Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 41649 invoked from network); 1 Nov 2006 10:45:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Nov 2006 10:45:13 -0000 Received: (qmail 26384 invoked by uid 500); 1 Nov 2006 10:45:12 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 26365 invoked by uid 500); 1 Nov 2006 10:45:12 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 26354 invoked by uid 99); 1 Nov 2006 10:45:12 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Nov 2006 02:45:12 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [134.58.240.45] (HELO thumbler.kulnet.kuleuven.ac.be) (134.58.240.45) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 01 Nov 2006 02:44:59 -0800 Received: from localhost (localhost [127.0.0.1]) by thumbler.kulnet.kuleuven.ac.be (Postfix) with ESMTP id 9668D138950 for ; Wed, 1 Nov 2006 11:44:37 +0100 (CET) Received: from smtps01 (octavianus.kulnet.kuleuven.ac.be [134.58.240.71]) by thumbler.kulnet.kuleuven.ac.be (Postfix) with ESMTP id 8900213833A for ; Wed, 1 Nov 2006 11:44:36 +0100 (CET) Received: from [192.168.1.3] (118.107-136-217.adsl-dyn.isp.belgacom.be [217.136.107.118]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtps01 (Postfix) with ESMTP id 4B2732E68CA for ; Wed, 1 Nov 2006 11:44:33 +0100 (CET) Message-ID: <45487A8B.4020507@industria.be> Date: Wed, 01 Nov 2006 11:44:27 +0100 From: Velpi Organization: studentenvereniging Industria vzw User-Agent: Thunderbird 1.5.0.7 (Windows/20060909) MIME-Version: 1.0 To: Tomcat Users List Subject: Re: JNDI Realm and Active Directory root search References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by KULeuven Antivirus Cluster X-Virus-Checked: Checked by ClamAV on apache.org > I'm trying to get a JNDI Realm working as one might expect with Active > Directory. > > Tomcat 5.5.20 > Java 1.5.06 > Windows 2000 Server > > The basic issue is that searching from a domain root "dc=company,dc=com" and > using userSubtree="true" results in: > > Oct 31, 2006 3:18:20 PM org.apache.catalina.realm.JNDIRealm authenticate > SEVERE: Exception performing authentication > javax.naming.PartialResultException: Unprocessed Continuation Reference(s); > remaining name 'dc=company,dc=com' > > If I use a more specific search base of "ou=Employees,dc=company,dc=com" and > then the userSubtree is irrelevant, it works fine. > > Problem is our AD structure demands that users be in two different OU's and > thus the search must be done from the root. I understand that AD does not > handle referrals as expected and that could be contributing. http://www.mail-archive.com/cas@tp.its.yale.edu/msg00797.html In this case I suggest adjusting the local hosts file to fool DNS (c:\windows\system32\drivers\etc\hosts). Find out the wrong DNS name in the referral and point that name to your real AD. -- Velpi --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org