We've created an Open Directory master on OSX 10.10 Yosemite + Server.app v4:
$ sudo slapconfig -createldapmasterandadmin admin Administrator 1000
But it doesn't support DIGEST-MD5
:
$ ldapsearch -x -LLL -b "" -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: CRAM-MD5
Which is a problem because users can't authenticate against collabd
(for Profile/Device manager, or Wiki):
<Error>: [CSAuthService.m:326 667e000 +86ms] Digest did not validate
<Error>: [CSServiceDispatcher.m:261 667e000 +0ms] Caught exception "Invalid Credentials" [CSAuthBadDigest] executing [http]Request{AuthService.validateUsernameAndPasswordDigest:remember:(<<scrubbed>>)}:
(
0 CoreFoundation 0x00007fff8d35c64c __exceptionPreprocess + 172
1 libobjc.A.dylib 0x00007fff92ec76de objc_exception_throw + 43
2 CSService 0x000000010425fc90 -[CSAuthService sessionForDigest:remember:] + 1681
3 CSService 0x000000010425f5a7 -[CSAuthService validateUsernameAndPasswordDigest:remember:] + 65
4 CoreFoundation 0x00007fff8d23533c __invoking___ + 140
5 CoreFoundation 0x00007fff8d235192 -[NSInvocation invoke] + 290
6 CSService 0x00000001041dce3d -[CSServiceDispatcher executeRequest:asPartOfBatch:usingServiceImpl:] + 4774
7 CSService 0x00000001041dd91e __43-[CSServiceDispatcher executeBatchRequest:]_block_invoke_3 + 83
8 CSService 0x00000001041e2a22 -[NSArray(CollabBlockMethods) map:] + 249
9 CSService 0x00000001041dd877 __43-[CSServiceDispatcher executeBatchRequest:]_block_invoke_2 + 160
10 CSService 0x00000001041e3100 +[CSExecutionTimer recordTime:ofBlock:] + 74
11 CSService 0x00000001041e2f3b +[CSExecutionTimer timerNamed:aroundBlock:] + 76
12 CSService 0x00000001041dd5c4 __43-[CSServiceDispatcher executeBatchRequest:]_block_invoke + 323
13 PostgreSQLClient 0x00000001041400b3 -[PGCConnection transactionInBlock:onError:] + 149
14 CSService 0x00000001041dd3fa -[CSServiceDispatcher executeBatchRequest:] + 277
15 CSService 0x0000000104253aab +[CSServiceDispatchHTTPRouter routeServiceRequest:response:] + 1024
16 CSService 0x00000001041e399e __21-[CSServiceBase init]_block_invoke_6 + 48
17 CSService 0x0000000104250af4 __53-[CSRoutingHTTPConnection httpResponseForMethod:URI:]_block_invoke + 92
18 CSService 0x00000001042540ea -[CSHTTPBackgroundResponse bounce:] + 284
19 Foundation 0x00007fff8e14cb7a __NSThread__main__ + 1345
20 libsystem_pthread.dylib 0x00007fff9ad2f2fc _pthread_body + 131
21 libsystem_pthread.dylib 0x00007fff9ad2f279 _pthread_body + 0
22 libsystem_pthread.dylib 0x00007fff9ad2d4b1 thread_start + 13
)
How does one enable DIGEST-MD5
?
Best Answer
Try listing the password server's supported hash types with
...and see if it includes RECOVERABLE (which I believe is needed for both DIGEST-MD5 and WEBDAV-DIGEST) (note that this won't list GSSAPI/Kerberos, since this is handled by a separate service). Unfortunately I don't have a way to test this right not, but if it's missing, try:
...and see if that adds the needed auth mechanisms. Note that this won't apply to individual users until the next time their password is changed.