Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-436

Inconsistency between hostname specified in setup and DIGEST-MD5 fqdn of server.

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.0
    • Component/s: core server
    • Labels:
      None

      Description

      There can be an inconsistency between the hostname specified in setup by -h and the fqdn of OpenDJ server depending on what value is specified during setup and what the fqdn of the host resolves to.

      For example, this can have an affect on the SASL DIGEST-MD5 mechanism.

      In setup:
      setup --cli -n -h gary-laptop.local -p 1389 --adminConnectorPort 4444 -b "dc=com" -D "cn=myself" -w "password" -O

      ldapsearch -h gary-laptop.local -p 1389 -o mech=DIGEST-MD5 -o "authid=dn:cn=Zroot Manager,cn=Root DNs,cn=config" -w froglegs -b "dc=example,dc=com" "objectclass=*"

      The SASL DIGEST-MD5 bind attempt failed
      Result Code: 49 (Invalid Credentials)

      This is seen in access log as 'localhost'
      [05/Mar/2012:20:26:40 +0100] BIND RES conn=8 op=1 msgID=2 result=49 authFailureID=1310929 authFailureReason="SASL DIGEST-MD5 protocol error: SaslException(DIGEST-MD5: digest response format violation. Mismatched URI: ldap/gary-laptop.local; expecting: ldap/localhost)" etime=1

      errors log is saying fqdn is localhost
      [05/Mar/2012:20:33:32 +0100] category=EXTENSIONS severity=INFORMATION msgID=1048797 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: localhost

      Hostname of system resolving to:
      #hostname
      gary-laptop

      >>>> Configure the properties of the Digest MD5 SASL Mechanism Handler

      Property Value(s)
      -----------------------------------------------------------------------
      1) enabled true
      2) identity-mapper Exact Match
      3) quality-of-protection none
      4) realm If this value is not provided, then the server
      defaults to use the fully qualified hostname of
      the machine.
      5) server-fqdn The server attempts to determine the
      fully-qualified domain name dynamically.

      In Digest MD5 SASL Mechanism Handler for server-fqdn it is getting the value dynamically from call to get hostname.

      In might be better to use the hostname specified in setup as the fqdn.

        Attachments

          Activity

            People

            Assignee:
            matthew Matthew Swift
            Reporter:
            gary.williams Gary Williams
            Dev Assignee:
            Matthew Swift Matthew Swift
            QA Assignee:
            Gary Williams Gary Williams
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: