Installing the Digest Authentication Plug-in

For Digest authentication using an LDAP-based directory service, you must install the Digest authentication plug-in. This plug-in computes a digest value on the server side, and compares this value against the digest value provided by the client. If the digest values match, the user is authenticated.

If you are using a file-based authentication database, you do not need to install the Digest authentication plug-in.

Installing the Digest Authentication Plug-in on UNIX

The Digest authentication plug-in consists of a shared library and a ldif file:

• libdigest-plugin.lib

• libdigest-plugin.ldif

To Install the Digest Authentication Plug-in on UNIX

Before You Begin

• Make sure this shared library resides on the same server computer on which the Oracle Directory Server Enterprise Edition is installed.

• Make sure you know the Directory Manager password.

• Modify the libdigest-plugin.ldif file changing all references to /path/to to the location where you installed the digest plug-in shared library.

1. To install the plug-in, type the command:

   % ldapmodify -D "cn=Directory Manager" -w password -a < libdigest-plugin.ldif

Installing the Digest Authentication Plug-in on Windows

You must copy several .dll files from the Proxy Server installation to your Oracle Directory Server Enterprise Edition server computer for the Directory Server to start properly with the Digest plug-in.

To Install the Digest Authentication Plug-in on Windows

1. Access the shared libraries in Proxy Server in server-root\bin\proxy\bin.

2. Copy the files nsldap32v50.dll, libspnr4.dll, and libplds4.dll onto the appropriate directory:

3. Paste them into either:

   • \Winnt\system32

     • The Oracle Directory Server Enterprise Edition install directory: server-root\bin\sldap\server

Setting Oracle Directory Server Enterprise Edition to Use the DES Algorithm

The DES algorithm is needed to encrypt the attribute where the digest password is stored.

To Set Directory Server to Use the DES algorithm

1. Launch the Directory Server Console.

2. Open your Directory Server instance.

3. Select the Configuration tab.

4. Click the + sign next to plug-ins.

5. Select the DES plug-in.

6. Choose Add to add a new attribute.

7. Type iplanetReversiblePassword.

8. Click Save.

9. Set a Digest authentication password.

   ---

   Note –

   The server uses the iplanetReversiblePassword attribute which is in the object class iplanetReversiblePassword. To use a Digest authentication password in the iplanetReversiblePassword attribute for a user, your entry must include the iplanetReversiblePasswordobject object.

   This can be done using ldapmodify or using the Directory Server administration interface.

   ---

   Using ldapmodify —

   Create a file digest.ldif to store the LDAP commands. Adding the password is a two-step process.

   1. Add the object class to the digest.ldif.

      The file looks similar to the following (you can have more ldif files based on the Directory Server users and the ACL):

      dn:uid=user1,dc=india,dc=sun,dc=com changetype:modify add:objectclass objectclass:iplanetReversiblePasswordobject dn:uid=user1,dc=india,dc=india,dc=sun,dc=com changetype:modify add:iplanetReversiblePassword iplanetReversiblePassword:user1

   2. # ldapmodify -D “cn={CN_Value}” -w <password> -a <ldif_file_name>

10. Restart your Oracle Directory Server Enterprise Edition instance and verify that the user attributes are added to the Directory Server database.