tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric B." <>
Subject Re: Re: Trouble configuring LDAP authentication
Date Tue, 11 Aug 2009 19:02:39 GMT
> "Geofrey Rainey" <> wrote in message 
> I remember the big issue I faced regarding the JNDIRealm auth were the
> parameters in my Realm definition, there was one line that once added
> Everything started working, I think it was either "referrals" or "
> "userSearch="(sAMAccountName={0})" - which I recall were both necessary
> in my instance, or one of the "role|usersubtree" ones.
> I found the following link invaluable in configuring my server, it's a
> must read:
> Regarding logging, I found this tutorial quite helpful:

Thanks for the links and the feedback.  Several hours of reading docs 
online, source code, pulling hair and of randomly trying things, I finally 
realized that I had to enable the TRACE level of debugging at the container 
level to get the debugging out.  Unfortunately, doing that means having to 
put the realm defn in the actual context, or there is way too much noise 
generated at a higher level.  But it did finally give me the logging 
information I needed.

Finally, with some additional help, I discovered that the pwd storage 
mechanism in the LDAP server didn't match what Tomcat was expecting, so I 
had to drop the userPassword parameter in the Realm defn, which makes Tomcat 
validate the user/pwd by trying a simple bind to the LDAP server using the 
user's username/pwd instead of retreiving the user's object and checking the 
pwd itself.

Finally, everything seems to work.  ....  Several hours later.

Thanks again,


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message