you arlready replied this in a previous note but, what
> > > version
> > > >> of Geronimo are you using?
> > > >>
> > > >> Cheers!
> > > >> Hernan
> > > >>
> > > >> Phani Madgula wrote:
> > > >>
> > > >>> Hi Hernan,
> > > >>>
> > > >>> Thanks for the link. It is quite helpful & informative.
> > > >>>
> > > >>> I did similar operations, as specified in my previous mail,
> > by
> > > >>> deploying the sample application given in the article. I
> > added
> > > a new
> > > >>> user user3/pass123 in "ou=users, ou=system" in Directory
> > > server, and
> > > >>> in geronimo-web.xml I added the user3 in role mappings
> > > >>>
> > > >>> <role-mappings>
> > > >>> <role role-name="content-administrator">
> > > >>> <realm realm-name="ldap-realm">
> > > >>>
> > > >>> <principal
> > > >>>
> > > class="
> > org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal "
> > > >>>
> > > >>> name="admin" designated-run-as="true"/>
> > > >>> <principal
> > > >>>
> > > class="
> > org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > > >>>
> > > >>> name="system"/>
> > > >>> <principal
> > > >>>
> > > class="
> > org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > > >>>
> > > >>> name="user3"/>
> > > >>> </realm>
> > > >>> </role>
> > > >>>
> > > >>> <role role-name="guest">
> > > >>> <realm realm-name="ldap-realm">
> > > >>> <principal
> > > >>>
> > > class="
> > org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> > > >>> "
> > > >>> name="guest" designated-run-as="true"/>
> > > >>> <principal
> > > >>>
> > > class="
> > org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > > >>>
> > > >>> name="user1"/>
> > > >>> <principal
> > > >>>
> > > class="
> > org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > > >>>
> > > >>> name="user2"/>
> > > >>> </realm>
> > > >>> </role>
> > > >>>
> > > >>> </role-mappings>
> > > >>>
> > > >>> I used Jxplorer LDAP client to create the new user users3.
> > When I
> > > >>> provide password in PLAIN format which uses BASE64 encoding
> > > through
> > > >>> LDAP client, the application is authenticating successfully.
> > When I
> > > >>> store it in MD5, the authentication is failing for user3.
> > > >>>
> > > >>> Any issue while using MD5 ?
> > > >>>
> > > >>> thanks
> > > >>> phani
> > > >>>
> > > >>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> > > <mailto: hcunico@gmail.com>
> > > >>> <mailto: hcunico@gmail.com <ma...@gmail.com>> >
> > wrote:
> > > >>>
> > > >>> Hi Phani,
> > > >>> Here is an article that may help you configure LDAP
> > > >>>
> > > >>>
> > > >>>
> > >
> > http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> > > >>>
> > > >>>
> > > >>> Cheers!
> > > >>> Hernan
> > > >>>
> > > >>> Phani Madgula wrote:
> > > >>> > Hi
> > > >>> >
> > > >>> > I am facing a problem while connecting to LDAP server
> > > from an
> > > >>> LDAP client.
> > > >>> > I have installed Softerra LDAP browser and tried to
> > > connect to
> > > >>> LDAP
> > > >>> > server running on Geronimo.
> > > >>> >
> > > >>> > I always get "Can not connect to the LDAP server :
> > ERROR
> > > 91".
> > > >>> >
> > > >>> > Any solution?
> > > >>> >
> > > >>> > thanks
> > > >>> > phani
> > > >>>
> > > >>>
> > > >>
> > > >
> > >
> > >
> >
>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Phani Madgula <ph...@gmail.com>.
Hi Hernan/Aaron
The following is the export of my LDAP entries. I could export using
JXplorer. I also used another LDAP client called LDAP Browser/Editor 2.8.2.
In the below LDAP export, there are two users balaji1, balaji2 whose
passwords are MD5 hashed.
Where as for other users, the passwords are stored PLAIN. So, with
balaji1/balaji2, I am getting "Userid/password wrong" message in the browser
while authenticating.
I am trying to find the answers for Aaron's questions. I will update soon.
version: 1
dn: ou=system
objectClass: organizationalUnit
objectClass: top
ou: system
userPassword:: e21kNX1JU012S1hwWHBhZERpVW9PU29BZnd3PT0=
dn: uid=admin,ou=system
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: system administrator
displayName: Directory Superuser
sn: administrator
uid: admin
userPassword:: c2VjcmV0
dn: ou=users,ou=system
objectClass: organizationalUnit
objectClass: top
ou: users
dn: uid=system,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: John Doe
facsimiletelephonenumber: +1 408 555 5556
givenname: John
l: Las Vegas
mail: system@apachecon.comm
ou: People
ou: Human Resources
roomnumber: 4613
sn: Doe
telephonenumber: +1 408 555 5555
uid: system
userPassword:: bWFuYWdlcg==
dn: uid=user1,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User1
l: Las Vegas
mail: user1@apachecon.comm
ou: People
ou: Human Resources
roomnumber: 4613
sn: One
telephonenumber: +1 408 555 5555
uid: user1
userPassword:: dXNlcjE=
dn: uid=user2,ou=users,ou=system
objectclass: inetOrgPerson
objectclass: organizationalPerson
objectclass: person
objectclass: top
cn: User
facsimiletelephonenumber: +1 408 555 5556
givenname: User2
l: Las Vegas
mail: user2@apachecon.comm
ou: People
ou: Human Resources
roomnumber: 4613
sn: Two
telephonenumber: +1 408 555 5555
uid: user2
userPassword:: dXNlcjI=
dn: uid=admin,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: admin
sn: admin
uid: admin
userPassword:: YWRtaW4=
dn: uid=user3,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user3
sn: user3
uid: user3
userPassword:: dXNlcjM=
dn: uid=user4,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user4
sn: user4
uid: user4
userPassword:: dXNlcjQ=
dn: uid=phani1,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: phani1
sn: phani1
uid: phani1
userPassword:: cGhhbmkx
dn: uid=balaji1,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: balaji1
sn: balaji1
uid: balaji1
userPassword:: e21kNX1wRWdLL2ZSODZXQmlPU1FZYmdFQUpBPT0=
dn: uid=balaji2,ou=users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: balaji2
sn: balaji2
uid: balaji2
userPassword:: e21kNX1zdXNnSkwybWx0V0ZrZlpWWjk3WnBBPT0=
dn: ou=groups,ou=system
objectClass: organizationalUnit
objectClass: top
ou: groups
dn: cn=admin,ou=groups,ou=system
objectClass: groupOfUniqueNames
cn: admin
uniqueMember: uid=system,ou=users,ou=system
dn: cn=guest,ou=groups,ou=system
objectClass: groupOfUniqueNames
cn: guest
uniqueMember: uid=user2,ou=users,ou=system
uniqueMember: uid=user1,ou=users,ou=system
dn: ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: configuration
dn: ou=partitions,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: partitions
dn: ou=services,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: services
dn: ou=interceptors,ou=configuration,ou=system
objectClass: organizationalUnit
objectClass: top
ou: interceptors
dn: prefNodeName=sysPrefRoot,ou=system
objectClass: extensibleObject
prefNodeName: sysPrefRoot
dn: uid=phani-users,ou=system
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: user1
sn: user1
uid: phani-users
Thanks
phani
On 1/26/06, Hernan Cunico <hc...@gmail.com> wrote:
>
> Hi Phani,
> Can you export an LDIF so we can see your LDAP conf? I think the problem
> may be there.
>
> So far I have been able to add new users and alter the groups with my
> other LDAP client. Jxplorer is
> giving me some problems while importing/updating from LDIFs.
>
> Can you summarize the steps you do for adding the user?
>
> Cheers!
> Hernan
>
> Phani Madgula wrote:
> > Hi Hernan,
> >
> > I am using AG1.0. I tried with other LDAP clients.
> > I observed that, some clients store passwords in SHA, by deafult.
> > The authentication is failing in either case [MD5 or SHA]
> >
> > Thanks
> > phani
> >
> >
> > On 1/25/06, *Hernan Cunico* <hcunico@gmail.com
> > <ma...@gmail.com>> wrote:
> >
> > Hi Phani,
> > So far I am only getting this error while using Jxplorer. What other
> > client have you tried?
> >
> > Cheers!
> > Hernan
> >
> > Hernan Cunico wrote:
> > >
> > >> Hi Phani,
> > >> sorry for the delay in the reply. I am having some issues too
> while
> > >> validating the user.
> > >> Maybe you arlready replied this in a previous note but, what
> > version
> > >> of Geronimo are you using?
> > >>
> > >> Cheers!
> > >> Hernan
> > >>
> > >> Phani Madgula wrote:
> > >>
> > >>> Hi Hernan,
> > >>>
> > >>> Thanks for the link. It is quite helpful & informative.
> > >>>
> > >>> I did similar operations, as specified in my previous mail, by
> > >>> deploying the sample application given in the article. I added
> > a new
> > >>> user user3/pass123 in "ou=users, ou=system" in Directory
> > server, and
> > >>> in geronimo-web.xml I added the user3 in role mappings
> > >>>
> > >>> <role-mappings>
> > >>> <role role-name="content-administrator">
> > >>> <realm realm-name="ldap-realm">
> > >>>
> > >>> <principal
> > >>>
> > class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> > >>>
> > >>> name="admin" designated-run-as="true"/>
> > >>> <principal
> > >>>
> > class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="system"/>
> > >>> <principal
> > >>>
> > class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="user3"/>
> > >>> </realm>
> > >>> </role>
> > >>>
> > >>> <role role-name="guest">
> > >>> <realm realm-name="ldap-realm">
> > >>> <principal
> > >>>
> > class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> > >>> "
> > >>> name="guest" designated-run-as="true"/>
> > >>> <principal
> > >>>
> > class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="user1"/>
> > >>> <principal
> > >>>
> > class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> > >>>
> > >>> name="user2"/>
> > >>> </realm>
> > >>> </role>
> > >>>
> > >>> </role-mappings>
> > >>>
> > >>> I used Jxplorer LDAP client to create the new user users3. When
> I
> > >>> provide password in PLAIN format which uses BASE64 encoding
> > through
> > >>> LDAP client, the application is authenticating successfully.
> When I
> > >>> store it in MD5, the authentication is failing for user3.
> > >>>
> > >>> Any issue while using MD5 ?
> > >>>
> > >>> thanks
> > >>> phani
> > >>>
> > >>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> > <ma...@gmail.com>
> > >>> <mailto: hcunico@gmail.com <ma...@gmail.com>> > wrote:
> > >>>
> > >>> Hi Phani,
> > >>> Here is an article that may help you configure LDAP
> > >>>
> > >>>
> > >>>
> >
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> > >>>
> > >>>
> > >>> Cheers!
> > >>> Hernan
> > >>>
> > >>> Phani Madgula wrote:
> > >>> > Hi
> > >>> >
> > >>> > I am facing a problem while connecting to LDAP server
> > from an
> > >>> LDAP client.
> > >>> > I have installed Softerra LDAP browser and tried to
> > connect to
> > >>> LDAP
> > >>> > server running on Geronimo.
> > >>> >
> > >>> > I always get "Can not connect to the LDAP server : ERROR
> > 91".
> > >>> >
> > >>> > Any solution?
> > >>> >
> > >>> > thanks
> > >>> > phani
> > >>>
> > >>>
> > >>
> > >
> >
> >
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Hernan Cunico <hc...@gmail.com>.
Hi Phani,
Can you export an LDIF so we can see your LDAP conf? I think the problem may be there.
So far I have been able to add new users and alter the groups with my other LDAP client. Jxplorer is
giving me some problems while importing/updating from LDIFs.
Can you summarize the steps you do for adding the user?
Cheers!
Hernan
Phani Madgula wrote:
> Hi Hernan,
>
> I am using AG1.0. I tried with other LDAP clients.
> I observed that, some clients store passwords in SHA, by deafult.
> The authentication is failing in either case [MD5 or SHA]
>
> Thanks
> phani
>
>
> On 1/25/06, *Hernan Cunico* <hcunico@gmail.com
> <ma...@gmail.com>> wrote:
>
> Hi Phani,
> So far I am only getting this error while using Jxplorer. What other
> client have you tried?
>
> Cheers!
> Hernan
>
> Hernan Cunico wrote:
> >
> >> Hi Phani,
> >> sorry for the delay in the reply. I am having some issues too while
> >> validating the user.
> >> Maybe you arlready replied this in a previous note but, what
> version
> >> of Geronimo are you using?
> >>
> >> Cheers!
> >> Hernan
> >>
> >> Phani Madgula wrote:
> >>
> >>> Hi Hernan,
> >>>
> >>> Thanks for the link. It is quite helpful & informative.
> >>>
> >>> I did similar operations, as specified in my previous mail, by
> >>> deploying the sample application given in the article. I added
> a new
> >>> user user3/pass123 in "ou=users, ou=system" in Directory
> server, and
> >>> in geronimo-web.xml I added the user3 in role mappings
> >>>
> >>> <role-mappings>
> >>> <role role-name="content-administrator">
> >>> <realm realm-name="ldap-realm">
> >>>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> >>>
> >>> name="admin" designated-run-as="true"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="system"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user3"/>
> >>> </realm>
> >>> </role>
> >>>
> >>> <role role-name="guest">
> >>> <realm realm-name="ldap-realm">
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> >>> "
> >>> name="guest" designated-run-as="true"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user1"/>
> >>> <principal
> >>>
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user2"/>
> >>> </realm>
> >>> </role>
> >>>
> >>> </role-mappings>
> >>>
> >>> I used Jxplorer LDAP client to create the new user users3. When I
> >>> provide password in PLAIN format which uses BASE64 encoding
> through
> >>> LDAP client, the application is authenticating successfully. When I
> >>> store it in MD5, the authentication is failing for user3.
> >>>
> >>> Any issue while using MD5 ?
> >>>
> >>> thanks
> >>> phani
> >>>
> >>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> <ma...@gmail.com>
> >>> <mailto: hcunico@gmail.com <ma...@gmail.com>> > wrote:
> >>>
> >>> Hi Phani,
> >>> Here is an article that may help you configure LDAP
> >>>
> >>>
> >>>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> >>>
> >>>
> >>> Cheers!
> >>> Hernan
> >>>
> >>> Phani Madgula wrote:
> >>> > Hi
> >>> >
> >>> > I am facing a problem while connecting to LDAP server
> from an
> >>> LDAP client.
> >>> > I have installed Softerra LDAP browser and tried to
> connect to
> >>> LDAP
> >>> > server running on Geronimo.
> >>> >
> >>> > I always get "Can not connect to the LDAP server : ERROR
> 91".
> >>> >
> >>> > Any solution?
> >>> >
> >>> > thanks
> >>> > phani
> >>>
> >>>
> >>
> >
>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Phani Madgula <ph...@gmail.com>.
Hi Hernan,
I am using AG1.0. I tried with other LDAP clients.
I observed that, some clients store passwords in SHA, by deafult.
The authentication is failing in either case [MD5 or SHA]
Thanks
phani
On 1/25/06, Hernan Cunico <hc...@gmail.com> wrote:
>
> Hi Phani,
> So far I am only getting this error while using Jxplorer. What other
> client have you tried?
>
> Cheers!
> Hernan
>
> Hernan Cunico wrote:
> >
> >> Hi Phani,
> >> sorry for the delay in the reply. I am having some issues too while
> >> validating the user.
> >> Maybe you arlready replied this in a previous note but, what version
> >> of Geronimo are you using?
> >>
> >> Cheers!
> >> Hernan
> >>
> >> Phani Madgula wrote:
> >>
> >>> Hi Hernan,
> >>>
> >>> Thanks for the link. It is quite helpful & informative.
> >>>
> >>> I did similar operations, as specified in my previous mail, by
> >>> deploying the sample application given in the article. I added a new
> >>> user user3/pass123 in "ou=users, ou=system" in Directory server, and
> >>> in geronimo-web.xml I added the user3 in role mappings
> >>>
> >>> <role-mappings>
> >>> <role role-name="content-administrator">
> >>> <realm realm-name="ldap-realm">
> >>>
> >>> <principal
> >>> class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
> >>>
> >>> name="admin" designated-run-as="true"/>
> >>> <principal
> >>> class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="system"/>
> >>> <principal
> >>> class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user3"/>
> >>> </realm>
> >>> </role>
> >>>
> >>> <role role-name="guest">
> >>> <realm realm-name="ldap-realm">
> >>> <principal
> >>> class="
> org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> >>> "
> >>> name="guest" designated-run-as="true"/>
> >>> <principal
> >>> class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user1"/>
> >>> <principal
> >>> class="
> org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> >>>
> >>> name="user2"/>
> >>> </realm>
> >>> </role>
> >>>
> >>> </role-mappings>
> >>>
> >>> I used Jxplorer LDAP client to create the new user users3. When I
> >>> provide password in PLAIN format which uses BASE64 encoding through
> >>> LDAP client, the application is authenticating successfully. When I
> >>> store it in MD5, the authentication is failing for user3.
> >>>
> >>> Any issue while using MD5 ?
> >>>
> >>> thanks
> >>> phani
> >>>
> >>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> >>> <ma...@gmail.com> > wrote:
> >>>
> >>> Hi Phani,
> >>> Here is an article that may help you configure LDAP
> >>>
> >>>
> >>>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
> >>>
> >>>
> >>> Cheers!
> >>> Hernan
> >>>
> >>> Phani Madgula wrote:
> >>> > Hi
> >>> >
> >>> > I am facing a problem while connecting to LDAP server from an
> >>> LDAP client.
> >>> > I have installed Softerra LDAP browser and tried to connect to
> >>> LDAP
> >>> > server running on Geronimo.
> >>> >
> >>> > I always get "Can not connect to the LDAP server : ERROR 91".
> >>> >
> >>> > Any solution?
> >>> >
> >>> > thanks
> >>> > phani
> >>>
> >>>
> >>
> >
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Hernan Cunico <hc...@gmail.com>.
Hi Phani,
So far I am only getting this error while using Jxplorer. What other
client have you tried?
Cheers!
Hernan
Hernan Cunico wrote:
>
>> Hi Phani,
>> sorry for the delay in the reply. I am having some issues too while
>> validating the user.
>> Maybe you arlready replied this in a previous note but, what version
>> of Geronimo are you using?
>>
>> Cheers!
>> Hernan
>>
>> Phani Madgula wrote:
>>
>>> Hi Hernan,
>>>
>>> Thanks for the link. It is quite helpful & informative.
>>>
>>> I did similar operations, as specified in my previous mail, by
>>> deploying the sample application given in the article. I added a new
>>> user user3/pass123 in "ou=users, ou=system" in Directory server, and
>>> in geronimo-web.xml I added the user3 in role mappings
>>>
>>> <role-mappings>
>>> <role role-name="content-administrator">
>>> <realm realm-name="ldap-realm">
>>>
>>> <principal
>>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>>>
>>> name="admin" designated-run-as="true"/>
>>> <principal
>>> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>>>
>>> name="system"/>
>>> <principal
>>> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>>>
>>> name="user3"/>
>>> </realm>
>>> </role>
>>>
>>> <role role-name="guest">
>>> <realm realm-name="ldap-realm">
>>> <principal
>>> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
>>> "
>>> name="guest" designated-run-as="true"/>
>>> <principal
>>> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>>>
>>> name="user1"/>
>>> <principal
>>> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
>>>
>>> name="user2"/>
>>> </realm>
>>> </role>
>>>
>>> </role-mappings>
>>>
>>> I used Jxplorer LDAP client to create the new user users3. When I
>>> provide password in PLAIN format which uses BASE64 encoding through
>>> LDAP client, the application is authenticating successfully. When I
>>> store it in MD5, the authentication is failing for user3.
>>>
>>> Any issue while using MD5 ?
>>>
>>> thanks
>>> phani
>>>
>>> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
>>> <ma...@gmail.com> > wrote:
>>>
>>> Hi Phani,
>>> Here is an article that may help you configure LDAP
>>>
>>>
>>> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
>>>
>>>
>>> Cheers!
>>> Hernan
>>>
>>> Phani Madgula wrote:
>>> > Hi
>>> >
>>> > I am facing a problem while connecting to LDAP server from an
>>> LDAP client.
>>> > I have installed Softerra LDAP browser and tried to connect to
>>> LDAP
>>> > server running on Geronimo.
>>> >
>>> > I always get "Can not connect to the LDAP server : ERROR 91".
>>> >
>>> > Any solution?
>>> >
>>> > thanks
>>> > phani
>>>
>>>
>>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Hernan Cunico <hc...@gmail.com>.
Hi Phani,
sorry for the delay in the reply. I am having some issues too while validating the user.
Maybe you arlready replied this in a previous note but, what version of Geronimo are you using?
Cheers!
Hernan
Phani Madgula wrote:
> Hi Hernan,
>
> Thanks for the link. It is quite helpful & informative.
>
> I did similar operations, as specified in my previous mail, by deploying
> the sample application given in the article.
>
> I added a new user user3/pass123 in "ou=users, ou=system" in Directory
> server, and in geronimo-web.xml I added the user3 in role mappings
>
> <role-mappings>
> <role role-name="content-administrator">
>
> <realm realm-name="ldap-realm">
>
> <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>
> name="admin" designated-run-as="true"/>
> <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> name="system"/>
> <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> name="user3"/>
>
> </realm>
>
> </role>
>
> <role role-name="guest">
> <realm realm-name="ldap-realm">
> <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal
> "
> name="guest" designated-run-as="true"/>
> <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> name="user1"/>
> <principal
> class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
> name="user2"/>
> </realm>
> </role>
>
> </role-mappings>
>
> I used Jxplorer LDAP client to create the new user users3. When
> I provide password in PLAIN format which uses BASE64 encoding through
> LDAP client, the application is authenticating successfully. When I
> store it in MD5, the authentication is failing for user3.
>
> Any issue while using MD5 ?
>
> thanks
> phani
>
> On 1/21/06, *Hernan Cunico* <hcunico@gmail.com
> <ma...@gmail.com> > wrote:
>
> Hi Phani,
> Here is an article that may help you configure LDAP
>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
>
> Cheers!
> Hernan
>
> Phani Madgula wrote:
> > Hi
> >
> > I am facing a problem while connecting to LDAP server from an
> LDAP client.
> > I have installed Softerra LDAP browser and tried to connect to LDAP
> > server running on Geronimo.
> >
> > I always get "Can not connect to the LDAP server : ERROR 91".
> >
> > Any solution?
> >
> > thanks
> > phani
>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Phani Madgula <ph...@gmail.com>.
Hi Hernan,
Thanks for the link. It is quite helpful & informative.
I did similar operations, as specified in my previous mail, by deploying the
sample application given in the article.
I added a new user user3/pass123 in "ou=users, ou=system" in Directory
server, and in geronimo-web.xml I added the user3 in role mappings
<role-mappings>
<role role-name="content-administrator">
<realm realm-name="ldap-realm">
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" designated-run-as="true"/>
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system"/>
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user3"/>
</realm>
</role>
<role role-name="guest">
<realm realm-name="ldap-realm">
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="guest" designated-run-as="true"/>
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user1"/>
<principal class="
org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user2"/>
</realm>
</role>
</role-mappings>
I used Jxplorer LDAP client to create the new user users3. When I provide
password in PLAIN format which uses BASE64 encoding through LDAP client, the
application is authenticating successfully. When I store it in MD5, the
authentication is failing for user3.
Any issue while using MD5 ?
thanks
phani
On 1/21/06, Hernan Cunico <hc...@gmail.com> wrote:
>
> Hi Phani,
> Here is an article that may help you configure LDAP
>
>
> http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
>
> Cheers!
> Hernan
>
> Phani Madgula wrote:
> > Hi
> >
> > I am facing a problem while connecting to LDAP server from an LDAP
> client.
> > I have installed Softerra LDAP browser and tried to connect to LDAP
> > server running on Geronimo.
> >
> > I always get "Can not connect to the LDAP server : ERROR 91".
> >
> > Any solution?
> >
> > thanks
> > phani
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Hernan Cunico <hc...@gmail.com>.
Hi Phani,
Here is an article that may help you configure LDAP
http://opensource2.atlassian.com/confluence/oss/display/GERONIMO/Configuring+LDAP
Cheers!
Hernan
Phani Madgula wrote:
> Hi
>
> I am facing a problem while connecting to LDAP server from an LDAP client.
> I have installed Softerra LDAP browser and tried to connect to LDAP
> server running on Geronimo.
>
> I always get "Can not connect to the LDAP server : ERROR 91".
>
> Any solution?
>
> thanks
> phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Krishnakumar B <ww...@gmail.com>.
hi phani,
try JXplorer ( http://pegacat.com/jxplorer/ )
Regards
Krish
On 1/20/06, Phani Madgula <ph...@gmail.com> wrote:
> Hi
>
> I am facing a problem while connecting to LDAP server from an LDAP client.
> I have installed Softerra LDAP browser and tried to connect to LDAP server
> running on Geronimo.
>
> I always get "Can not connect to the LDAP server : ERROR 91".
>
> Any solution?
>
> thanks
> phani
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Phani Madgula <ph...@gmail.com>.
Hi,
Thanks for help. I am currently porting an application on geronimo using
Apache Directory Server Service..
I am facing a problem with passwords.
I have an application that uses LDAP authentication. I have an user in LDAP
Server, lets say, "user3" with password "pass123".
We can store the passwords in LDAP server either in BASE64 encoding or in
MD5 digest or in SHA.
If I store password in BASE64 encoding, the application is authenticating
successfully when I give correct userid/password as "user3"/"pass123".
When I store password in MD5, the authentication is failing with
user3/pass123 as userid/password, eventhough they are correct as said above.
When I tried to investigate the problem, I found the following.
LDAP server is storing the password as
BASE64Encoding("{md5}"+BASE64Encoding(MD5("pass123"))). Here "pass123" is
the password.
MD5("pass123") is MD5 on "pass123".
So, when I send the password as "pass123", the LDAP server is not performing
similar operation on this, as above, and compare it for
authentication. I guess, the responsibility does not lie on programmer to
perform similar operation and send it for authentication.
Is it a problem with LDAP server?
Any comments on this?
Thanks
phani
On 1/20/06, Cristian Roldan <ro...@yahoo.com.ar> wrote:
>
> Hi,
> I have used the IBM's ldap client, but you could you any ldap client.
>
> ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -w secret -b
> "ou=system" "objectClass=*"
>
> if everything works ok this should be the output:
>
> ou=system
> ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=system
> ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=configuration,ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=configuration
> ou=interceptors,ou=configuration,ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=interceptors
> ou=partitions,ou=configuration,ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=partitions
> ou=services,ou=configuration,ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=services
> ou=groups,ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=groups
> ou=users,ou=system
> objectClass=organizationalUnit
> objectClass=top
> ou=users
> prefNodeName=sysPrefRoot,ou=system
> objectClass=extensibleObject
> prefNodeName=sysPrefRoot
> uid=admin,ou=system
> sn=administrator
> objectClass=inetOrgPerson
> objectClass=organizationalPerson
> objectClass=person
> objectClass=top
> cn=system administrator
> uid=admin
> userPassword=secret
> displayName=Directory Superuser
>
> Bye.
>
>
> *Phani Madgula <ph...@gmail.com>* escribió:
>
> Hi
>
> I am facing a problem while connecting to LDAP server from an LDAP client.
> I have installed Softerra LDAP browser and tried to connect to LDAP server
> running on Geronimo.
>
> I always get "Can not connect to the LDAP server : ERROR 91".
>
> Any solution?
>
> thanks
> phani
>
>
>
>
> ------------------------------
> *1GB gratis*, Antivirus y Antispam
> Correo Yahoo!, el mejor correo web del mundo
> Abrí tu cuenta aquí <http://login.yahoo.com/config/mail?.intl=ar>
>
>
Re: How to connect to LDAP server on Geronimo from an LDAP client?
Posted by Cristian Roldan <ro...@yahoo.com.ar>.
Hi,
I have used the IBM's ldap client, but you could you any ldap client.
ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -w secret -b "ou=system" "objectClass=*"
if everything works ok this should be the output:
ou=system
ou=system
objectClass=organizationalUnit
objectClass=top
ou=system
ou=system
objectClass=organizationalUnit
objectClass=top
ou=configuration,ou=system
objectClass=organizationalUnit
objectClass=top
ou=configuration
ou=interceptors,ou=configuration,ou=system
objectClass=organizationalUnit
objectClass=top
ou=interceptors
ou=partitions,ou=configuration,ou=system
objectClass=organizationalUnit
objectClass=top
ou=partitions
ou=services,ou=configuration,ou=system
objectClass=organizationalUnit
objectClass=top
ou=services
ou=groups,ou=system
objectClass=organizationalUnit
objectClass=top
ou=groups
ou=users,ou=system
objectClass=organizationalUnit
objectClass=top
ou=users
prefNodeName=sysPrefRoot,ou=system
objectClass=extensibleObject
prefNodeName=sysPrefRoot
uid=admin,ou=system
sn=administrator
objectClass=inetOrgPerson
objectClass=organizationalPerson
objectClass=person
objectClass=top
cn=system administrator
uid=admin
userPassword=secret
displayName=Directory Superuser
Bye.
Phani Madgula <ph...@gmail.com> escribió:
Hi
I am facing a problem while connecting to LDAP server from an LDAP client.
I have installed Softerra LDAP browser and tried to connect to LDAP server running on Geronimo.
I always get "Can not connect to the LDAP server : ERROR 91".
Any solution?
thanks
phani
---------------------------------
1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí