Environment
Novell Modular Authentication Service
Situation
DIGEST-MD5 Authentication not working.
When an LDAP bind is made using MD5 authentication, error 49 is displayed.
Error: Failed to authenticate full context on connection 0x000000, err = no such attribute (-603)
Resolution
NOTE: It is not required to have the simple password match the regular eDirectory user password.
As soon as both the Simple Password and the Digest-MD5 methods are added and assigned a simple password, the LDAP binds should worked fine.
NOTE: In order to use LDAPSEARCH with MD5 authentications, you need to use an LDAPSEARCH tool that will do MD5. The LDAPSEARCH tool bundled with eDirectory does not do MD5 authentication. You can obtain the LDAPSDK from www.openldap.org.
Additional Information
You can add the login methods either from the Linux command line, ConsoleOne, or iManager. An example of the command line usage of nmasinst is as follows:
nmasinst -i <admin context> <treename> -h <ServerIpAddress> <port number>
E.g. nmasinst -i admin.novell Linux_tree -h 192.100.100.135 398
nmasinst -addmethod <admin context> <treename> <config.txt file path> -h <ServerIpAddress> <port number>
E.g. nmasinst -addmethod admin.novell Linux_tree /code/nmas/md5/config.txt -h 192.100.100.135 398
The NMAS installation has an NMASMethods directory for each of the various methods you must configure. If you are using the UNIX command line 'nmasinst' to add methods, you must have the digestmd5 directory on the UNIX hard drive. This contains .lmo files as well as the config.txt file. You need that directory available for the nmasinst -addmethods function to work properly.
The NMAS snap-ins must be installed for Console One and iManager.
To find the proper SNAP-In's, you can go to the dl.netiq.com web page, change your search to KEYWORD, and type in SNAP-IN and hit enter. This will list all the available Snap-Ins from which you can download the FullNMAS Snap-In
Once the Snap-Ins are installed you can properly configure the NMAS Login Methods as per the NMAS 3.3 documentation. Make sure you install the Simple Password and Digest MD5 methods for this issue.
Formerly known as TID# 10080726