tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Egolf <ceg...@ugholf.net>
Subject JNDIRealm using LDAP with SSL
Date Mon, 28 Jul 2003 15:49:56 GMT
Does anyone have any experience getting ldaps working w/ the JDNIRealms in 
Tomcat 4.1.24?  Regular LDAP is working fine, but when I change the connection 
URL to ldaps://<ldap-host>:636 I get the following error:

2003-07-28 09:40:49 JNDIRealm[Standalone]: Connecting to URL ldaps://10.1.1.50:636
2003-07-28 09:40:50 JNDIRealm[Standalone]: Exception performing authentication
javax.naming.CommunicationException: simple bind failed: 10.1.1.50:636 [Root 
exception is javax.net.ssl.SSLException: Connection has been shutdown: 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
No trusted certificate found]


My Realm element in server.xml:

<Realm  className="org.apache.catalina.realm.JNDIRealm" debug="99"
                 resourceName="UserDatabase"
                 connectionURL="ldaps://10.1.1.50:636"
                 connectionName="cn=TOMCAT,ou=WebAppUser,ou=MyOU,o=MyCompany"
                 connectionPassword="password"
                 userBase="o=MyCompany"
                 userSearch="(&amp;(cn={0})(objectClass=inetOrgPerson))"
                 userSubtree="true"
                 roleBase="ou=WebAppGrp,ou=MyOU,o=MyCompany"
                 roleSearch="(uniqueMember={0})"
                 roleName="cn"
         />


Like I said, this works if connectionURL="ldap://10.1.1.50:389".  I can connect 
to the LDAP server (Novell eDirectory) via SSL using a Java browser if I accept 
the certificate, so I wonder if that might have something to do with it.

I've also successfully followed the Config-SSL-HOWTO, accepted the certificate 
from the server and setup the keystore for the connector as described, but I get 
the feeling that this is strictly for enabling SSL over HTTP.

Thanks in advance.

Chris


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message