Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide

ProcedureTo Configure the DIGEST-MD5 Mechanism

The following procedure explains how to configure Directory Server to use DIGEST-MD5.

You cannot use DSCC to perform this task. Use the command line, as described in this procedure.

  1. Use the ldapsearch command to verify that DIGEST-MD5 is a value of the supportedSASLMechanisms attribute on the root entry.

    For example, the following command shows which SASL mechanisms are enabled:

    $ ldapsearch -h host -p port -D cn=admin,cn=Administrators,cn=config -w - \
     -s base -b "" "(objectclass=*)" supportedSASLMechanisms
    Enter bind password:
    supportedSASLMechanisms: EXTERNAL
    supportedSASLMechanisms: DIGEST-MD5
    supportedSASLMechanisms: GSSAPI
  2. If DIGEST-MD5 is not enabled, enable it.

    $ ldapmodify -h host -p port -D cn=admin,cn=Administrators,cn=config -w - 
    Enter bind password:
    dn: cn=SASL, cn=security, cn=config
    changetype: modify
    add: dsSaslPluginsEnable
    dsSaslPluginsEnable: DIGEST-MD5
    replace: dsSaslPluginsPath
    dsSaslPluginsPath: SASL-library

    where SASL-library is one of the following:

    JES installation


    Zip installation


  3. Use the default identity mapping for DIGEST-MD5, or create new ones.

    For information, see DIGEST-MD5 Identity Mappings.

  4. Ensure that the password is stored in {CLEAR} for all users who will access the server through SSL using DIGEST-MD5.

    See Chapter 8, Directory Server Password Policy for password storage schemes.

  5. If you modified the SASL configuration entry or one of the DIGEST-MD5 identity mapping entries, restart Directory Server.