tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jess Holle <je...@ptc.com>
Subject Re: Authenticating with LDAP against multiple organizational units
Date Mon, 17 Oct 2005 15:45:24 GMT
My guess is that you need to direct the LDAP URL at the ADS "global 
catalog", which oddly enough is not on port 389...

Brian Bonner wrote:

>We're having a problem authenticating with Tomcat 5.5.9 against
>multiple organizational units.  Our LDAP server is Active Directory.
>
>Here's our current setup:
>
><Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
>	     connectionURL="ldap://ldapdc.thf.net:389"
>	userBase="dc=thf,dc=net"
>	userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net))"
>        userSearch="(cn={0})"
>	userSubTree="true"
>	userRoleName="memberOf"
>	roleBase="cn=Users,dc=thf,dc=net"
>	roleSearch="(member={0})"
>	roleName="cn"
>	connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
>	connectionPassword="sample"
>	roleSubtree="true"
>/>
>
>When we search using this criteria, we see the following in the log:
>
>CA 2005-10-17 11:16:31,283 Thread-1           DEBUG
>org.apache.catalina.realm.RealmBase  - Register Realm
>Catalina:type=Realm
>CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
>org.apache.catalina.realm.RealmBase  -   Checking constraint
>'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
>true
>CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
>org.apache.catalina.realm.RealmBase  -   Checking constraint
>'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
>true
>CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
>org.apache.catalina.realm.RealmBase  -   User data constraint has no
>restrictions
>
>
>However, instead, I'm prompted with the authentication form and asked
>for my userid/password.
>
>Can someone suggest what I might be doing wrong in this configuration,
>or how I can enable additional logging to tell me what is failing?
>
>Thanks.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message