Tue, Jul 20, 2004
Siva can handle creating users and, if AD is set up correctly, their home directories. It all works nicely. However, AD states that you can’t set a user’s password at creation time, you have to go back in and modify it. Also, it’s not as easy as Novell, where you can just connect using plain text and set the password. Well, you can set the password at creation time on Novell eDirectory, so you don’t have to worry about going back in to change it. In AD, you have to connect over SSL, using a root certificate issued by the server and the password must be quoted and Base64 encoded into the bargain. That’s some amount of security considering it’s Microsoft! Normally this wouldn’t be a problem but we’re talking about Microsoft here and there’s a bug that stops this dead in it’s tracks: JNDI fails to work for AD The same code that works on Novell, to connect and bind, fails on AD. Sheesh, what does a man have to do get open source to talk to Microsoft products? You can see what’s happening in the dump:
Thread-2, WRITE: SSLv2 client hello message, length = 98 Thread-2, received EOFException: error Thread-2, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Thread-2, SEND TLSv1 ALERT: fatal, description = handshake_failure Thread-2, WRITE: TLSv1 Alert, length = 2 Thread-2, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake Thread-1, called close() Thread-1, called closeInternal(true)
AD gets a hello message during a handshake and it blows up. I don’t hold out much hope for the fix that Microsoft recommond on the AD side as one of the admins has tried it apparently and it’s still not working.