tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Bonner <bkbon...@gmail.com>
Subject Re: Authenticating with LDAP against multiple organizational units
Date Mon, 17 Oct 2005 19:52:07 GMT
Thanks.  It turns out the problem was related to the userPattern:

I had:  |((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net))

I had one two many sets of parentheses.  I needed:

|(cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf,dc=net)

and it worked fine.

Brian
On 10/17/05, Robyne Vaughn <rvaughn@lubbockisd.org> wrote:
>
>
> In fact, it sounds like you are connecting to the ADS, and now you need
> to bind.
> Robyne Vaughn
>
>   _____
>
>
>
> -----Original Message-----
> From: Jess Holle [mailto:jessh@ptc.com]
> Sent: Monday, October 17, 2005 9:45 AM
> To: Tomcat Users List
> Subject: Re: Authenticating with LDAP against multiple organizational
> units
>
>
> My guess is that you need to direct the LDAP URL at the ADS "global
> catalog", which oddly enough is not on port 389...
>
> Brian Bonner wrote:
>
> >We're having a problem authenticating with Tomcat 5.5.9 against
> >multiple organizational units.  Our LDAP server is Active Directory.
> >
> >Here's our current setup:
> >
> ><Realm className="org.apache.catalina.realm.JNDIRealm" debug="3"
> >            connectionURL="ldap://ldapdc.thf.net:389"
> >       userBase="dc=thf,dc=net"
> >
> userPattern="|((cn={0},ou=Users,dc=thf,dc=net)(cn={0},ou=THFUsers,dc=thf
> ,dc=net))"
> >        userSearch="(cn={0})"
> >       userSubTree="true"
> >       userRoleName="memberOf"
> >       roleBase="cn=Users,dc=thf,dc=net"
> >       roleSearch="(member={0})"
> >       roleName="cn"
> >       connectionName="cn=SecuredUser,cn=Users,dc=thf,dc=net"
> >       connectionPassword="sample"
> >       roleSubtree="true"
> >/>
> >
> >When we search using this criteria, we see the following in the log:
> >
> >CA 2005-10-17 11:16:31,283 Thread-1           DEBUG
> >org.apache.catalina.realm.RealmBase  - Register Realm
> >Catalina:type=Realm CA 2005-10-17 11:16:44,767 http-8080-Processor25
> >DEBUG
> >org.apache.catalina.realm.RealmBase  -   Checking constraint
> >'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
> >true CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
> >org.apache.catalina.realm.RealmBase  -   Checking constraint
> >'SecurityConstraint[Secured Pages]' against GET /secured/test.html -->
> >true
> >CA 2005-10-17 11:16:44,767 http-8080-Processor25 DEBUG
> >org.apache.catalina.realm.RealmBase  -   User data constraint has no
> >restrictions
> >
> >
> >However, instead, I'm prompted with the authentication form and asked
> >for my userid/password.
> >
> >Can someone suggest what I might be doing wrong in this configuration,
> >or how I can enable additional logging to tell me what is failing?
> >
> >Thanks.
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> >For additional commands, e-mail: users-help@tomcat.apache.org
> >
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message