tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davi Leal <d...@leals.com>
Subject JNDIRealm source code - (was: Re: Tomcat vs Bea WebLogic)
Date Sat, 11 Oct 2003 10:34:07 GMT
Hi,

I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft 
Site Server service to authenticate our webapps.

I get an "error code 2" exception (Protocol Error) only when the user and the 
password is right. That is to say, when an OK is expected. I am thinking 
about modify the JNDIRealm to support that Micro$oft returned 'code', instead 
of raising an exception. It looks easy :) . You can see below the appointed 
catalina log.

Can you supply me any URL, CVS repository, or whatever which points me to the 
JNDI source code?.

I have read the JNDI API I must use is the one included in Java sdk 1.4.2.

Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.

Regards,
Davi Leal


Tim Funk wrote:
> I have gotten JNDIRealm to work against iPlanet. I have heard others get it
> working against:
> - Active Directory (I personally had problems due to some IT policies)
> - Novell
> - OpenLDAP
>
> But in the worst case - the code is open for change so creating a custom
> Realm should be simple if one understands JNDI programming. Which is what I
> had to do with respect to ActiveDirectory and wacky business rules vs
> domain setup.
>
> -Tim
>
>
> David Diaz wrote:
> > Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
> >
> >  The WebLogic LDAP realm has been tested against the following LDAP
> > servers:
> >     * OpenLDAP
> >     * iPlanet Directory Server
> >     * Microsoft Site Server
> >
> > I would like to get a similar Tomcat link to show to my boss.





APPENDIX
========



The catalina log
----------------

59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003


* Testing with a no-existent user:

44 JNDIRealm[Standalone]: lookupUser(davi)
44 JNDIRealm[Standalone]:   dn=cn=davi,ou=Members,o=tpi
44 JNDIRealm[Standalone]:   validating credentials by binding as the user
44 JNDIRealm[Standalone]:   binding as cn=davi,ou=Members,o=org
44 JNDIRealm[Standalone]:   bind attempt failed
44 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario davi


* Testing with an user which is right, but using a worng password:

36 JNDIRealm[Standalone]: lookupUser(ph32796)
36 JNDIRealm[Standalone]:   dn=cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]:   validating credentials by binding as the user
36 JNDIRealm[Standalone]:   binding as cn=ph32796,ou=Members,o=org
36 JNDIRealm[Standalone]:   bind attempt failed
36 JNDIRealm[Standalone]: Autentificaci¾n fallida para el usuario ph32796


* Testing with both user and password right:

09 JNDIRealm[Standalone]: lookupUser(phe2796)
09 JNDIRealm[Standalone]:   dn=cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]:   validating credentials by binding as the user
09 JNDIRealm[Standalone]:   binding as cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: Excepci¾n al realizar la autentificaci¾n
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error]; 
remaining name ''
   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
   ...
09 JNDIRealm[Standalone]: Closing directory context




The realm we are using in server.xml
------------------------------------

<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
 connectionName="cn=PHE2796,ou=Members,o=org"
 connectionPassword="****"
 connectionURL="ldap://host:1003"
 userPattern="cn={0},ou=Members,o=org"
 userSubtree="true"
 roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org"
 roleName="cn"
 roleSearch="(uniqueMember={0})"
/>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message