I'm using JNDIRealm to authenticate to OpenLDAP 2.2.28. Within OpenLDAP I've configured the userPassword attribute for each user to contain the MD5 digest, and each is prefixed with the string "{MD5}". I am not an LDAP expert by any means but I believe this prefix is a standard convention. Anyway assuming this is a convention then JNDIRealm needs to strip off the "{MD5}" portion much like it does with "{SHA1}". See attached patch which accomplishes this and I verified it works in my environment.
Created attachment 17249 [details] Handle password digests that are prefixed with "{MD5}".
Thanks for the patch and sorry for the delay. This has been applied to trunk and proposed for 6.0.x and 5.5.x
Fixed in 6.0.x and will be included in 6.0.21 omwards
This has been fixed in 5.5.x and will be included in 5.5.28 onwards.