JNDIRealm why performing two queries against AD
Sorry I try it again with a better formatted mail. Hope for answers
Hi there
I authenticate my users against Active directory Windows 2003.
This is the configuration:
Realm name=TEST_Realm
className=org.apache.catalina.realm.JNDIRealm debug=99
connectionName=CN=query,OU=Ressourcen,DC=xx,DC=xxx
connectionPassword=xxx
connectionURL=ldap://172.27.17.100:389;
referrals=follow
userBase=DC=xxx,DC=xxx
userSubtree=true
userSearch=sAMAccountName={0}
userRoleName=memeberOf
/
It works.
But when I take a look with Etherreal, I See the following:
I would expect the communication to finish after frame 6. (After the bind
with the User credentials)
explain what happen in frame 7 to 10 ?
Thx
Frame 1 (113 bytes on wire, 113 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 0, Ack: 0, Len: 59
Lightweight Directory Access Protocol, Bind Request
Message Id: 5
Message Type: Bind Request (0x00)
Message Length: 52
Response In: 2
Version: 3
DN: CN=query,OU=Ressourcen,DC=xxf,DC=xx
Auth Type: Simple (0x00)
Password: xxx
Frame 2 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 0, Ack: 59, Len: 22
Lightweight Directory Access Protocol, Bind Result
Message Id: 5
Message Type: Bind Result (0x01)
Message Length: 7
Response To: 1
Time: 0.001871000 seconds
Result Code: Success (0x00)
Matched DN: (null)
Error Message: (null)
Frame 3 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 59, Ack: 22, Len: 76
Lightweight Directory Access Protocol, Search Request
Message Id: 6
Message Type: Search Request (0x03)
Message Length: 69
Response In: 4
Base DN: DC=xx,DC=xx
Scope: Subtree (0x02)
Dereference: Always (0x03)
Size Limit: 0
Time Limit: 0
Attributes Only: False
Filter: (sAMAccountName=tschw)
Attribute: memberOf
Frame 4 (857 bytes on wire, 857 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 22, Ack: 135, Len: 803
Lightweight Directory Access Protocol, Search Entry
Message Id: 6
Message Type: Search Entry (0x04)
Message Length: 700
Response To: 3
Time: 0.001568000 seconds
Distinguished Name: CN=xx,OU=User SHL,OU=xx,DC=xxDC=xx
Attribute: memberOf
Lightweight Directory Access Protocol, Search Result Reference
Message Id: 6
Message Type: Search Result Reference (0x13)
Message Length: 51
Response To: 3
Time: 0.001568000 seconds
Reference URL: ldap://xx/CN=Configuration,DC=xx,DC=xx
Lightweight Directory Access Protocol, Search Result
Message Id: 6
Message Type: Search Result (0x05)
Message Length: 7
Response To: 3
Time: 0.001568000 seconds
Result Code: Success (0x00)
Matched DN: (null)
Error Message: (null)
Frame 5 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
eq: 135, Ack: 825, Len: 84
Lightweight Directory Access Protocol, Bind Request
Message Id: 7
Message Type: Bind Request (0x00)
Message Length: 77
Response In: 6
Version: 3
DN: CN=xx,OU=xx,OU=xxn,DC=xx,DC=xx
Auth Type: Simple (0x00)
Password:
Frame 6 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 825, Ack: 219, Len: 22
Lightweight Directory Access Protocol, Bind Result
Message Id: 7
Message Type: Bind Result (0x01)
Message Length: 7
Response To: 5
Time: 0.002342000 seconds
Result Code: Success (0x00)
Matched DN: (null)
Error Message: (null)
Frame 7 (93 bytes on wire, 93
JNDIRealm why performing two queries against AD
Hi there
I authenticate my users against Active directory Windows 2003.
This is the configuration:
Realm name=TEST_Realm
className=org.apache.catalina.realm.JNDIRealm
debug=99
connectionName=CN=query,OU=Ressourcen,DC=xx,DC=xxx
connectionPassword=xxx
connectionURL=ldap://172.27.17.100:389;
referrals=follow
userBase=DC=xxx,DC=xxx
userSubtree=true
userSearch=sAMAccountName={0}
userRoleName=memeberOf
/
It works. but when I take a look with Etherreal I See the following :
I would expect the communication to finish after frame 6. Can someone
explain what happen in frame 7 to 10 ?
Thx
Frame 1 (113 bytes on wire, 113 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 0, Ack: 0, Len: 59
Lightweight Directory Access Protocol, Bind Request
Message Id: 5
Message Type: Bind Request (0x00)
Message Length: 52
Response In: 2
Version: 3
DN: CN=query,OU=Ressourcen,DC=xxf,DC=xx
Auth Type: Simple (0x00)
Password: xxx
Frame 2 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 0, Ack: 59, Len: 22
Lightweight Directory Access Protocol, Bind Result
Message Id: 5
Message Type: Bind Result (0x01)
Message Length: 7
Response To: 1
Time: 0.001871000 seconds
Result Code: Success (0x00)
Matched DN: (null)
Error Message: (null)
Frame 3 (130 bytes on wire, 130 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 59, Ack: 22, Len: 76
Lightweight Directory Access Protocol, Search Request
Message Id: 6
Message Type: Search Request (0x03)
Message Length: 69
Response In: 4
Base DN: DC=xx,DC=xx
Scope: Subtree (0x02)
Dereference: Always (0x03)
Size Limit: 0
Time Limit: 0
Attributes Only: False
Filter: (sAMAccountName=tschw)
Attribute: memberOf
Frame 4 (857 bytes on wire, 857 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 22, Ack: 135, Len: 803
Lightweight Directory Access Protocol, Search Entry
Message Id: 6
Message Type: Search Entry (0x04)
Message Length: 700
Response To: 3
Time: 0.001568000 seconds
Distinguished Name: CN=xx,OU=User SHL,OU=xx,DC=xxDC=xx
Attribute: memberOf
Lightweight Directory Access Protocol, Search Result Reference
Message Id: 6
Message Type: Search Result Reference (0x13)
Message Length: 51
Response To: 3
Time: 0.001568000 seconds
Reference URL: ldap://xx/CN=Configuration,DC=xx,DC=xx
Lightweight Directory Access Protocol, Search Result
Message Id: 6
Message Type: Search Result (0x05)
Message Length: 7
Response To: 3
Time: 0.001568000 seconds
Result Code: Success (0x00)
Matched DN: (null)
Error Message: (null)
Frame 5 (138 bytes on wire, 138 bytes captured)
Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84
Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr:
172.27.17.100 (172.27.17.100)
Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389),
Seq: 135, Ack: 825, Len: 84
Lightweight Directory Access Protocol, Bind Request
Message Id: 7
Message Type: Bind Request (0x00)
Message Length: 77
Response In: 6
Version: 3
DN: CN=xx,OU=xx,OU=xxn,DC=xx,DC=xx
Auth Type: Simple (0x00)
Password:
Frame 6 (76 bytes on wire, 76 bytes captured)
Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d
Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr:
172.27.20.69 (172.27.20.69)
Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400),
Seq: 825, Ack: 219, Len: 22
Lightweight Directory Access Protocol, Bind Result
Message Id: 7
Message Type: Bind Result (0x01)
Message Length: 7
Response To: 5
Time: 0.002342000 seconds
Result Code: Success (0x00)
Matched
