You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by "Yang, Gang CTR (US)" <ga...@mail.mil> on 2013/01/30 22:05:57 UTC

memberOf or like attribute?

Hi,



I read some discussion about memberOf attribute in some other websites. Some mentioned using ApacheDS, but could not get it to work. I tried it on the latest version and it does not seem to work. I'm wondering if memberOf or similar capability is supported by ApacheDS.



Thanks,

Gang

RE: Diguest-MD5 authentication

Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.

After some experiments based on the errors I was getting and tips I found from searching the Internet, here's a summary on using diguest-MD5 authentication with Apache DS so far:



On the ApacheDS server side: (using Apache Directory Studio for configuration)

- Define a host domain name in host file for ldap.example.com

- Use host domain name instead of 127.0.0.1 in ApacheDS configuration for SASL Host

- Make sure the Search Base DN parameter in SASL settings points to where the users entries are stored in DIT

- Store the user password in clear text. In order to acchieve this, some discussions from the mailing list suggested to disable the default passwordPolicies and passwordHashing interceptors

- Restart ApacheDS after chaning the configuration



On the client side: (using Apache Directory Studio)

- Use host domain name instead of 127.0.0.1 in connection configuration for Hostname under Network Parameters

- Use uid alone w/o "uid=" instead of full DN of the user for Bind DN or User under Authentication

- Make sure to select the right SASL realm, example.com in my case, in SASL Settings



Ater doing all these, I'm still getting the error:



LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for Gang.Yang in realm : example.com



Anyone who's knowledgeable in this area, please help. I'm using a newly downloaded latest ApacheDS and Apache Directory Studio (2.0.0-M10 and 2.0.0-M4).



Thanks in advance,

Gang



________________________________
From: Yang, Gang CTR (US) [gang.yang.ctr@mail.mil]
Sent: Monday, February 04, 2013 12:28 PM
To: users@directory.apache.org
Subject: Diguest-MD5 authentication

Hi,



I'm using the latest ApacheDS and Apache Directory Studio. I can bind using Simple authentication, but failed using Diguest-MD5 or Kerboros. I'm sure it's the configuration, but I could not find any section in the user's guide (basic or advanced) that tells me how. Any help and pointers are appreciated.



Thanks,

Gang

Diguest-MD5 authentication

Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.

Hi,



I'm using the latest ApacheDS and Apache Directory Studio. I can bind using Simple authentication, but failed using Diguest-MD5 or Kerboros. I'm sure it's the configuration, but I could not find any section in the user's guide (basic or advanced) that tells me how. Any help and pointers are appreciated.



Thanks,

Gang

Re: return distinguishedName or dn?

Posted by Kiran Ayyagari <ka...@apache.org>.

yes, the attribute name is 'entryDn' this is supported since version
2.0.0-M9

On Thu, Jan 31, 2013 at 9:43 PM, Yang, Gang CTR (US) <gang.yang.ctr@mail.mil
> wrote:

> Hi,
>
>
>
> Does ApacheDS return distinguishedName or dn attribute? I tried it and it
> does not seem to work. If not, is there any other way I can get DN back?
>
>
>
> Thanks,
>
> Gang
>
> ________________________________
> From: Emmanuel Lécharny [elecharny@gmail.com]
> Sent: Wednesday, January 30, 2013 3:38 PM
> To: users@directory.apache.org
> Subject: Re: memberOf or like attribute?
>
> Le 1/30/13 10:05 PM, Yang, Gang CTR (US) a écrit :
> > Hi,
> >
> >
> >
> > I read some discussion about memberOf attribute in some other websites.
> Some mentioned using ApacheDS, but could not get it to work. I tried it on
> the latest version and it does not seem to work. I'm wondering if memberOf
> or similar capability is supported by ApacheDS.
> We don't support the virtual attribute memberOf in ApacheDS.
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com<http://www.iktek.com/>
>
>


-- 
Kiran Ayyagari
http://keydap.com

return distinguishedName or dn?

Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.

Hi,



Does ApacheDS return distinguishedName or dn attribute? I tried it and it does not seem to work. If not, is there any other way I can get DN back?



Thanks,

Gang

________________________________
From: Emmanuel Lécharny [elecharny@gmail.com]
Sent: Wednesday, January 30, 2013 3:38 PM
To: users@directory.apache.org
Subject: Re: memberOf or like attribute?

Le 1/30/13 10:05 PM, Yang, Gang CTR (US) a écrit :
> Hi,
>
>
>
> I read some discussion about memberOf attribute in some other websites. Some mentioned using ApacheDS, but could not get it to work. I tried it on the latest version and it does not seem to work. I'm wondering if memberOf or similar capability is supported by ApacheDS.
We don't support the virtual attribute memberOf in ApacheDS.


--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com<http://www.iktek.com/>

Re: memberOf or like attribute?

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 1/30/13 10:05 PM, Yang, Gang CTR (US) a écrit :
> Hi,
>
>
>
> I read some discussion about memberOf attribute in some other websites. Some mentioned using ApacheDS, but could not get it to work. I tried it on the latest version and it does not seem to work. I'm wondering if memberOf or similar capability is supported by ApacheDS.
We don't support the virtual attribute memberOf in ApacheDS.


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com