Windows Server 2012 Digest MD5 Authentication setup for Active Directory

1
votes

May I ask how do I set up an Authentication for Digest MD5 on my Windows Server 2012 active directory to allow the client to authenticate to the server. Here is the code I am using to establish the connection from the client to the server.

Hashtable env = new Hashtable()
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory")
env.put(Context.SECURITY_AUTHENTICATION,"DIGEST-MD5 CRAM-MD5")
env.put(Context.SECURITY_PROTOCOL,"ssl")
env.put(Context.PROVIDER_URL,"ldap://test.com:636/") //The Window Server Address
env.put(Context.SECURITY_PRINCIPAL,"CN=DemoUser,OU=test,DC=test,DC=com")
env.put(Context.SECURITY_CREDENTIALS,"thepasswordishere")
try {
    def ctx = new InitialDirContext(env)
    if (ctx) {
              println "Authentication Success"
            }
}catch(AuthenticationException elc){
println elc.printStackTrace()
println "Authentication Fail"
}catch(Exception e){
println e.printStackTrace()
}
ctx.close()
1
active-directoryldapwindows-server-2012digest-authenticationsasl

1 Answers

0
votes

Same problem for me here on Windows Server 2012R2.

If it is not crucial for you, there is a workaround - use the value in sAMAccountName or userPrincipalName format for Context.SECURITY_PRINCIPAL.

Because the distinguishedName format you are currently using seems to be causing troubles.

Here is what should work for you: 

env.put(Context.SECURITY_PRINCIPAL,"DemoUser")

Few references describing similar issues:

"Active Directory does not support distinguished name."

"The distinguished name (DN) does not work for authentication; the userPrincipalName attribute must be used instead."