Hi all, I'm also trying to authenticate to AD from Tomcat. I'm having some struggles.
When you use this Realm, do you specify basic or form authentication in your web-app.xml? I wish I knew how your ADS forest was arranged. I'm having trouble figuring out what I need to use - what trail to follow - what keywords to use. Our AD admin is either not knowlegeable enough to tell me or I'm asking the wrong questions. Thanks, Robyne -----Original Message----- From: Pitre, Russell [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 11:34 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: RE: Tomcat and Active Directory / 2003 This is my realm setup in my server.xml config.... <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" connectionURL="ldap://[domain controller]:389" userBase="OU=Users,OU=Shawmut,DC=[domain],DC=com" userSearch="(sAMAccountName={0})" userRoleName="member" roleBase="OU=Users,OU=Shawmut,DC=[domain],DC=com" roleName="memberOf" roleSearch="(memberOf=CN=tomcat,CN=Users,DC=shawmut,DC=com)" connectionName="CN=Administrator,CN=Users,DC=shawmut,DC=com" connectionPassword="[password]" roleSubtree="true" userSubtree="true"/> hope this helps.... Russ -----Original Message----- From: Matt Fury [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 1:03 PM To: Tomcat Users List Subject: Re: Tomcat and Active Directory / 2003 Hey Thanks for the reply. Tried all those to no avail. :-/ I did see the Tomcat realm how-to but I was wondering if there were issues because it is Micro$oft we're trying to connect to and its 2003. Who knows, their "standard" ldap may not be standard. -Matt --- Yann Cébron <[EMAIL PROTECTED]> wrote: > Two guesses: > > * Did you try using the IP-address instead or use > the FQDN for > connectionURL, maybe there's something wrong w/ DNS? > > * Try w/o MD5 and see if it works then. > > > roleSubtree="True" > > typo - or shouldn't this be "true" > > I guess you already found the documentation here: > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm > > HTH, > Yann > > > BTW: I am using 4.1.27 on Windows 2000 and we're > > trying to connect to a Windows 2003 AD. Has this > > changed at all? > > > > here is the error trace: > > > > Catalina.start: LifecycleException: Exception > opening > > directory server connecti > > on: javax.naming.CommunicationException: > > localhost:389 [Root exception is java. > > net.ConnectException: Connection refused: connect] > > LifecycleException: Exception opening directory > > server connection: javax.namin > > g.CommunicationException: localhost:389 [Root > > exception is java.net.ConnectExcep > > tion: Connection refused: connect] > > > > It keeps saying localhost:389 and I clearly don't > have > > it in the Realm. Here is my setup. > > > > <Realm > className="org.apache.catalina.realm.JNDIRealm" > > debug="99" > > connectionName="cn=TomcatRole,dc=vo,dc=net" > > connectionPassword="*******" > > connectionURL="ldap://orlmsdc001:389"; > > digest="MD5" > > roleBase="dc=roles,dc=vo,dc=net" > > roleName="cn" > > roleSearch="(uniqueMember={0})" > > roleSubtree="True" > > userPassword="*******" > > userPattern="cn={0},dc=vacationsonly,dc=net" /> > > > > > > > > --- Matt Fury <[EMAIL PROTECTED]> wrote: > > > Hi All, > > > > > > I've been trying for several weeks to compile > > > information on Tomcat and Active Directory > through > > > LDAP. I can't quite get all the information I > need > > > and > > > I am hoping someone has a link to what needs to > be > > > done. I want to use the Realms in Tomcat but I > can't > > > seem to connect properly. For some reason it > seems > > > to > > > keep trying to connect to localhost even though > its > > > not specified. > > > > > > Also, does SSL NEED to be implemented in order > to > > > get > > > this to work? I will be doing AD connectivity > > > through > > > LAN only. > > > > > > Thanks. > > > > > > -Matt > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
