SASL query
in [Microsoft Exchange]
|
Prev: Trying to understand Pop3 Settings on Exchange 2003
Next: Email Classified as Spam After Scheduled Task Reboot
From: shivaraj on 8 Jun 2010 01:11 Hi, I want to know 1. How to check if SASL authentication is enabled in a Active Directory? 2. How to enable/install SASL authentication in my Active Directory server? 3. How to connect to AD using LDAP with JNDI in case SASL is enabled? Here with my findings: 1. Came across with a sample code to fetch all supported SASL mechanisms. ========================== DirContext dirContext = new InitialDirContext(env); NamingEnumeration results = null; SearchControls controls = new SearchControls(); controls.setSearchScope(SearchControls.OBJECT_SCOPE); results = dirContext.search("", "(objectclass=*)",controls); while(results.hasMore()) { SearchResult searchResult = (SearchResult)results.next(); Attributes attributes = searchResult.getAttributes(); String attr = attributes.get("supportedSASLMechanisms").toString(); System.out.println("attributes :: "+attr); } ========================== But this will work only if the authentication succeeds. In my case, I am not able to Authenticate to AD with clear text username password. Hence how to check which form of authentication should I use? 2. Did not get how to enable/install SASL in my Active Directory. 3. Tried with ================================ env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.PROVIDER_URL, "ldap://"+domain+":389"); env.put("javax.security.sasl.policy.noactive", "true"); env.put("javax.security.sasl.qop","auth"); env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5"); env.put(Context.SECURITY_PRINCIPAL, userName); env.put(Context.SECURITY_CREDENTIALS, password); DirContext dirContext = new InitialDirContext(env); =================================== But this will throw javax.naming.AuthenticationNotSupportedException: GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5 What should I do to get this working? Regards, Shivaraj
From: Ed Crowley [MVP] on 8 Jun 2010 12:38
This is an Exchange forum. I don't see anything about Exchange in that post. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." .. "shivaraj" <shivaraj.malannavar(a)gmail.com> wrote in message news:a5b5ac13-a96d-4957-8079-99eb13b2d53b(a)5g2000yqz.googlegroups.com... > Hi, > I want to know > 1. How to check if SASL authentication is enabled in a Active > Directory? > 2. How to enable/install SASL authentication in my Active Directory > server? > 3. How to connect to AD using LDAP with JNDI in case SASL is enabled? > > Here with my findings: > 1. Came across with a sample code to fetch all supported SASL > mechanisms. > ========================== > DirContext dirContext = new InitialDirContext(env); > NamingEnumeration results = null; > SearchControls controls = new SearchControls(); > controls.setSearchScope(SearchControls.OBJECT_SCOPE); > results = dirContext.search("", "(objectclass=*)",controls); > > while(results.hasMore()) > { > SearchResult searchResult = (SearchResult)results.next(); > Attributes attributes = searchResult.getAttributes(); > String attr = > attributes.get("supportedSASLMechanisms").toString(); > System.out.println("attributes :: "+attr); > } > ========================== > But this will work only if the authentication succeeds. In my case, I > am not able to Authenticate to AD with clear text username password. > Hence how to check which form of authentication should I use? > > 2. Did not get how to enable/install SASL in my Active Directory. > > 3. Tried with > ================================ > env.put(Context.INITIAL_CONTEXT_FACTORY, > "com.sun.jndi.ldap.LdapCtxFactory"); > env.put(Context.PROVIDER_URL, "ldap://"+domain+":389"); > > env.put("javax.security.sasl.policy.noactive", > "true"); > env.put("javax.security.sasl.qop","auth"); > env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI, GSS-SPNEGO, > EXTERNAL, DIGEST-MD5"); > > env.put(Context.SECURITY_PRINCIPAL, userName); > env.put(Context.SECURITY_CREDENTIALS, > password); > DirContext dirContext = new > InitialDirContext(env); > =================================== > But this will throw javax.naming.AuthenticationNotSupportedException: > GSSAPI, GSS-SPNEGO, EXTERNAL, DIGEST-MD5 > > What should I do to get this working? > Regards, > Shivaraj |