小贝子编程

JNDI:ApacheDS:INVALID_CREDENTIALS:DIGEST-MD5:摘要响应格式冲突.不匹配的UR



我正在尝试使用JNDI对用户进行身份验证,安全级别为SASL。以下是我的示例代码。

import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
public class Test {
    private static final String CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    private static final String PROVIDER_URL = "ldap://localhost:10389";
    private static final String SECURITY_AUTHENTICATION = "DIGEST-MD5";
    public static void main(String[] args) throws NamingException {
        Hashtable<String, String> env = new Hashtable<String, String>(11);
        env.put(Context.INITIAL_CONTEXT_FACTORY, CONTEXT_FACTORY);
        env.put(Context.PROVIDER_URL, PROVIDER_URL);
        env.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
        env.put(Context.SECURITY_PRINCIPAL,
                "cn=Krishna,ou=people,dc=example,dc=com");
        env.put(Context.SECURITY_CREDENTIALS, "password123");
        try {
            DirContext ctx = new InitialDirContext(env);
            System.out.println("Authentication Successful");
            ctx.close();
        } catch (NamingException e) {
            System.out.println("Authentication Failed");
            e.printStackTrace();
        }
    }
}

我在目录中使用MD5算法加密了密码。当我试图运行上面的程序时,我得到了以下错误。

身份验证失败的

javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Mismatched URI: ldap/localhost; expecting: ldap/ldap.example.com]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    at javax.naming.InitialContext.init(InitialContext.java:244)
    at javax.naming.InitialContext.<init>(InitialContext.java:216)
    at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
    at jndi_tutorial.Test.main(Test.java:26)

但是,当我尝试使用简单的机制(SECURITY_AUTHENTICATION="simple")进行身份验证时,我的身份验证是成功的。我缺少什么配置吗?

  1. 检查您的LDAP服务器是否支持DIGEST-MD5 SASL机制。

    DirContext ctx = new InitialDirContext();
Attributes attrs = ctx.getAttributes("ldap://<HSOT>:<PORT>", new  String[]{"supportedSASLMechanisms"});

  2. 检查密码是否真的以MD5摘要/哈希的形式存储在LDAP服务器中。

    使用Apache Dir Studio等LDPAP浏览器连接到LDAP服务器,并检查密码属性。它将以所使用的哈希机制为前缀。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium