tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robyne Vaughn" <rvau...@lubbockisd.org>
Subject RE: Authenticating with LDAP against multiple organizational units
Date Mon, 17 Oct 2005 15:55:31 GMT


In fact, it sounds like you are connecting to the ADS, and now you need
to bind.
Robyne Vaughn
 
  _____  



-----Original Message-----
From: Jess Holle [mailto:jessh@ptc.com] 
Sent: Monday, October 17, 2005 9:45 AM
To: Tomcat Users List
Subject: Re: Authenticating with LDAP against multiple organizational
units


My guess is that you need to direct the LDAP URL at the ADS "global 
catalog", which oddly enough is not on port 389...

Brian Bonner wrote:

>We're having a problem authenticating with Tomcat 5.5.9 against 
>multiple organizational units.  Our LDAP server is Active Directory.
>
>Here's our current setup:
>
><Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
>	     connectionURL="ldap://ldapdc.thf.net:389"
>	userBase="dc=thf,dc=net"
>
userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf
,dc=net))"
>        userSearch="(cn={0})"
>	userSubTree="true"
>	userRoleName="memberOf"
>	roleBase="cn=Users,dc=thf,dc=net"
>	roleSearch="(member={0})"
>	roleName="cn"
>	connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
>	connectionPassword="sample"
>	roleSubtree="true"
>/>
>
>When we search using this criteria, we see the following in the log:
>
>CA 2005-10-17 11:16:31,283 Thread-1           DEBUG
>org.apache.catalina.realm.RealmBase  - Register Realm 
>Catalina:type=Realm CA 2005-10-17 11:16:44,767 http-8080-Processor25 
>DEBUG
>org.apache.catalina.realm.RealmBase  -   Checking constraint
>'SecurityConstraint[Secured Pages]' against GET /secured/test.html --> 
>true CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
>org.apache.catalina.realm.RealmBase  -   Checking constraint
>'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
>true
>CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
>org.apache.catalina.realm.RealmBase  -   User data constraint has no
>restrictions
>
>
>However, instead, I'm prompted with the authentication form and asked 
>for my userid/password.
>
>Can someone suggest what I might be doing wrong in this configuration, 
>or how I can enable additional logging to tell me what is failing?
>
>Thanks.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message