Has any of you managed to configure tomcat JNDIRealm to talk to Active
Directory?
I'm having a hard time setting it up and my wild guess is that the
JNDIRealm does not support SASL mechanism.
Here's my config:
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://cern.ch";
userBase="OU=Organic Units,DC=cern,DC=ch"
userSearch="(userPrincipalName={0})"
userRoleName="memberOf"
/>
my error message:
2005-08-11 15:57:06 org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr:
DSID-0C09
0627, comment: In order to perform this operation a successful bind must
be comp
leted on the connection., data 0, vece ]; remaining name 'OU=Organic
Units,DC=ce
rn,DC=ch'
At the same time, I can connect to Active Directory with the same
settings using ldapsearch:
ldapsearch -h cerndc01.cern.ch -p 389 -D [EMAIL PROTECTED] -w my_password
-b 'OU=Organic Units,DC=cern,DC=ch' [EMAIL PROTECTED]
Any ideas?
Thanks in advance,
Michal.
> -----Original Message-----
> From: Michal Kwiatek [mailto:[EMAIL PROTECTED]
> Sent: Thursday, August 11, 2005 4:06 PM
> To: Tomcat Users List
> Subject: RE: realm in context in war file
>
> I've sorted it out: the problem was in the syntax! I was
> using "context"
> instead of "Context", and tomcat (5.0.28) simply ignored it
> without writing any error message.
>
> But thanks for the tip for 5.5 - I'm going to migrate soon,
> so it will be useful.
>
> Michal.
>
> > -----Original Message-----
> > From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
> > Sent: Thursday, August 11, 2005 4:03 PM
> > To: Tomcat Users List
> > Subject: RE: realm in context in war file
> >
> > > From: Michal Kwiatek [mailto:[EMAIL PROTECTED]
> > > Subject: realm in context in war file
> > >
> > > I have the following context definition:
> > >
> > > <context path="/test1" override="true"
> > docBase="webapps/test1"> <realm
> > > className="org.apache.catalina.realm.MemoryRealm"
> > > debug="9999"
> > > pathname="webapps/test1/META-INF/context-users.xml"
> > > />
> > > </context>
> >
> > What level of Tomcat are you using? If it's 5.5, you
> should not have
> > a path attribute. If you remove the pathname attribute from the
> > <realm> tag, does authentication function with the default
> > conf/tomcat-users.xml?
> >
> > - Chuck
> >
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
> > PROPRIETARY MATERIAL and is thus for use only by the intended
> > recipient. If you received this in error, please contact the sender
> > and delete the e-mail and its attachments from all computers.
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
