It looks like you are configured for anonymous bind. By default, the AD LDAP implementation does not allow anonymous bind. You have two ways of handling this:
1. Configure your AD tree to allow anonymous bind. Essentially, you will need to create an ACL against the appropriate object (container) in the tree. 2. Create a low powered user that has read access to the directory tree and configure the realm to bind as that user.. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 > -----Original Message----- > From: Michal Kwiatek [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 11, 2005 8:17 AM > To: Tomcat Users List > Subject: tomcat and active directory > > Has any of you managed to configure tomcat JNDIRealm to talk to Active > Directory? > I'm having a hard time setting it up and my wild guess is that the > JNDIRealm does not support SASL mechanism. > > Here's my config: > > <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionURL="ldap://cern.ch"; > userBase="OU=Organic Units,DC=cern,DC=ch" > userSearch="(userPrincipalName={0})" > userRoleName="memberOf" > /> > > my error message: > > 2005-08-11 15:57:06 org.apache.catalina.realm.JNDIRealm authenticate > SEVERE: Exception performing authentication > javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: > DSID-0C09 > 0627, comment: In order to perform this operation a > successful bind must > be comp > leted on the connection., data 0, vece ]; remaining name 'OU=Organic > Units,DC=ce > rn,DC=ch' > > At the same time, I can connect to Active Directory with the same > settings using ldapsearch: > > ldapsearch -h cerndc01.cern.ch -p 389 -D [EMAIL PROTECTED] -w > my_password > -b 'OU=Organic Units,DC=cern,DC=ch' [EMAIL PROTECTED] > > Any ideas? > > Thanks in advance, > Michal. > > > -----Original Message----- > > From: Michal Kwiatek [mailto:[EMAIL PROTECTED] > > Sent: Thursday, August 11, 2005 4:06 PM > > To: Tomcat Users List > > Subject: RE: realm in context in war file > > > > I've sorted it out: the problem was in the syntax! I was > > using "context" > > instead of "Context", and tomcat (5.0.28) simply ignored it > > without writing any error message. > > > > But thanks for the tip for 5.5 - I'm going to migrate soon, > > so it will be useful. > > > > Michal. > > > > > -----Original Message----- > > > From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, August 11, 2005 4:03 PM > > > To: Tomcat Users List > > > Subject: RE: realm in context in war file > > > > > > > From: Michal Kwiatek [mailto:[EMAIL PROTECTED] > > > > Subject: realm in context in war file > > > > > > > > I have the following context definition: > > > > > > > > <context path="/test1" override="true" > > > docBase="webapps/test1"> <realm > > > > className="org.apache.catalina.realm.MemoryRealm" > > > > debug="9999" > > > > pathname="webapps/test1/META-INF/context-users.xml" > > > > /> > > > > </context> > > > > > > What level of Tomcat are you using? If it's 5.5, you > > should not have > > > a path attribute. If you remove the pathname attribute from the > > > <realm> tag, does authentication function with the default > > > conf/tomcat-users.xml? > > > > > > - Chuck > > > > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > > > PROPRIETARY MATERIAL and is thus for use only by the intended > > > recipient. If you received this in error, please contact > the sender > > > and delete the e-mail and its attachments from all computers. > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
