[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL access question using JNDI

To: <openldap-software@OpenLDAP.org>
Subject: SASL access question using JNDI
From: Will Holcomb <will@himinbi.org>
Date: Fri, 8 Feb 2002 09:14:45 -0600 (CST)

I am fairly new to LDAP and I am having some trouble accessing the 
directory using SASL with the JNDI (Java API). The simple authentication 
is pretty straightforward:

Hashtable environment = new Hashtable();
environment.put(Context.INITIAL_CONTEXT_FACTORY,
                "com.sun.jndi.ldap.LdapCtxFactory");
environment.put(Context.SECURITY_AUTHENTICATION, "simple");
environment.put(Context.PROVIDER_URL,
                "ldap://localhost/ou=People,o=Honors,"; +
                "o=Tennessee Tech University,c=US");
environment.put(Context.SECURITY_PRINCIPAL,
                "mail=will@himinbi.org,o=Honors," +
                "o=Tennessee Tech University,c=US");

And I can connect and add attributes as th permissions allow.

I think that my problem is that I don't understand how the SASL 
authentication. What I have done is to change two lines:

environment.put(Context.SECURITY_AUTHENTICATION, "CRAM-MD5");
environment.put(Context.SECURITY_PRINCIPAL,
                "uid=honors + realm=odin");

This is the format for the rootdn in my slapd.conf
("uid=root+ realm=odin"). And I can connect to the server and add things 
using ldapmodify -U honors. I have looked over the debugging info from 
slapd and I am just not quite following what is going on. There is always 
a binddn, right? Is there additional information with sasl?

I can't do ldapsearch -D "uid=honors+ realm=odin" so I am assuming that it 
is the same misunderstanding that makes me think I ought to be able to 
that is confusing me on the JNDI.

Will

Prev by Date: Re: Support of Kerberos V5 safe and private messages for LDAP
Next by Date: suggested edit for admin guide 5.3.5
Index(es):
- Chronological
- Thread