tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Velpi <ve...@industria.be>
Subject Re: JNDI Realm and Active Directory root search
Date Wed, 01 Nov 2006 10:44:27 GMT
> I'm trying to get a JNDI Realm working as one might expect with Active
> Directory.
> 
> Tomcat 5.5.20
> Java 1.5.06
> Windows 2000 Server
> 
> The basic issue is that searching from a domain root "dc=company,dc=com" and
> using userSubtree="true" results in:
> 
> Oct 31, 2006 3:18:20 PM org.apache.catalina.realm.JNDIRealm authenticate
> SEVERE: Exception performing authentication
> javax.naming.PartialResultException: Unprocessed Continuation Reference(s);
> remaining name 'dc=company,dc=com'
> 
> If I use a more specific search base of "ou=Employees,dc=company,dc=com" and
> then the userSubtree is irrelevant, it works fine.
> 
> Problem is our AD structure demands that users be in two different OU's and
> thus the search must be done from the root. I understand that AD does not
> handle referrals as expected and that could be contributing.

http://www.mail-archive.com/cas@tp.its.yale.edu/msg00797.html

In this case I suggest adjusting the local hosts file to fool DNS 
(c:\windows\system32\drivers\etc\hosts). Find out the wrong DNS name in 
the referral and point that name to your real AD.

-- Velpi

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message