You are viewing a plain text version of this content. The canonical link for it is here.

Posted to api@directory.apache.org by Andrew Hastie <an...@ahastie.net> on 2013/12/31 14:09:08 UTC

Example of using DIGEST-MD5 against MS Active Directory

Hi,

I'm experimenting with the API in an attempt to authenticate a 
User+Password combination against an instance of MS ActiveDirectory. I 
have both LDPA and LDAPS working fine, but when I try and use 
br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:

DEBUG - Bind failed : MessageType : BIND_RESPONSE
Message ID : 1
     BindResponse
         Ldap Result
             Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress

Does anyone have an example of the correct usage of the API when using 
DIGEST-MD5? I assume this should work at the current release of the API 
as I can specify DIGEST-MD5 (SASL) when configuring a connection in the 
Apache Directory Studio, along with the Bind User or DN, password and 
SASL Realm. Which leads me to question how should I specify the "SASL 
Realm" via the API?

Any thoughts or suggestions gratefully received.

Thanks
Andrew

Re: Example of using DIGEST-MD5 against MS Active Directory

Posted by Kiran Ayyagari <ka...@apache.org>.

On Tue, Dec 31, 2013 at 8:00 PM, Andrew Hastie <an...@ahastie.net> wrote:

> Thanks Kiran - That works perfectly for me now.
>
> I fell over the fact that the implementation class LdapNetworkConnection
> does accept an instance of SaslDigestMd5Request whereas the interface class
> LdapConnection does not. I see this commented in the source[2]:-
>
> // TODO: all the SASL bind methods are not declared in this interface, but
> implemented in LdapNetworkConnection. Is that intended?
>
> part of the reason was that there are two implementations of this interface
one of them is a connection to an embedded instance in which SASL bind has
no meaning.

[2]
> http://svn.apache.org/repos/asf/directory/shared/trunk/
> ldap/client/api/src/main/java/org/apache/directory/ldap/
> client/api/LdapConnection.java
>
>
>
> On 31/12/13 13:19, Kiran Ayyagari wrote:
>
>> use SaslDigestMd5Request class
>>
>> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>>
>> [1]
>> http://svn.apache.org/repos/asf/directory/apacheds/trunk/
>> server-integ/src/test/java/org/apache/directory/server/
>> operations/bind/SaslBindIT.java
>>
>>
>> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<an...@ahastie.net>
>>  wrote:
>>
>>  Hi,
>>>
>>> I'm experimenting with the API in an attempt to authenticate a
>>> User+Password combination against an instance of MS ActiveDirectory. I
>>> have
>>> both LDPA and LDAPS working fine, but when I try and use
>>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>>
>>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>>> Message ID : 1
>>>      BindResponse
>>>          Ldap Result
>>>              Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>>
>>> Does anyone have an example of the correct usage of the API when using
>>> DIGEST-MD5? I assume this should work at the current release of the API
>>> as
>>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the
>>> Apache
>>> Directory Studio, along with the Bind User or DN, password and SASL
>>> Realm.
>>> Which leads me to question how should I specify the "SASL Realm" via the
>>> API?
>>>
>>> Any thoughts or suggestions gratefully received.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>>
>>
>>


-- 
Kiran Ayyagari
http://keydap.com

Re: Example of using DIGEST-MD5 against MS Active Directory

Posted by Kiran Ayyagari <ka...@apache.org>.

On Tue, Dec 31, 2013 at 8:00 PM, Andrew Hastie <an...@ahastie.net> wrote:

> Thanks Kiran - That works perfectly for me now.
>
> I fell over the fact that the implementation class LdapNetworkConnection
> does accept an instance of SaslDigestMd5Request whereas the interface class
> LdapConnection does not. I see this commented in the source[2]:-
>
> // TODO: all the SASL bind methods are not declared in this interface, but
> implemented in LdapNetworkConnection. Is that intended?
>
> part of the reason was that there are two implementations of this interface
one of them is a connection to an embedded instance in which SASL bind has
no meaning.

[2]
> http://svn.apache.org/repos/asf/directory/shared/trunk/
> ldap/client/api/src/main/java/org/apache/directory/ldap/
> client/api/LdapConnection.java
>
>
>
> On 31/12/13 13:19, Kiran Ayyagari wrote:
>
>> use SaslDigestMd5Request class
>>
>> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>>
>> [1]
>> http://svn.apache.org/repos/asf/directory/apacheds/trunk/
>> server-integ/src/test/java/org/apache/directory/server/
>> operations/bind/SaslBindIT.java
>>
>>
>> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<an...@ahastie.net>
>>  wrote:
>>
>>  Hi,
>>>
>>> I'm experimenting with the API in an attempt to authenticate a
>>> User+Password combination against an instance of MS ActiveDirectory. I
>>> have
>>> both LDPA and LDAPS working fine, but when I try and use
>>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>>
>>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>>> Message ID : 1
>>>      BindResponse
>>>          Ldap Result
>>>              Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>>
>>> Does anyone have an example of the correct usage of the API when using
>>> DIGEST-MD5? I assume this should work at the current release of the API
>>> as
>>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the
>>> Apache
>>> Directory Studio, along with the Bind User or DN, password and SASL
>>> Realm.
>>> Which leads me to question how should I specify the "SASL Realm" via the
>>> API?
>>>
>>> Any thoughts or suggestions gratefully received.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>>
>>
>>


-- 
Kiran Ayyagari
http://keydap.com

Re: Example of using DIGEST-MD5 against MS Active Directory

Posted by Andrew Hastie <an...@ahastie.net>.

Thanks Kiran - That works perfectly for me now.

I fell over the fact that the implementation class LdapNetworkConnection 
does accept an instance of SaslDigestMd5Request whereas the interface 
class LdapConnection does not. I see this commented in the source[2]:-

// TODO: all the SASL bind methods are not declared in this interface, 
but implemented in LdapNetworkConnection. Is that intended?

[2]
http://svn.apache.org/repos/asf/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnection.java


On 31/12/13 13:19, Kiran Ayyagari wrote:
> use SaslDigestMd5Request class
>
> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>
> [1]
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
>
>
> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<an...@ahastie.net>  wrote:
>
>> Hi,
>>
>> I'm experimenting with the API in an attempt to authenticate a
>> User+Password combination against an instance of MS ActiveDirectory. I have
>> both LDPA and LDAPS working fine, but when I try and use
>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>
>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>> Message ID : 1
>>      BindResponse
>>          Ldap Result
>>              Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>
>> Does anyone have an example of the correct usage of the API when using
>> DIGEST-MD5? I assume this should work at the current release of the API as
>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the Apache
>> Directory Studio, along with the Bind User or DN, password and SASL Realm.
>> Which leads me to question how should I specify the "SASL Realm" via the
>> API?
>>
>> Any thoughts or suggestions gratefully received.
>>
>> Thanks
>> Andrew
>>
>>
>
>

Re: Example of using DIGEST-MD5 against MS Active Directory

Posted by Kiran Ayyagari <ka...@apache.org>.

use SaslDigestMd5Request class

take a look at the testSaslDigestMd5Bind() method in this[1] test class

[1]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java


On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie <an...@ahastie.net> wrote:

> Hi,
>
> I'm experimenting with the API in an attempt to authenticate a
> User+Password combination against an instance of MS ActiveDirectory. I have
> both LDPA and LDAPS working fine, but when I try and use
> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>
> DEBUG - Bind failed : MessageType : BIND_RESPONSE
> Message ID : 1
>     BindResponse
>         Ldap Result
>             Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>
> Does anyone have an example of the correct usage of the API when using
> DIGEST-MD5? I assume this should work at the current release of the API as
> I can specify DIGEST-MD5 (SASL) when configuring a connection in the Apache
> Directory Studio, along with the Bind User or DN, password and SASL Realm.
> Which leads me to question how should I specify the "SASL Realm" via the
> API?
>
> Any thoughts or suggestions gratefully received.
>
> Thanks
> Andrew
>
>


-- 
Kiran Ayyagari
http://keydap.com

Re: Example of using DIGEST-MD5 against MS Active Directory

Posted by Kiran Ayyagari <ka...@apache.org>.

use SaslDigestMd5Request class

take a look at the testSaslDigestMd5Bind() method in this[1] test class

[1]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java


On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie <an...@ahastie.net> wrote:

> Hi,
>
> I'm experimenting with the API in an attempt to authenticate a
> User+Password combination against an instance of MS ActiveDirectory. I have
> both LDPA and LDAPS working fine, but when I try and use
> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>
> DEBUG - Bind failed : MessageType : BIND_RESPONSE
> Message ID : 1
>     BindResponse
>         Ldap Result
>             Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>
> Does anyone have an example of the correct usage of the API when using
> DIGEST-MD5? I assume this should work at the current release of the API as
> I can specify DIGEST-MD5 (SASL) when configuring a connection in the Apache
> Directory Studio, along with the Bind User or DN, password and SASL Realm.
> Which leads me to question how should I specify the "SASL Realm" via the
> API?
>
> Any thoughts or suggestions gratefully received.
>
> Thanks
> Andrew
>
>


-- 
Kiran Ayyagari
http://keydap.com