Return-Path: <rvaughn@lubbockisd.org>
Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-user@jakarta.apache.org
Received: (qmail 30018 invoked from network); 28 Aug 2003 14:05:21 -0000
Received: from unknown (HELO exchbe1.lubbock.isd) (64.216.41.140)
  by daedalus.apache.org with SMTP; 28 Aug 2003 14:05:21 -0000
X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C36D6D.37B25D2C"
Subject: JNDI realm to access AD
Date: Thu, 28 Aug 2003 09:03:54 -0500
Message-ID: <B55A673A5A006B42BB15B62A828008A109AA71@exchbe1.lubbock.isd>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: JNDI realm to access AD
Thread-Index: AcNtbTeuuewNN3eQTBatQEmg9EBlQg==
From: "Robyne Vaughn" <rvaughn@lubbockisd.org>
To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

------_=_NextPart_001_01C36D6D.37B25D2C
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Hi,
I'm new to Tomcat and ADs. I'm trying to configure a JNDI realm (Tomcat
4.1.17 on IBM AS/400) to authenticate to Active Directory(microsoft on a
server). I've found a couple of brief examples to follow, but don't
understand the nomenclature well enough to make mine work on our
installation. I saw on one webpage that I may need an LDAP driver.
However, I thought that was what ADserver accomplished.(?) I followed
this example: http://www.java-internals.com/code/jndi_realm.html
<http://www.java-internals.com/code/jndi_realm.html> =20

This is my code (with altered user-id, password, and ip address):=20

<Realm className=3D"org.apache.catalina.realm.JNDIRealm" debug=3D"99"
connectionURL=3D"ldap://19.999.9.9:389"=20
userBase=3D"CN=3DUsers,dc=3DLubbock,dc=3Disd"
userSearch=3D"(userPrincipalName=3D{0})"
userRoleName=3D"member"
roleBase=3D"CN=3DUsers,dc=3DLubbock,dc=3Disd"
roleName=3D"cn"
roleSearch=3D"(member=3D{0})"
connectionName=3D"CN=3DTomcatUserId,DC=3Dlubbock,DC=3Disd"=20
connectionPassword=3D"TomcatPassword"
roleSubtree=3D"true"
userSubtree=3D"true"/>=20

This is the error I get:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525,
v893=20

 =20

I can't figure out if we have a "Users" item.  The guys in charge of our
ADs can't tell me its properties.  It's new to them.  They showed me a
script they used to populate it.   =20

under the column labled objectCategory, the entry is:
CN=3DPerson,CN=3DSchema,CN=3DConfiguration,DC=3Dlubbock,DC=3Disd=20

under the column labled objectClass the entry is:  user  =20

The other column headings are:=20

DN    distinguished name   name   cn   descrioption   displayNmae   mail
givenName   sAMAccountName   sn   userAccountControl   userPrincipalName
homeDirectory   homeDrive=20

Under the column labled DN and under the column labled distinguishedName
the entry is the same:=20

CN=3DJohn Doe, OU=3DCO,DC=3Dlubbock,DC=3Disd=20

The AD support guys told me that OU=3DCO means Organizational Unit =3D
Central office.  I want to be able to search across all OU's.=20

Any help or suggestions would be greatly appreciated.=20

Thanks,

=20
Robyne K. Vaughn
Programmer/Analyst
Lubbock ISD
1628 19th St
Lubbock, TX 79401
806-766-1119
=20

------_=_NextPart_001_01C36D6D.37B25D2C--