We are now starting to use the LDS but we have an issue with the DIGEST-MD5 bindings.
This biddings is working find with Proxy user ( synchronized with the AD ) but not specific LDS User.
Here is the code i use......to
test the login with both type of user
We've take a look in different sources and we check that supportedSASLMechanisms contains the DIGEST-MD5 format.
We also add the ADAMDisableSSI=0 like the documentation says.
But the login failed with MD5, we are able to see the log of what happen (see below)
The error is AcceptSecurityContext error, data 52e which means that the paswword does not fit.
What we think is that for DIGEST-MD5 to work , client's password must be stored using reversible encryption so that the authentication agent (AD) can retrieve the password in clear text and then calculate the hash H().
But how to do it ?
We would appreciate if someone can give us a clue on this topic
Thanks and regards
Benjamin LĂ©onard
LOG of MD5 exchenge
-> W8GVB723:389
0000: 30 18 02 01 01 60 13 02 01 03 04 00 A3 0C 04 0A 0....`..........
0010: 44 49 47 45 53 54 2D 4D 44 35 DIGEST-MD5
<- W8GVB723:389
0000: 30 84 00 00 01 30 02 01 01 61 84 00 00 01 27 0A 0....0...a....'.
0010: 01 0E 04 00 04 00 87 82 01 1C 71 6F 70 3D 22 61 ..........qop="a
0020: 75 74 68 2C 61 75 74 68 2D 69 6E 74 2C 61 75 74 uth,auth-int,aut
0030: 68 2D 63 6F 6E 66 22 2C 63 69 70 68 65 72 3D 22 h-conf",cipher="
0040: 33 64 65 73 2C 72 63 34 22 2C 61 6C 67 6F 72 69 3des,rc4",algori
0050: 74 68 6D 3D 6D 64 35 2D 73 65 73 73 2C 6E 6F 6E thm=md5-sess,non
0060: 63 65 3D 22 2B 55 70 67 72 61 64 65 64 2B 76 31 ce="+Upgraded+v1
0070: 66 31 64 38 65 31 34 66 38 66 30 65 62 38 34 36 f1d8e14f8f0eb846
0080: 30 34 34 61 61 36 64 39 61 64 32 31 32 30 62 34 044aa6d9ad2120b4
0090: 32 38 64 61 63 37 62 30 30 64 36 61 63 62 30 31 28dac7b00d6acb01
00A0: 36 33 31 34 65 32 36 35 31 64 39 34 34 30 61 66 6314e2651d9440af
00B0: 36 64 36 36 39 39 66 61 62 37 32 38 62 61 61 32 6d6699fab728baa2
00C0: 31 33 32 61 32 65 37 34 62 62 37 64 32 66 38 62 132a2e74bb7d2f8b
00D0: 62 66 34 64 61 63 33 32 32 62 64 30 36 31 36 32 bf4dac322bd06162
00E0: 22 2C 63 68 61 72 73 65 74 3D 75 74 66 2D 38 2C ",charset=utf-8,
00F0: 72 65 61 6C 6D 3D 22 67 6C 61 76 65 72 62 65 6C realm="glaverbel
0100: 2E 63 6F 6D 22 2C 72 65 61 6C 6D 3D 22 43 4E 3D .com",realm="CN=
0110: 44 4D 5A 41 75 74 68 65 6E 74 69 63 61 74 69 6F DMZAuthenticatio
0120: 6E 2C 44 43 3D 67 6C 61 76 65 72 62 65 6C 2C 44 n,DC=glaverbel,D
0130: 43 3D 63 6F 6D 22 C=com"
-> W8GVB723:389
0000: 30 82 01 75 02 01 02 60 82 01 6E 02 01 03 04 00 0..u...`..n.....
0010: A3 82 01 65 04 0A 44 49 47 45 53 54 2D 4D 44 35 ...e..DIGEST-MD5
0020: 04 82 01 55 63 68 61 72 73 65 74 3D 75 74 66 2D ...Ucharset=utf-
0030: 38 2C 75 73 65 72 6E 61 6D 65 3D 22 43 47 42 31 8,username="CGB1
0040: 30 30 36 31 22 2C 72 65 61 6C 6D 3D 22 67 6C 61 0061",realm="gla
0050: 76 65 72 62 65 6C 2E 63 6F 6D 22 2C 6E 6F 6E 63 verbel.com",nonc
0060: 65 3D 22 2B 55 70 67 72 61 64 65 64 2B 76 31 66 e="+Upgraded+v1f
0070: 31 64 38 65 31 34 66 38 66 30 65 62 38 34 36 30 1d8e14f8f0eb8460
0080: 34 34 61 61 36 64 39 61 64 32 31 32 30 62 34 32 44aa6d9ad2120b42
0090: 38 64 61 63 37 62 30 30 64 36 61 63 62 30 31 36 8dac7b00d6acb016
00A0: 33 31 34 65 32 36 35 31 64 39 34 34 30 61 66 36 314e2651d9440af6
00B0: 64 36 36 39 39 66 61 62 37 32 38 62 61 61 32 31 d6699fab728baa21
00C0: 33 32 61 32 65 37 34 62 62 37 64 32 66 38 62 62 32a2e74bb7d2f8bb
00D0: 66 34 64 61 63 33 32 32 62 64 30 36 31 36 32 22 f4dac322bd06162"
00E0: 2C 6E 63 3D 30 30 30 30 30 30 30 31 2C 63 6E 6F ,nc=00000001,cno
00F0: 6E 63 65 3D 22 59 6F 7A 64 36 35 2F 4F 68 48 6B nce="Yozd65/OhHk
0100: 51 32 36 32 66 6A 47 72 5A 7A 68 4F 48 4E 41 42 Q262fjGrZzhOHNAB
0110: 6E 56 5A 77 4A 54 34 79 46 7A 42 50 49 22 2C 64 nVZwJT4yFzBPI",d
0120: 69 67 65 73 74 2D 75 72 69 3D 22 6C 64 61 70 2F igest-uri="ldap/
0130: 57 38 47 56 42 37 32 33 22 2C 6D 61 78 62 75 66 W8GVB723",maxbuf
0140: 3D 36 35 35 33 36 2C 72 65 73 70 6F 6E 73 65 3D =65536,response=
0150: 34 36 65 30 62 38 39 32 31 34 33 38 32 61 64 37 46e0b89214382ad7
0160: 39 30 66 35 66 62 33 65 30 33 62 39 63 36 62 63 90f5fb3e03b9c6bc
0170: 2C 71 6F 70 3D 61 75 74 68 ,qop=auth
<- W8GVB723:389
0000: 30 84 00 00 00 68 02 01 02 61 84 00 00 00 5F 0A 0....h...a...._.
0010: 01 31 04 00 04 58 38 30 30 39 30 33 30 43 3A 20 .1...X8009030C:
0020: 4C 64 61 70 45 72 72 3A 20 44 53 49 44 2D 30 43 LdapErr: DSID-0C
0030: 30 39 30 34 44 30 2C 20 63 6F 6D 6D 65 6E 74 3A 0904D0, comment:
0040: 20 41 63 63 65 70 74 53 65 63 75 72 69 74 79 43 AcceptSecurityC
0050: 6F 6E 74 65 78 74 20 65 72 72 6F 72 2C 20 64 61 ontext error, da
0060: 74 61 20 35 32 65 2C 20 76 31 64 62 30 00 ta 52e, v1db0.