Hi I've managed to solve this problem by adding the attribute: referrals="follow" to the <JNDIRealm> element in the server.xml file.
Hope this will help somebody else one day. Regards Carel-J On Tue, 12 Aug 2003 21:18:59 +0200 carel-j rischmuller ([EMAIL PROTECTED]) wrote: >Good day. > >I've succeeded in setting up the JNDIRealm to connect and >authenticate to AD (Active Directory) if the exact context (tree path) >to the user element is known. I just set the userBase to that exact >context. E.g. userBase="ou=Office1,dc=Company,dc=net" > >However, I'm having trouble setting up JNDIRealm to connect to AD *IF* >you don't know the exact context to a user element, but need to search >through a couple of subtrees to locate it. > >Thus, the system need to authenticate users that could be under any >subtree laying below "dc=Company,dc=net" > >I thought that I'd just specify the userBase in the JNDIRealm as: >userBase="dc=Company,dc=net" but this generate the exception: >javax.naming.PartialResultException: Unprocessed Continuation >Reference(s); remaining name 'dc=Company,dc=net' > >It seems, the way to do multiple subtree searches in JNDI is by means >of "Referrals". >(http://java.sun.com/products/jndi/tutorial/ldap/referral/jndi.html) >but this does not work for AD. In AD you use a "Global Catalog" to do >subtree (forest) searches. > >Now the question: Does anybody know if you can do "Global Catalog" >searches via JNDI? And if not, is there another way to solve this >problem? > >Thanks in advance >carel-j > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]