tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Galić <i.ga...@brainsware.org>
Subject Re: JNDI: LDAPv3 with StartTLS
Date Mon, 16 Aug 2010 22:39:14 GMT

----- "Felix Schumacher" <felix.schumacher@internetallee.de> wrote:

> On Sun, 15 Aug 2010 21:33:09 +0000 (UTC), Igor Galić
> <i.galic@brainsware.org> wrote:
> > ----- "Felix Schumacher" <felix.schumacher@internetallee.de> wrote:
> > 
> >> Ok, my patch will not work, since new InitialDirContext(env) will
> not
> >> create a LdapContext, but a DirContext. You could try to change
> new
> >> InitialDirContext(env) into InitalLdapContext(env, null) as used
> in
> >> the
> >> sun startssl example.
> I have implemented a InitialContextFactory which does startTLS
> internally.
> 
> That factory can be used with the standard JNDIRealm implementation.
> Just 
> extend your original Realm with
>  <Realm 
>  ...
>    contextFactory="dummy.LdapTlsContextFactory"
>  ...
>  />

Following your advise, I compiled the source (within the tree) and extended
the configuration to this:

               <Realm className="org.apache.catalina.realm.JNDIRealm"
                        connectionURL="ldap://mail.brainsware.org:389/"
                        alternateURL="ldap://mail.esotericsystems.at:389"
                        commonRole="admin" connectionName="uid=whatever" connectionPassword="securityisgreat."
                        userBase="ou=people,dc=brainsware,dc=org" userPattern="(uid={0})(postOfficeBox=internal_projects)"
                        startTLS="true" contextFactory="org.apache.naming.factory.LdapTlsContextFactory"
                        userSearch="(uid={0})" />

The wireshark trace still looks the same.
But the stacktrace is now two:

INFO: Starting Servlet Engine: Apache Tomcat/6.0.0-dev
Aug 16, 2010 10:37:25 PM org.apache.catalina.realm.JNDIRealm open
WARNING: Exception performing authentication
javax.naming.AuthenticationNotSupportedException: [LDAP: error code 13 - confidentiality required]
        at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3032)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
        at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
        at org.apache.naming.factory.LdapTlsContextFactory$ProxyLdapContext.<init>(LdapTlsContextFactory.java:31)
        at org.apache.naming.factory.LdapTlsContextFactory$ProxyLdapContext.<init>(LdapTlsContextFactory.java:25)
        at org.apache.naming.factory.LdapTlsContextFactory.getInitialContext(LdapTlsContextFactory.java:96)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
        at javax.naming.InitialContext.init(InitialContext.java:223)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
        at org.apache.catalina.realm.JNDIRealm.open(JNDIRealm.java:1982)
        at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:2087)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1037)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
        at org.apache.catalina.core.StandardService.start(StandardService.java:519)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 16, 2010 10:37:26 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start: 
LifecycleException:  Exception opening directory server connection:  javax.naming.NotContextException:
Not an instance of LdapContext
        at org.apache.catalina.realm.JNDIRealm.start(JNDIRealm.java:2089)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1037)
        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:445)
        at org.apache.catalina.core.StandardService.start(StandardService.java:519)
        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Aug 16, 2010 10:37:26 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 538 ms


> 
> Bye
>  Felix

bye,
i

-- 
Igor Galić

Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message