[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [ldap] Re: Kerberos authentication



Hi Vincent,
I have a question about this point, what version of openldap are we talking about here and is this "bug" being worked on? Thanks for any info...
Jim



3. Our limited interoperability testing using GSSAPI/Kerberos between
   JNDI and OpenLDAP has not been successful. It appears to crash the server.
   (Similar tests work fine against Windows Active Directory.)
   Anyone with feedback/experience please send email to jndi@java.sun.com.



Kevin Leonard wrote:
>
> Hi all,
>
> I'm having problems getting Kerberos authentication working...
>
> Server: OpenLdap 2.0.7, Sun Solaris 2.6, Cyrus SASL 1.5.24
>
> Client: Windows 2000 Pro, Java 1.3, JNDI 1.2.1
>
> Client code:
> env.put("java.naming.factory.initial",
> "com.sun.jndi.ldap.LdapCtxFactory");
> env.put("java.naming.provider.url", "ldap://server.cornell.edu/o=Cornell
> University, c=US");
> env.put(Context.SECURITY_AUTHENTICATION, "KERBEROS_V4");
>
> Client error msg:
>
> javax.naming.AuthenticationNotSupportedException: KERBEROS_V4
> at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:114)
> at java.lang.reflect.Method.invoke(Native Method)
> at com.sun.jndi.ldap.LdapClient.saslBind(Unknown Source)
> at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
> at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
> at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
> at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown
> Source)
> at javax.naming.spi.NamingManager.getInitialContext(Unknown
> Source)
> at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
> at javax.naming.InitialContext.init(Unknown Source)
> at javax.naming.InitialContext.<init>(Unknown Source)
> at javax.naming.directory.InitialDirContext.<init>(Unknown
> Source)
> at edu.cornell.cit.LdapClient.LdapRead.run(LdapRead.java:84)
>
> Both anonymous and simple authentication work. Anyone have any experience
> with getting Kerberos to work, especially with JAVA/JNDI? Any help would be
> greatly appreciated!!!
>
> Thanks in advance. ...Kevin
>
> Kevin Leonard
> Sr. Technical Specialist
> Cornell Information Technologies/ASDT
> 120 Maple Ave., Ithaca, NY 14850
> (607) 255-7663
> Kevin_Leonard@Cornell.Edu ---
> You are currently subscribed to ldap@umich.edu as:
> [Vincent.Ryan@Ireland.Sun.COM]
> To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE
> as the SUBJECT of the message.


---
You are currently subscribed to ldap@umich.edu as: [jwh2@cornell.edu]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the SUBJECT of the message.