Subject: Re: When and Why DIGEST-MD5 Authentication Does Not Work?
Author: komal_singh
In response to: When and Why DIGEST-MD5 Authentication Does Not Work?
Posted on: 10/11/2007 05:48:09 PM
Hi Steve,
Thank you so very much for offering to help !!
(1) Here is the detailed stack trace with "env.put("com.sun.jndi.ldap.trace.ber", System.err);", which incidentally is the same with its absence.
ERROR: 20071011 174401 @05tiger [RMI Runtime: Thread-44] com.eyelit.trans.TransLDAP
javax.naming.AuthenticationNotSupportedException:DIGEST-MD5
Java version 1.6.0_01 from Sun Microsystems Inc. on Windows XP 5.1 CPU x86
javax.naming.AuthenticationNotSupportedException: DIGEST-MD5
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(Unknown Source)
at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at com.eyelit.trans.TransLDAP.establishConnection(TransLDAP.java:173)
at com.eyelit.trans.TransLDAP.executeCommand(TransLDAP.java:81)
at com.eyelit.trans.Trans$ExecutionThread.run(Trans.java:1594)
(2) I also tried changing the URL to "ldap://04Godzilla.eyelitinc.local:389". However, this produces the following error:
javax.naming.CommunicationException: 04Godzilla.eyelitinc.local:389
[Root exception is java.net.UnknownHostException: 04Godzilla.eyelitinc.local]
at com.sun.jndi.ldap.C
onnection.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown S
ource)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at c
om.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown
Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at
com.eyelit.trans.TransLDAP.establishConnection(TransLDAP.java:170)
at com.eyelit.trans.TransLDAP.executeCommand(TransLDAP.java:81)
at com.eyelit.trans.Trans$ExecutionThread.run(Trans.java:1594)
C
aused by: java.net.UnknownHostException: 04Godzilla.eyelitinc.local
at java.net.PlainSocketImpl.connect(Unknown Source)
at java.net.SocksSocketImpl.connect(Unknown Source)
at java.net.Socket.con
nect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at com.sun.jndi.ldap.Connection.createSocket
(Unknown Source)
... 16 more
(3) I tried using Digest-MD5 with a popular LDAP browser - Softerra - and it worked. So I'm guessing the problem in on the JNDI side, not the AD.
AGAIN, I GREATLY APPRECIATE YOUR REPLY !
>
> On 10/10/2007 05:54:31 PM
SteveHB wrote:
My first guess is that your server name:
env.put(Context.PROVIDER_URL, "ldap://04Godzilla:389");
should be
env.put(Context.PROVIDER_URL, "ldap://04Godzilla.eyelitinc.local:389");
which may sometimes cause 'digest-uri' does not match any LDAP SPN registered for your server.
But you said explicitly that your error was "javax.naming.AuthenticationNotSupportedException:DIGEST-MD5", which should be easy to rule out.
In order to find out what went wrong, add the following line to your code, run your test again and then post your output (when you post, qutoe your output by [pre]...[/pre], otherwise it too mess to read).
env.put("com.sun.jndi.ldap.trace.ber", System.err);
Let me see if I can help you from there.
Regards,
Steve
References:
