3. Our limited interoperability testing using GSSAPI/Kerberos between
JNDI and OpenLDAP has not been successful. It appears to crash the server.
(Similar tests work fine against Windows Active Directory.)
Anyone with feedback/experience please send email to jndi@java.sun.com.
Kevin Leonard wrote:
>
> Hi all,
>
> I'm having problems getting Kerberos authentication working...
>
> Server: OpenLdap 2.0.7, Sun Solaris 2.6, Cyrus SASL 1.5.24
>
> Client: Windows 2000 Pro, Java 1.3, JNDI 1.2.1
>
> Client code:
> env.put("java.naming.factory.initial",
> "com.sun.jndi.ldap.LdapCtxFactory");
> env.put("java.naming.provider.url",
"ldap://server.cornell.edu/o=Cornell
> University, c=US");
> env.put(Context.SECURITY_AUTHENTICATION, "KERBEROS_V4");
>
> Client error msg:
>
> javax.naming.AuthenticationNotSupportedException: KERBEROS_V4
> at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:114)
> at java.lang.reflect.Method.invoke(Native Method)
> at com.sun.jndi.ldap.LdapClient.saslBind(Unknown Source)
> at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
> at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
> at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown
> Source)
> at javax.naming.spi.NamingManager.getInitialContext(Unknown
> Source)
> at javax.naming.InitialContext.getDefaultInitCtx(Unknown
Source)
> at javax.naming.InitialContext.init(Unknown Source)
> at javax.naming.InitialContext.<init>(Unknown Source)
> at javax.naming.directory.InitialDirContext.<init>(Unknown
> Source)
> at edu.cornell.cit.LdapClient.LdapRead.run(LdapRead.java:84)
>
> Both anonymous and simple authentication work. Anyone have any experience
> with getting Kerberos to work, especially with JAVA/JNDI? Any help
would be
> greatly appreciated!!!
>
> Thanks in advance. ...Kevin
>
> Kevin Leonard
> Sr. Technical Specialist
> Cornell Information Technologies/ASDT
> 120 Maple Ave., Ithaca, NY 14850
> (607) 255-7663
> Kevin_Leonard@Cornell.Edu ---
> You are currently subscribed to ldap@umich.edu as:
> [Vincent.Ryan@Ireland.Sun.COM]
> To unsubscribe send email to ldap-request@umich.edu with the word
UNSUBSCRIBE
> as the SUBJECT of the message.
---
You are currently subscribed to ldap@umich.edu as: [jwh2@cornell.edu]
To unsubscribe send email to ldap-request@umich.edu with the word
UNSUBSCRIBE as the SUBJECT of the message.