SASL - Digest MD5 - JNDI Help needed

Hi All,
I am using Sunone Directory Server 5.2 and jsdk1.4.1. I tried the Digest-MD5 SASL authentication example given in JNDI tutorial and it worked fine. The problem is , when i try to run the same program thrice or more in succession, it hangs. Actually, the initial context gets created but the operations like simple getAttrs etc does not happen. what could be the problem or rather what is the solution to overcome it.
Attached below is the sample source code used...
try {
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:389/");
env.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL, "dn:uid=xxx,ou=xxx,dc=xxx,dc=xxx");
env.put(Context.SECURITY_CREDENTIALS, "xxxxx");
System.out.println("about to get context");
DirContext ctx = new InitialDirContext(env);
System.out.println("got context");
Attributes attrs = ctx.getAttributes("ldap://localhost:389", new String[]{"supportedSASLMechanisms"});
System.out.println(attrs);
} catch (NamingException e) {
e.printStackTrace();
}thanks in advance
sridhar

As i have metioned , this was the message from the other forum
I have posted the mail correspondences we had (hope they won't consider this as an offence)...
There was a bug in the provider. It has been fixed in 1.4.2 and later
releases.
Rosanna Lee
Java Software, Sun Microsystems, Inc
[email protected]
Date: Mon, 13 Oct 2003 04:46:49 +0100 (BST)
From: anala sridhar <[email protected]>
Subject: JNDI problem
To: [email protected]
Hi,
First, I would like to thank everyone behind the
excellent JNDI tutorial. It acted as the bible for my
JNDI learning.
I tried the sample code ServerSasl.java provided. I
got it working after a few trials. I tried to get the
supportedSasl Mechanisms by the Sunone Directory
Server 5.2 . I got them. Then i tried to authenticate
using the default Digest-MD5 (am using jsdk 1.4.1).
When, i try to run the same program in succession, it
hangs up (4 or 5 times in a row). I am getting the
initial context with the credentials provided but it
hangs at doing the simple getAttrs operation. What
could be the problem?
Please reply to this query
thanks in advance
sridhar

Similar Messages

HOWTO Bind using SASL DIGEST-MD5?

I haven't been able to bind to an LDAP server using SASL DIGEST-MD5
using the Novell CSharp library. Can anyone explain how this is done,
or point me to a code example?
I can connect, bind, and search this LDAP server using Apache Directory
Studio, so I know that my credentials are correct.
Also, I have already used the Novell CSharp library for searching other
LDAP servers using simple authentication, and SSL, but never SASL
DIGEST-MD5.
Thanks in advance for any help.
danielnapierski
danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
View this thread: http://forums.novell.com/showthread.php?t=414964

More than fifty people have read this post, but there are no replies as
of yet. I'm going to interpret that as "SASL DIGEST-MD5 is not
supported by the Novell CSharp library."
danielnapierski;1995522 Wrote:
> I haven't been able to bind to an LDAP server using SASL DIGEST-MD5
> using the Novell CSharp library. Can anyone explain how this is done,
> or point me to a code example?
>
> I can connect, bind, and search this LDAP server using Apache Directory
> Studio, so I know that my credentials are correct.
>
> Also, I have already used the Novell CSharp library for searching other
> LDAP servers using simple authentication, and SSL, but never SASL
> DIGEST-MD5.
>
> Thanks in advance for any help.
danielnapierski
danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
View this thread: http://forums.novell.com/showthread.php?t=414964

Reuse the LDAP connection when Using SASL DIGEST-MD5

I have problem to use the same ldap connection for multiple SASL authenticaiton.
step1, LDAPConection conn=new LDAPCo...
conn.conect()..
step2, do a SASL DIGEST-MD5, successfully get a challenge from server and server confirmation after the response is correct.
step3, I want to use the same connection for another authetincation of different user, some how the server did not give back the challenge and reject the authenticaiton request again.
So my question is how can we reuse the same connection for SASL authentication?
Any switch or reset on the LDAP connection or the LDAP server has to be configured in some way to take multiple authentication using the same connection?

More than fifty people have read this post, but there are no replies as
of yet. I'm going to interpret that as "SASL DIGEST-MD5 is not
supported by the Novell CSharp library."
danielnapierski;1995522 Wrote:
> I haven't been able to bind to an LDAP server using SASL DIGEST-MD5
> using the Novell CSharp library. Can anyone explain how this is done,
> or point me to a code example?
>
> I can connect, bind, and search this LDAP server using Apache Directory
> Studio, so I know that my credentials are correct.
>
> Also, I have already used the Novell CSharp library for searching other
> LDAP servers using simple authentication, and SSL, but never SASL
> DIGEST-MD5.
>
> Thanks in advance for any help.
danielnapierski
danielnapierski's Profile: http://forums.novell.com/member.php?userid=63370
View this thread: http://forums.novell.com/showthread.php?t=414964

Switching from tls:simple to tls:sasl/DIGEST-MD5

How can I do this, and can someone post an example of how? Can DS 5.2 support more than one Authentication Method at a time?
TIA,
Chris

I'm not sure. That's why I asked. :) And I only ask because one of the settings made via
idsconfig is which "Authentication Methods" the DS will support. The choices being:
* none
* simple
* sasl/DIGEST-MD5
* tls:simple
* tls:sasl/DIGEST-MD5
When I set this DS up, I chose only tls:simple. A SunSolve document I read indicated that you
could have chosen more than one at that time, but I didn't. What I need to know is how to add support
for additional Authenticaion Methods after the fact. I assume there is a directory object somewhere and
its a matter of modifying or adding an attribute, but I wanted to make sure there were no gotchas
or caveats I should be aware of beforehand.

Using tls:sasl/DIGEST-MD5 with client authentication

Hi
Have installed a certificate on the server and enabled it. Using Netscape i got the cert7.db and key3.db
These work with ldapsearch with -Z -p options to get data securely through port 636.
But when i copy db file to /var/ldap on the Solaris 8 client, and use a profile with tls:sasl/DIGEST-MD5 or tls:simple
i get :
Mesg: Session error , no avalible connection. And openConnection: sasl/DIGEST-MD5 (or simple) bind failed - Invalid credentials.
Must i use Certificate based Authentication instead?
Like the proxyagent must have a certificate installed. Or is there something that must be done to the cert7.db and key3.db files i got from Netscape?

Im trying to get sasl/DIGEST-MD5 to work with Solaris 9 client. This command work:
ldapsearch -D "" -w test1234 -o mech=DIGEST-MD5 -o authid="dn:cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" -o authzid="dn:cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" -b "dc=net2,dc=kongsberg,dc=com" "(objectclass=*)"
Client configured with this:
ldapclient -v init -a profileName=default -a domainName=net2.kongsberg.com -a proxyDN="cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" -a proxyPassword=test1234 172.18.2.19
Profile:
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com
NS_LDAP_BINDPASSWD= {NS1}4a3788e8c053424f
NS_LDAP_SERVERS= 172.18.2.19
NS_LDAP_SEARCH_BASEDN= dc=net2,dc=kongsberg,dc=com
NS_LDAP_AUTH= sasl/DIGEST-MD5
NS_LDAP_SEARCH_REF= FALSE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_PROFILE= default
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_BIND_TIME= 10
messages log on client:
Jan 14 08:00:32 panzer ldap_cachemgr[904]: [ID 293258 daemon.error] libsldap: Status: 49 Mesg: openConnection: sasl/DIGEST-MD5 bind failed - Invalid credentials
Jan 14 08:00:32 panzer last message repeated 1 time
Jan 14 08:00:32 panzer ldap_cachemgr[904]: [ID 293258 daemon.error] libsldap: Status: 7 Mesg: Session error no available conn.
error log on server:
[14/Jan/2004:08:06:47 +0100] conn=1622 op=2 msgId=-1 - closing - U1
[14/Jan/2004:08:06:47 +0100] conn=1623 op=-1 msgId=-1 - fd=47 slot=47 LDAP connection from 172.18.2.41 to 172.18.2.19
[14/Jan/2004:08:06:47 +0100] conn=1622 op=-1 msgId=-1 - closed.
[14/Jan/2004:08:06:47 +0100] conn=1623 op=0 msgId=1 - BIND dn="dn: cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" method=sasl version=3 mech=DIGEST-MD5
[14/Jan/2004:08:06:47 +0100] conn=1623 op=0 msgId=1 - RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
[14/Jan/2004:08:06:47 +0100] conn=1623 op=1 msgId=2 - BIND dn="dn: cn=proxyagent,ou=profile,dc=net2,dc=kongsberg,dc=com" method=sasl version=3 mech=DIGEST-MD5
[14/Jan/2004:08:06:47 +0100] conn=1623 op=1 msgId=2 - RESULT err=49 tag=97 nentries=0 etime=0
Not sure why i get Invalid credentials, the passwords
are stored in CLEAR. And you can see i use the same in ldapsearch and ldapclient.

SASL DIGEST-MD5

Did anybody have any problem with using DIGEST-MD5 with iPlanet running on a 2000 Advanced Server?
I have no problem when iPlanet is running on 2000 Professional but always get the error 49 with message: "Internal authentication error." when trying to authenticate the user through SASL DIGEST-MD5. Simple authentication with the same credentials work fine.
Looking at the LDAP packets I can see no differences, that makes me think that this is somehow related to the OS or iPlanet configuration.
In both cases it was the same version iPlanet Server 5.1SP2 with default settings.
BTW: It fails the same way with NT4SP6 Server.

Michael,
Sun ONE Directory Server 5.2 is not supported on Windows 2000 Professional. It is only supported on server versions of Windows 2000 (Server and Advanced Server).
You should not have any problems running Directory Server on Windows 2000 Professional, though, but you should always keep in mind that the product has not been tested and is not supported on this platform.
Bertold

Server Switching from STARTTLS to AUTH DIGEST-MD5

We have been trying to track down the reason why our transaction against our Tumbleweed SMTP servers appear to be switching in midstream from STARTTLS to AUTH DIGEST-MD5 which causes us to get an authentication error. With Wire-shark, we have been capturing the transactions between the servers and CF appears it appears to be the culprit. I am hoping someone can shed some light on what is wrong or direct me on how I can further troubleshoot this issue.
---Enviroment --------------------------------------------------------------------------
Windows Server 2003 Standard
IIS6
CF 9 Standard
---CFMail Tag -------------------------------------------------------------------------
<cfmail to="#varTo#" from="#varFrom#" replyto="#varReplayTo#" subject="#varSubject#" useTLS="yes">Msg Body</cfmail>
---CF Admin Settings --------------------------------------------------------------
Server: smtp.xxx123.com
Port: 25
User: defined
Pwd: defined
TLS: Enabled
---Mail Log -------------(two different emails: both bad)--------------
"Error","scheduler-0","05/20/10","10:57:24",,"failed to connect"
"Error","scheduler-0","05/20/10","10:57:25",,"Could not connect to SMTP host: smtp.xxx123.com, port: 25"
----Exception Log ----------------------------------------------------------------
"Error","scheduler-2","05/19/10","14:03:22",,"failed to connect"
javax.mail.AuthenticationFailedException: failed to connect
at javax.mail.Service.connect(Service.java:322)
at coldfusion.mail.MailSpooler.getConnection(MailSpooler.java:1199)
at coldfusion.mail.MailSpooler.deliver(MailSpooler.java:984)
at coldfusion.mail.MailSpooler.sendMail(MailSpooler.java:905)
at coldfusion.mail.MailSpooler.deliverStandard(MailSpooler.java:1275)
at coldfusion.mail.MailSpooler.run(MailSpooler.java:1240)
at coldfusion.scheduling.ThreadPool.run(ThreadPool.java:201)
at coldfusion.scheduling.WorkerThread.run(WorkerThread.java:71)
----Wire Shark Transaction(s) --------------------------------------------------
---Good------------(Red is our CF server replying)------
220 RNR ESMTP
EHLO CFxxx-123250-smtp.xxx123.com Hello CFxxx-123. xxx123.edu [19.19.19.19], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
STARTTLS
220 2.0.0 Ready to start TLS
---End Good---------------------------------------------------------------------------
---Bad--------- ---(Red is our CF server replying)---------------------------
220 RNR ESMTP
EHLO CFxxx-123
250-smtp.xxx123.com Hello CFxxx-123. xxx123.edu [19.19.19.19], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH DIGEST-MD5
250-STARTTLS
250-DELIVERBY
250 HELP
AUTH DIGEST-MD5
334

I'm not sure. That's why I asked. :) And I only ask because one of the settings made via
idsconfig is which "Authentication Methods" the DS will support. The choices being:
* none
* simple
* sasl/DIGEST-MD5
* tls:simple
* tls:sasl/DIGEST-MD5
When I set this DS up, I chose only tls:simple. A SunSolve document I read indicated that you
could have chosen more than one at that time, but I didn't. What I need to know is how to add support
for additional Authenticaion Methods after the fact. I assume there is a directory object somewhere and
its a matter of modifying or adding an attribute, but I wanted to make sure there were no gotchas
or caveats I should be aware of beforehand.

AuthenticationNotSupportedException :SASL support not available DIGEST-MD5 while using JNDI, SASL

I am using JNDI to use the SASL mechanism to authenticate to the Iplanet Directory server 5.0, and get the above error.
I have enabled clear text passwords, and then created a test user.Here is the code snippet
     envEnterprise.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
          envEnterprise.put(Context.SECURITY_PRINCIPAL,"test");
          envEnterprise.put(Context.SECURITY_CREDENTIALS,"changed");
Can you please help me with where it is that I need to make the appropriate changes to get this working
Thanks,
sriad

Sriad,
I think that the SECURITY_PRINCIPAL field requires a DN and not just a user name. If you created the user using the directory server console, then you can get the DN if you open double-click on the user entry and click on the Advanced... button. The user's DN will probably start with uid=test,dc=...
I hope this helps.
Bertold

Are there any known issues concerning using DIGEST-MD5 SASL authentication with iPlanet Directory Server 5.0 on Windows NT 4.0?

I am developing support for the DIGEST-MD5 sasl mechnism on a c-ldap client. I am using the evaluation version of the iPlanet Directory Server 5.0 which lists DIGEST-MD5 as a supported SASL mechanism. The server is running on NT 4.0 After installing the Directory Server with the test database, a changed the passwordStorageScheme from the default of SSHA to clear text. I then added my test user. When I run my test I always get back a resultCode of 49 (invalidCredentials). The digest-challenge I receive from the server and my digest-response are shown below. I have satisfied myself that the calculation of the response directive in the digest response is correct. Does anyone see any problems in the digest response or have any other suggestions? Is there a known problem with the iPlanet Directory Server 5.0?
digest-challenge:
realm="BGB2.ndp.provo.novell.com",nonce="Ed8UPLXsWaC6CN",qop="auth",algorithm=md5-sess,charset=utf-8
digest-response:
username="uid=bgbrown,ou=people,dc=siroe,dc=com",realm="BGB2.ndp.provo.novell.com",cnonce="A9IuPJKr30RiwL",nc=00000001,qop=auth,digest-uri="ldap/BGB2.ndp.provo.novell.com",response=97061205298e5ebaf206c8ac3598fdce,charset=utf-8,nonce="Ed8UPLXsWaC6CN"

Found the answer. When the username is an LDAP DN it needs to be proceeded by "dn:".
example: username="dn:uid=bgbrown,ou=people,dc=siroe,dc=com"
The server also accepts a simple uid value.
example: username="bgbrown"

SASL's DIGEST-MD5 is causing the smtp authentication failure

Hello,
I've asked this question in JavaMail forums [at this link|http://kenai.com/projects/javamail/forums/forum/topics/2944-DIGEST-MD5-sasl-authentication-failing-after-verifying-rspauth] and was forwarded here.
Basically, I'm trying to authenticate to the email server using JavaMail(latest source) via sasl's Digest-MD5.
Problem: Looks like sasl's DigestMD5 implementation (com.sun.security.sasl.digest.DigestMD5Client) is returning a null after a successful authentication in evaluateChallenge(). The SMTPTransport thinks this is wrong and sends a "*" to server and the server responds with "Authentication aborted".
The java doc for SaslClient's evaluateChallenge() says this..
Returns: The possibly null reponse to send to the server. It is null if the challenge accompanied a "SUCCESS" status and the challenge only contains data for the client to update its state and no response needs to be sent to the server. The response is a zero-length byte array if the client is to send a response with no data.
In this case, client do need to send a response with no data. I don't know if Digest-md5 implementation is generic and if it's behavior is correct.
I appreciate any suggestions to solve this problem.
Thanks

Not an expert. Maybe you can read or debug into the exact place when the names are compared. Anyway, Java is open sourced now.

What property is used to disable SASL's DIGEST-MD5 domain name check.

I've read somewhere that I can prevent SASL's DIGEST-MD5 (maybe other mechanisms?) from checking that the hostname specified by the client exactly matches the hostname on the server. Apparently this option is useful in networks where DNS is not set up full and/or correctly.
Thanks,
Rowland

Not an expert. Maybe you can read or debug into the exact place when the names are compared. Anyway, Java is open sourced now.

AuthenticationException in DIGEST-MD5 in LDAP

hi,
when iam trying to use DIGEST-MD5 as Context.SECURITY_AUTHENTICATION it showingup the following Exception
here is my code
import javax.naming.*;
import javax.naming.ldap.*;
import javax.naming.directory.*;
import java.util.Hashtable;
import java.net.*;
public class LdapAuth
public static void main(String[] args)
// Set up environment for creating initial context
Hashtable authEnv = new Hashtable(11);
String userName = "sm0013391";
String passWord = "East321";
String base = "ou=people,dc=company,dc=com";
String dn = "sAMAccountName=" + userName + "," + base;
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, "ldap://company.com");
authEnv.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5 ");
authEnv.put(Context.SECURITY_PRINCIPAL, dn);
authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
try {
DirContext authContext = new InitialDirContext(authEnv);
System.out.println("Authentication Success!");
} catch (AuthenticationException authEx)
System.out.println("Authentication failed!");
authEx.printStackTrace();
catch (NamingException namEx) {
System.out.println("Something went wrong!");
namEx.printStackTrace();
}when i am run this program it shows..
javax.naming.AuthenticationException: [LDAP: error code 49 - 8009030C: LdapErr: DSID-0C09043E, comment: AcceptSecurityContext error, data 0, vece ]
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2988)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2735)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2649)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:80)
at LdapAuth.main(LdapAuth.java:35)
plz any one have idea on this..iam using j2sdk1.4.1
is there any need to include any jar files to j2sdk1.4.1??? to run this
need help onthis

Why don't you at least look up RFC 2251 and understand what LDAP Error 49 really means ?
If you look at the post titled JNDI, Active Directory & Authentication (part 3) (Digest-MD5) available at http://forum.java.sun.com/thread.jspa?threadID=581868&tstart=150
you will clearly see that submitting the distinguished name as the user's credential is not supported by Active Directory for Digest-MD5 authentication.

Help needed for using BASIC authentication through JDBCRealm

Help needed.
Hello,
I am doing a degree project, so far it works fine in my local machine, I need to try it on my virtual hosting (as it is a live server).
My project requires JDBCRealm, that is BASIC authentication loading access data from mysql database. Normally this setup can be done in Server.xml file, because my Tomcat hosting is a virtual one, I only have permission to access the web.xml file.
My question is: is it possible to get it done in an alternative way? In web.xml? Some properties file maybe?
Thank you very much.

You can set this up for your context using META-INF/context.xml instead of working with server.xml.
Make a directory called META-INF under your webapp ( it'll be at the same level as WEB-INF ). Under this, add a context.xml with all your context specific configuration including the realm. A sample is below
<?xml version="1.0" encoding="UTF-8"?>
<Context path="/myApp" reloadable="true">
    <Realm
        className="org.apache.catalina.realm.JDBCRealm"
        driverName="com.microsoft.jdbc.sqlserver.SQLServerDriver"
        connectionURL="jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=myDB;SelectMethod=Cursor;"
        connectionName="username" connectionPassword="password"
        digest="MD5" userTable="users" userNameCol="userid" userCredCol="userpassword"
        userRoleTable="user_roles" roleNameCol="rolename"
    />
</Context>Hope this helps.
People on the forum help others voluntarily, it's not their job.
Help them help you.
Learn how to ask questions first: http://faq.javaranch.com/java/HowToAskQuestionsOnJavaRanch
----------------------------------------------------------------

AD authentication using DIGEST-MD5: users have to reset password?

We are using DIGEST-MD5 to authenticate users against Active Directory. Our application ask users for user name and password and pass them to the attached java code. The strange thing is that it works for about 98% of users and it won't work for 2% of users. For those 2% of users, they can login into our domain but the same password won't work for our application.
We have found the workaround will be to ask those users to change their Windows password and after that they will be able to login.
My question is why= changing a user's password will make a difference for those 2% users? I am really puzzled.
Thanks!
try {
Hashtable authEnv = new Hashtable();
//set security credentials, note using DIGEST-MD5
//Requires user account to be stored with reversible encryption
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, ldapURL);
authEnv.put(Context.REFERRAL,"follow"); // required
authEnv.put(Context.SECURITY_AUTHENTICATION, "DIGEST-MD5");
authEnv.put(Context.SECURITY_PRINCIPAL, creds.getUsername());
authEnv.put(Context.SECURITY_CREDENTIALS, creds.getPassword());
DirContext ctx1 = new InitialLdapContext(authEnv,null);
} catch (Exception ex) {
logger.info("Error authenticating user " + creds.getUsername(), ex);
throw new AuthenticationException("Authentication Failed for user " + creds.getUsername());
}

Make sure which version of AD you are using: AD 2000 or AD 2003. For AD 2000, reversible encryption is required and it's not secure. That's why lots administrators do not like it. But for AD 2003, there is no need for password to be stored in reversible way. But there is limitation as to the client application. What works for AD 2000 may not work for AD 2003. For details, you can check the link below:
http://www.forumeasy.com/forums/thread.jsp?tid=115170863235&fid=ldapprof5&highlight=Why+DIGEST-MD5+Authentication+Does+Work
which summarized all working and not-working cases of Digest-Md5 authentication for SunOne, AD 2000 and AD 2003. It's quite informative.

Help needed : Extension manager cs6 not listing products

Help needed to Adobe extension manager cs6 to show all my cs6 products
I downloaded Extension manager from here Adobe - Exchange : Download the Adobe Extension Manager
My Computer windows xp 32bit
My Photosop version cs6
My Dreamweaver version cs6
I installed photoshop here : C:\Program Files\Adobe\Adobe Dreamweaver CS6
and my XManConfigfile
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
    <VariableForExMan>
        <Data key="$sharedextensionfolder">$shareddatafolder/Adobe/Dreamweaver CS6/$LOCALE/Configuration/Extensions</Data>
        <Data key="$dreamweaver">$installfolder</Data>
        <Data key="$dreamweaver/Configuration">$userdatafolder/Adobe/Dreamweaver CS6/$LOCALE/Configuration</Data>
        <Data key="$UserBinfolder">$userdatafolder/Adobe/Dreamweaver CS6/$LOCALE</Data>
        <Data key="NeedOperationNotification">true</Data>
        <Data key="QuitScript">dw.quitApplication()</Data>
        <Data key="SupportedInSuite">CS6</Data>
        <Data key="HostNameForCSXS">DRWV</Data>
        <Data key="ProductVersion">12.0</Data>
        <Data key="Bit">32</Data>
<Data key="DefaultLocale">en_US</Data>
</VariableForExMan>
</Configuration>
Extension manager installed here : C:\Program Files\Adobe\Adobe Extension Manager CS6
Photoshop Installed here: C:\Program Files\Adobe\Adobe Photoshop CS6
and my XManConfigfile
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
    <VariableForExMan>
        <Data key="EmStorePath">$SharedRibsDataFolder/Adobe/Extension Manager</Data>
        <Data key="$photoshopappfolder">$installfolder</Data>
        <Data key="$pluginsfolder">$photoshopappfolder/Plug-Ins</Data>
        <Data key="$presetsfolder">$photoshopappfolder/Presets</Data>
        <Data key="$platform">Win</Data>
        <Data key="$actions">$presetsfolder/Actions</Data>
        <Data key="$blackandwhite">$presetsfolder/Black and White</Data>
        <Data key="$brushes">$presetsfolder/Brushes</Data>
        <Data key="$channelmixer">$presetsfolder/Channel Mixer</Data>
        <Data key="$colorbooks">$presetsfolder/Color Books</Data>
        <Data key="$colorrange">$presetsfolder/Color Range</Data>
        <Data key="$colorswatches">$presetsfolder/Color Swatches</Data>
        <Data key="$contours">$presetsfolder/Contours</Data>
        <Data key="$curves">$presetsfolder/Curves</Data>
        <Data key="$customshapes">$presetsfolder/Custom Shapes</Data>
        <Data key="$duotones">$presetsfolder/Duotones</Data>
        <Data key="$exposure">$presetsfolder/Exposure</Data>
        <Data key="$gradients">$presetsfolder/Gradients</Data>
        <Data key="$huesat">$presetsfolder/Hue Sat</Data>
        <Data key="$imagestatistics">$presetsfolder/Image Statistics</Data>
        <Data key="$keyboardshortcuts">$presetsfolder/Keyboard Shortcuts</Data>
        <Data key="$layouts">$presetsfolder/Layouts</Data>
        <Data key="$lenscorrection">$presetsfolder/Lens Correction</Data>
        <Data key="$levels">$presetsfolder/Levels</Data>
        <Data key="$liquifymeshes">$presetsfolder/Liquify Meshes</Data>
        <Data key="$menucustomization">$presetsfolder/Menu Customization</Data>
        <Data key="$optimizedcolors">$presetsfolder/Optimized Colors</Data>
        <Data key="$optimizedoutputSettings">$presetsfolder/Optimized Output Settings</Data>
        <Data key="$optimizedsettings">$presetsfolder/Optimized Settings</Data>
        <Data key="$patterns">$presetsfolder/Patterns</Data>
        <Data key="$reducenoise">$presetsfolder/Reduce Noise</Data>
        <Data key="$replacecolor">$presetsfolder/Replace Color</Data>
        <Data key="$scripts">$presetsfolder/Scripts</Data>
        <Data key="$selectivecolor">$presetsfolder/Selective Color</Data>
        <Data key="$shadowhighlight">$presetsfolder/Shadow Highlight</Data>
        <Data key="$smartsharpen">$presetsfolder/Smart Sharpen</Data>
        <Data key="$styles">$presetsfolder/Styles</Data>
        <Data key="$textures">$presetsfolder/Textures</Data>
        <Data key="$tools">$presetsfolder/Tools</Data>
        <Data key="$variations">$presetsfolder/Variations</Data>
        <Data key="$webphotogallery">$presetsfolder/Web Photo Gallery</Data>
        <Data key="$workspaces">$presetsfolder/Workspaces</Data>
        <Data key="$zoomify">$presetsfolder/Zoomify</Data>
     <Data key="$hueandsaturation">$presetsfolder/Hue and Saturation</Data>
     <Data key="$lights">$presetsfolder/Lights</Data>
     <Data key="$materials">$presetsfolder/Materials</Data>
     <Data key="$meshes">$presetsfolder/Meshes</Data>
     <Data key="$rendersettings">$presetsfolder/Render Settings</Data>
     <Data key="$volumes">$presetsfolder/Volumes</Data>
     <Data key="$widgets">$presetsfolder/Widgets</Data>
        <Data key="$localesfolder">$photoshopappfolder/Locales</Data>
        <Data key="$additionalplugins">$localesfolder/$LOCALE/Additional Plug-ins</Data>
        <Data key="$additionalpresets">$localesfolder/$LOCALE/Additional Presets</Data>
        <Data key="$localeskeyboardshortcuts">$localesfolder/$LOCALE/Additional Presets/$platform/Keyboard Shortcuts</Data>
        <Data key="$localesmenucustomization">$localesfolder/$LOCALE/Additional Presets/$platform/Menu Customization</Data>
        <Data key="$localesworkspaces">$localesfolder/$LOCALE/Additional Presets/$platform/Workspaces</Data>
        <Data key="$automate">$pluginsfolder/Automate</Data>
        <Data key="$digimarc">$pluginsfolder/Digimarc</Data>
        <Data key="$displacementmaps">$pluginsfolder/Displacement Maps</Data>
        <Data key="$effects">$pluginsfolder/Effects</Data>
        <Data key="$extensions">$pluginsfolder/Extensions</Data>
        <Data key="$fileformats">$pluginsfolder/File Formats</Data>
        <Data key="$filters">$pluginsfolder/Filters</Data>
        <Data key="$imagestacks">$pluginsfolder/Image Stacks</Data>
        <Data key="$importexport">$pluginsfolder/Import-Export</Data>
        <Data key="$measurements">$pluginsfolder/Measurements</Data>
        <Data key="$panels">$pluginsfolder/Panels</Data>
        <Data key="$parser">$pluginsfolder/Parser</Data>
     <Data key="$3dengines">$pluginsfolder/3D Engines</Data>
        <Data key="$lightingstyles">$pluginsfolder/Filters/Lighting Styles</Data>
        <Data key="$matlab">$photoshopappfolder/MATLAB</Data>
        <Data key="UserExtensionFolder">$photoshopappfolder</Data>
        <Data key="$photoshop">$UserDataFolder/Adobe/Adobe Photoshop CS6/Configuration</Data>
        <Data key="DisplayName">Photoshop CS6 32</Data>
        <Data key="ProductName">Photoshop32</Data>
        <Data key="FamilyName">Photoshop</Data>
        <Data key="ProductVersion">13.0</Data>
        <Data key="IconPath">Configuration/PS_exman_24px.png</Data>
        <Data key="SupportedInSuite">CS6</Data>
        <Data key="HostNameForCSXS">PHSP</Data>
        <Data key="Bit">32</Data>
    </VariableForExMan>
</Configuration>
                                                                    Please someone help me i cant install any photoshop extension because of this issue,,,

Waiting for your reply ...thanks
Here is the results
I installed photoshopcs6 illustrator cs6 dreamweaver cs6 illustrator cs6 in the system , But nothing seems
Result: BridgeTalk Diagnostics
Info:
Name = estoolkit-3.8
Status = PUMPING
Path
Version = 2.0
Build = ES 4.2.12
Next serial number = 40
Logging: = OFF
Now = 15:55:49
Messages:
Message Version = 2.05
Authentication = ON
Digest = ON
Thread: estoolkit-3.8#thread
Avg. pump interval = 55ms
Last pump = 62ms ago
Ping: 7
ECHO_REQUEST: ECHO_RESPONSE
Timeout = undefined
Handler = undefined
STATUS: PUMPING
Timeout = undefined
Handler = undefined
MAIN: MAIN
Timeout = undefined
Handler = installed
LAUNCHED: LAUNCHED
Timeout = undefined
Handler = installed
DIAGNOSTICS: DIAGNOSTICS
Timeout = undefined
Handler = installed
INFO: INFO
Timeout = undefined
Handler = installed
SETUPTIME: thread=0ms, left=16ms
Timeout = undefined
Handler = undefined
Instances: 3
estoolkit-3.8#dbg:
msg[15:55:49]: 00000035
@BT>Version = 2.05
Target = estoolkit-3.8#dbg
Sender = estoolkit-3.8#dbg
Sender-ID = localhost:win3788
Timeout = 15:55:50
Type = Ignore
Response-Request = Timeout
Headers = (no headers)
Timestamp = 15:55:49
Serial-Number = 35
Received = undefined
Result = undefined
Error = undefined
Body = (empty)
Incoming: 1
Outgoing: 0
Handler: 9
ExtendScript = for all messages
Error = for only msg #25
Error = for only msg #27
Error = for only msg #31
Result = for only msg #35
Error = for only msg #35
Timeout = for only msg #35
Result = for only msg #37
Error = for only msg #37
estoolkit-3.8#estk:
msg[15:55:49]: 00000037
@BT>Version = 2.05
Target = estoolkit-3.8#estk
Sender = estoolkit-3.8#dbg
Sender-ID = localhost:win3788
Timeout = 16:05:49
Type = Debug
Response-Request = Result Error
Headers = (no headers)
Timestamp = 15:55:49
Serial-Number = 37
Received = undefined
Result = undefined
Error = undefined
Body: 107 bytes
Text = <get-properties engine="main" object="$.global" exclude="undefined,builtin,prototype" all="true" max="20"/>
Incoming: 1
Outgoing: 0
Handler: 1
ExtendScript = for all messages
estoolkit-3.8: (main)
Incoming: 0
Outgoing: 0
Handler: 1
ExtendScript = for all messages
Targets: 1
Connector = PCD
Installed: 0
Running: 0
exman-6.0:
Path = C:\Program Files\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe
Display Name = Adobe Extension Manager CS6
MsgAuthentication = ON
MsgDigest = ON
ESTK = OFF
BundleID = com.adobe.exman
Status = (not running)
ExeName = Adobe Extension Manager CS6.exe
Installed: 1
Running: 0
Groups = (no groups defined)

SASL - Digest MD5 - JNDI Help needed

Similar Messages

Maybe you are looking for