JNDIRealm is jakarta-tomcat-catalina for tomcat5, jakarta-tomcat-4.0/catalina/ for tomcat4
I recommend more exploration before accepting an error code2 as a valid login. Its a kluge around the MS's ldap implementation and such a kluge probably won't make it back into the source tree. I have seen problems with respect to JNDIRealm and MS with respect to commas, or other weird characters in the DN with respect to escaping. (I don't remember any more details, it is to horrifing an experience to recall) There might also be a Bugzilla report with respect to it.
-Tim
Davi Leal wrote:
Hi,
I am using tomcat 4.1.27, Java sdk-1.4.1_02 and JNDIRealm to use the Micro$oft Site Server service to authenticate our webapps.
I get an "error code 2" exception (Protocol Error) only when the user and the password is right. That is to say, when an OK is expected. I am thinking about modify the JNDIRealm to support that Micro$oft returned 'code', instead of raising an exception. It looks easy :) . You can see below the appointed catalina log.
Can you supply me any URL, CVS repository, or whatever which points me to the JNDI source code?.
I have read the JNDI API I must use is the one included in Java sdk 1.4.2.
Last question: Can we solve the 'M$ protocol' issue just using Tomcat 5.0?.
Regards, Davi Leal
Tim Funk wrote:
I have gotten JNDIRealm to work against iPlanet. I have heard others get it working against: - Active Directory (I personally had problems due to some IT policies) - Novell - OpenLDAP
But in the worst case - the code is open for change so creating a custom Realm should be simple if one understands JNDI programming. Which is what I had to do with respect to ActiveDirectory and wacky business rules vs domain setup.
-Tim
David Diaz wrote:
Reference: http://www.weblogic.com/docs51/admindocs/ldap2.html#intro
The WebLogic LDAP realm has been tested against the following LDAP servers: * OpenLDAP * iPlanet Directory Server * Microsoft Site Server
I would like to get a similar Tomcat link to show to my boss.
APPENDIX ========
The catalina log ----------------
59 JNDIRealm[Standalone]: Connecting to URL ldap://host:1003
* Testing with a no-existent user:
44 JNDIRealm[Standalone]: lookupUser(davi) 44 JNDIRealm[Standalone]: dn=cn=davi,ou=Members,o=tpi 44 JNDIRealm[Standalone]: validating credentials by binding as the user 44 JNDIRealm[Standalone]: binding as cn=davi,ou=Members,o=org 44 JNDIRealm[Standalone]: bind attempt failed 44 JNDIRealm[Standalone]: Autentificacižn fallida para el usuario davi
* Testing with an user which is right, but using a worng password:
36 JNDIRealm[Standalone]: lookupUser(ph32796) 36 JNDIRealm[Standalone]: dn=cn=ph32796,ou=Members,o=org 36 JNDIRealm[Standalone]: validating credentials by binding as the user 36 JNDIRealm[Standalone]: binding as cn=ph32796,ou=Members,o=org 36 JNDIRealm[Standalone]: bind attempt failed 36 JNDIRealm[Standalone]: Autentificacižn fallida para el usuario ph32796
* Testing with both user and password right:
09 JNDIRealm[Standalone]: lookupUser(phe2796)
09 JNDIRealm[Standalone]: dn=cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: validating credentials by binding as the user
09 JNDIRealm[Standalone]: binding as cn=phe2796,ou=Members,o=org
09 JNDIRealm[Standalone]: Excepcižn al realizar la autentificacižn
javax.naming.CommunicationException: [LDAP: error code 2 - Protocol Error]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2965)
...
09 JNDIRealm[Standalone]: Closing directory context
The realm we are using in server.xml ------------------------------------
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionName="cn=PHE2796,ou=Members,o=org" connectionPassword="****" connectionURL="ldap://host:1003"; userPattern="cn={0},ou=Members,o=org" userSubtree="true" roleBase="ou=UserCFuncional,ou=CFuncional,ou=Groups,o=org" roleName="cn" roleSearch="(uniqueMember={0})" />
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
