You are viewing a plain text version of this content. The canonical link for it is here.
Posted to api@directory.apache.org by Andrew Hastie <an...@ahastie.net> on 2013/12/31 14:09:08 UTC
Example of using DIGEST-MD5 against MS Active Directory
Hi,
I'm experimenting with the API in an attempt to authenticate a
User+Password combination against an instance of MS ActiveDirectory. I
have both LDPA and LDAPS working fine, but when I try and use
br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
DEBUG - Bind failed : MessageType : BIND_RESPONSE
Message ID : 1
BindResponse
Ldap Result
Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
Does anyone have an example of the correct usage of the API when using
DIGEST-MD5? I assume this should work at the current release of the API
as I can specify DIGEST-MD5 (SASL) when configuring a connection in the
Apache Directory Studio, along with the Bind User or DN, password and
SASL Realm. Which leads me to question how should I specify the "SASL
Realm" via the API?
Any thoughts or suggestions gratefully received.
Thanks
Andrew
Re: Example of using DIGEST-MD5 against MS Active Directory
Posted by Kiran Ayyagari <ka...@apache.org>.
On Tue, Dec 31, 2013 at 8:00 PM, Andrew Hastie <an...@ahastie.net> wrote:
> Thanks Kiran - That works perfectly for me now.
>
> I fell over the fact that the implementation class LdapNetworkConnection
> does accept an instance of SaslDigestMd5Request whereas the interface class
> LdapConnection does not. I see this commented in the source[2]:-
>
> // TODO: all the SASL bind methods are not declared in this interface, but
> implemented in LdapNetworkConnection. Is that intended?
>
> part of the reason was that there are two implementations of this interface
one of them is a connection to an embedded instance in which SASL bind has
no meaning.
[2]
> http://svn.apache.org/repos/asf/directory/shared/trunk/
> ldap/client/api/src/main/java/org/apache/directory/ldap/
> client/api/LdapConnection.java
>
>
>
> On 31/12/13 13:19, Kiran Ayyagari wrote:
>
>> use SaslDigestMd5Request class
>>
>> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>>
>> [1]
>> http://svn.apache.org/repos/asf/directory/apacheds/trunk/
>> server-integ/src/test/java/org/apache/directory/server/
>> operations/bind/SaslBindIT.java
>>
>>
>> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<an...@ahastie.net>
>> wrote:
>>
>> Hi,
>>>
>>> I'm experimenting with the API in an attempt to authenticate a
>>> User+Password combination against an instance of MS ActiveDirectory. I
>>> have
>>> both LDPA and LDAPS working fine, but when I try and use
>>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>>
>>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>>> Message ID : 1
>>> BindResponse
>>> Ldap Result
>>> Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>>
>>> Does anyone have an example of the correct usage of the API when using
>>> DIGEST-MD5? I assume this should work at the current release of the API
>>> as
>>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the
>>> Apache
>>> Directory Studio, along with the Bind User or DN, password and SASL
>>> Realm.
>>> Which leads me to question how should I specify the "SASL Realm" via the
>>> API?
>>>
>>> Any thoughts or suggestions gratefully received.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>>
>>
>>
--
Kiran Ayyagari
http://keydap.com
Re: Example of using DIGEST-MD5 against MS Active Directory
Posted by Kiran Ayyagari <ka...@apache.org>.
On Tue, Dec 31, 2013 at 8:00 PM, Andrew Hastie <an...@ahastie.net> wrote:
> Thanks Kiran - That works perfectly for me now.
>
> I fell over the fact that the implementation class LdapNetworkConnection
> does accept an instance of SaslDigestMd5Request whereas the interface class
> LdapConnection does not. I see this commented in the source[2]:-
>
> // TODO: all the SASL bind methods are not declared in this interface, but
> implemented in LdapNetworkConnection. Is that intended?
>
> part of the reason was that there are two implementations of this interface
one of them is a connection to an embedded instance in which SASL bind has
no meaning.
[2]
> http://svn.apache.org/repos/asf/directory/shared/trunk/
> ldap/client/api/src/main/java/org/apache/directory/ldap/
> client/api/LdapConnection.java
>
>
>
> On 31/12/13 13:19, Kiran Ayyagari wrote:
>
>> use SaslDigestMd5Request class
>>
>> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>>
>> [1]
>> http://svn.apache.org/repos/asf/directory/apacheds/trunk/
>> server-integ/src/test/java/org/apache/directory/server/
>> operations/bind/SaslBindIT.java
>>
>>
>> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<an...@ahastie.net>
>> wrote:
>>
>> Hi,
>>>
>>> I'm experimenting with the API in an attempt to authenticate a
>>> User+Password combination against an instance of MS ActiveDirectory. I
>>> have
>>> both LDPA and LDAPS working fine, but when I try and use
>>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>>
>>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>>> Message ID : 1
>>> BindResponse
>>> Ldap Result
>>> Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>>
>>> Does anyone have an example of the correct usage of the API when using
>>> DIGEST-MD5? I assume this should work at the current release of the API
>>> as
>>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the
>>> Apache
>>> Directory Studio, along with the Bind User or DN, password and SASL
>>> Realm.
>>> Which leads me to question how should I specify the "SASL Realm" via the
>>> API?
>>>
>>> Any thoughts or suggestions gratefully received.
>>>
>>> Thanks
>>> Andrew
>>>
>>>
>>>
>>
>>
--
Kiran Ayyagari
http://keydap.com
Re: Example of using DIGEST-MD5 against MS Active Directory
Posted by Andrew Hastie <an...@ahastie.net>.
Thanks Kiran - That works perfectly for me now.
I fell over the fact that the implementation class LdapNetworkConnection
does accept an instance of SaslDigestMd5Request whereas the interface
class LdapConnection does not. I see this commented in the source[2]:-
// TODO: all the SASL bind methods are not declared in this interface,
but implemented in LdapNetworkConnection. Is that intended?
[2]
http://svn.apache.org/repos/asf/directory/shared/trunk/ldap/client/api/src/main/java/org/apache/directory/ldap/client/api/LdapConnection.java
On 31/12/13 13:19, Kiran Ayyagari wrote:
> use SaslDigestMd5Request class
>
> take a look at the testSaslDigestMd5Bind() method in this[1] test class
>
> [1]
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
>
>
> On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie<an...@ahastie.net> wrote:
>
>> Hi,
>>
>> I'm experimenting with the API in an attempt to authenticate a
>> User+Password combination against an instance of MS ActiveDirectory. I have
>> both LDPA and LDAPS working fine, but when I try and use
>> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>>
>> DEBUG - Bind failed : MessageType : BIND_RESPONSE
>> Message ID : 1
>> BindResponse
>> Ldap Result
>> Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>>
>> Does anyone have an example of the correct usage of the API when using
>> DIGEST-MD5? I assume this should work at the current release of the API as
>> I can specify DIGEST-MD5 (SASL) when configuring a connection in the Apache
>> Directory Studio, along with the Bind User or DN, password and SASL Realm.
>> Which leads me to question how should I specify the "SASL Realm" via the
>> API?
>>
>> Any thoughts or suggestions gratefully received.
>>
>> Thanks
>> Andrew
>>
>>
>
>
Re: Example of using DIGEST-MD5 against MS Active Directory
Posted by Kiran Ayyagari <ka...@apache.org>.
use SaslDigestMd5Request class
take a look at the testSaslDigestMd5Bind() method in this[1] test class
[1]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie <an...@ahastie.net> wrote:
> Hi,
>
> I'm experimenting with the API in an attempt to authenticate a
> User+Password combination against an instance of MS ActiveDirectory. I have
> both LDPA and LDAPS working fine, but when I try and use
> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>
> DEBUG - Bind failed : MessageType : BIND_RESPONSE
> Message ID : 1
> BindResponse
> Ldap Result
> Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>
> Does anyone have an example of the correct usage of the API when using
> DIGEST-MD5? I assume this should work at the current release of the API as
> I can specify DIGEST-MD5 (SASL) when configuring a connection in the Apache
> Directory Studio, along with the Bind User or DN, password and SASL Realm.
> Which leads me to question how should I specify the "SASL Realm" via the
> API?
>
> Any thoughts or suggestions gratefully received.
>
> Thanks
> Andrew
>
>
--
Kiran Ayyagari
http://keydap.com
Re: Example of using DIGEST-MD5 against MS Active Directory
Posted by Kiran Ayyagari <ka...@apache.org>.
use SaslDigestMd5Request class
take a look at the testSaslDigestMd5Bind() method in this[1] test class
[1]
http://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/bind/SaslBindIT.java
On Tue, Dec 31, 2013 at 6:39 PM, Andrew Hastie <an...@ahastie.net> wrote:
> Hi,
>
> I'm experimenting with the API in an attempt to authenticate a
> User+Password combination against an instance of MS ActiveDirectory. I have
> both LDPA and LDAPS working fine, but when I try and use
> br.setSaslMechanism("DIGEST-MD5") I get the following trace/response:
>
> DEBUG - Bind failed : MessageType : BIND_RESPONSE
> Message ID : 1
> BindResponse
> Ldap Result
> Result code : (SASL_BIND_IN_PROGRESS) saslBindInProgress
>
> Does anyone have an example of the correct usage of the API when using
> DIGEST-MD5? I assume this should work at the current release of the API as
> I can specify DIGEST-MD5 (SASL) when configuring a connection in the Apache
> Directory Studio, along with the Bind User or DN, password and SASL Realm.
> Which leads me to question how should I specify the "SASL Realm" via the
> API?
>
> Any thoughts or suggestions gratefully received.
>
> Thanks
> Andrew
>
>
--
Kiran Ayyagari
http://keydap.com