tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Propes, Barry L " <>
Subject RE: Connection to ApacheDS LDAP
Date Mon, 04 Nov 2013 16:08:07 GMT

-----Original Message-----
From: Daniel Mikusa [] 
Sent: Monday, November 04, 2013 9:57 AM
To: Tomcat Users List
Subject: Re: Connection to ApacheDS LDAP

On Nov 4, 2013, at 10:49 AM, Shai Levit <> wrote:

> My apologies in advance for some of the syntax and verbiage - I am a newbie in all of
this, but did do my reading / research / and chat on IRC's.
> The current setup I have is this:
> Apache DS LDAP version 2.0.0-M14 running on Linux with Port 8660. The 
> server instance works fine and I am able to do a search via Apache API in Java (Eclipse).
I bind to this server anonymously via connection.bind() Tomcat  version 7.0.47 running on
Mac OS X (Maverick) with Port 8080. The Tomcat instance work fine using the installed default
values. I am able to run simple REST API and consume them via any browser.
> Issue: I am trying to create a connection to the LDAP server via anonymous binding. I
configured the appropriate conf file: server.xml with the REALM as follows:
>   <Realm className="org.apache.catalina.realm.JNDIRealm"
> 			connectionURL="ldap://" debug="99"
> 			userBase="dc=sumsmail,dc=com"
> 			userSearch="(mail{0})"
> 			userSearch="(userCertificate{0})"

Why do you have "userSearch" specified twice?  That's what's causing the exception below.

> 			userSubtree="true"
> 			roleBase="dc=sumsmail,dc=com"
> 			roleName="cn"
> 			roleSearch="(mail={0})"
> 			roleSearch="(userCertificate={0})"

This will likely cause a similar exception, you can only specify these attributes one.


> 			roleSubtree="true"
> 			/>
>      </Realm>
>      <Host name="localhost"  appBase="webapps"
>            unpackWARs="true" autoDeploy="true">

Not that I'm particularly knowledgeable about configuring LDAP, because I'm not but looking
at the error I wondered what Dan did - why did you have the userSearch attribute listed twice?
You also have the roleSearch attribute listed twice, though it might not show that error since
it spits up at the first one.

To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message