Hi, I think users of this mailing list are more used to java stacktrace then ldap low level protocol :) the JNDIRealm is using the LDAP contextFactory in your case, i suggest you run tomcat in eclipse with breakpoints inside JNDIRealms, and do a step by step to locate which call you think is wrong with the realm, bu i suspect the context is simply getting informations about the user after the binding to get roles of user.
Thomas Schwitter a écrit : >Sorry I try it again with a better formatted mail. Hope for answers > >Hi there >I authenticate my users against Active directory Windows 2003. > >This is the configuration: > <Realm name="TEST_Realm" > className="org.apache.catalina.realm.JNDIRealm" debug="99" > connectionName="CN=query,OU=Ressourcen,DC=xx,DC=xxx" > connectionPassword="xxx" > connectionURL="ldap://172.27.17.100:389"; > referrals="follow" > userBase="DC=xxx,DC=xxx" > userSubtree="true" > userSearch="sAMAccountName={0}" > userRoleName="memeberOf" > > /> > > > >It works. >But when I take a look with Etherreal, I See the following: > >I would expect the communication to finish after frame 6. (After the bind >with the User credentials) >explain what happen in frame 7 to 10 ? > > >Thx > > >Frame 1 (113 bytes on wire, 113 bytes captured) >Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84 >Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr: >172.27.17.100 (172.27.17.100) >Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389), >Seq: 0, Ack: 0, Len: 59 >Lightweight Directory Access Protocol, Bind Request > Message Id: 5 > Message Type: Bind Request (0x00) > Message Length: 52 > Response In: 2 > Version: 3 > DN: CN=query,OU=Ressourcen,DC=xxf,DC=xx > Auth Type: Simple (0x00) > Password: xxx > > > >Frame 2 (76 bytes on wire, 76 bytes captured) >Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d >Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr: >172.27.20.69 (172.27.20.69) >Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400), >Seq: 0, Ack: 59, Len: 22 >Lightweight Directory Access Protocol, Bind Result > Message Id: 5 > Message Type: Bind Result (0x01) > Message Length: 7 > Response To: 1 > Time: 0.001871000 seconds > Result Code: Success (0x00) > Matched DN: (null) > Error Message: (null) > > >Frame 3 (130 bytes on wire, 130 bytes captured) >Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84 >Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr: >172.27.17.100 (172.27.17.100) >Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389), >Seq: 59, Ack: 22, Len: 76 >Lightweight Directory Access Protocol, Search Request > Message Id: 6 > Message Type: Search Request (0x03) > Message Length: 69 > Response In: 4 > Base DN: DC=xx,DC=xx > Scope: Subtree (0x02) > Dereference: Always (0x03) > Size Limit: 0 > Time Limit: 0 > Attributes Only: False > Filter: (sAMAccountName=tschw) > Attribute: memberOf > > >Frame 4 (857 bytes on wire, 857 bytes captured) >Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d >Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr: >172.27.20.69 (172.27.20.69) >Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400), >Seq: 22, Ack: 135, Len: 803 >Lightweight Directory Access Protocol, Search Entry > Message Id: 6 > Message Type: Search Entry (0x04) > Message Length: 700 > Response To: 3 > Time: 0.001568000 seconds > Distinguished Name: CN=xx,OU=User SHL,OU=xx,DC=xxDC=xx > Attribute: memberOf >Lightweight Directory Access Protocol, Search Result Reference > Message Id: 6 > Message Type: Search Result Reference (0x13) > Message Length: 51 > Response To: 3 > Time: 0.001568000 seconds > Reference URL: ldap://xx/CN=Configuration,DC=xx,DC=xx >Lightweight Directory Access Protocol, Search Result > Message Id: 6 > Message Type: Search Result (0x05) > Message Length: 7 > Response To: 3 > Time: 0.001568000 seconds > Result Code: Success (0x00) > Matched DN: (null) > Error Message: (null) > >Frame 5 (138 bytes on wire, 138 bytes captured) >Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84 >Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr: >172.27.17.100 (172.27.17.100) >Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389), >eq: 135, Ack: 825, Len: 84 >Lightweight Directory Access Protocol, Bind Request > Message Id: 7 > Message Type: Bind Request (0x00) > Message Length: 77 > Response In: 6 > Version: 3 > DN: CN=xx,OU=xx,OU=xxn,DC=xx,DC=xx > Auth Type: Simple (0x00) > Password: xxxx > >Frame 6 (76 bytes on wire, 76 bytes captured) >Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d >Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr: >172.27.20.69 (172.27.20.69) >Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400), >Seq: 825, Ack: 219, Len: 22 >Lightweight Directory Access Protocol, Bind Result > Message Id: 7 > Message Type: Bind Result (0x01) > Message Length: 7 > Response To: 5 > Time: 0.002342000 seconds > Result Code: Success (0x00) > Matched DN: (null) > Error Message: (null) > >Frame 7 (93 bytes on wire, 93 bytes captured) >Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84 >Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr: >172.27.17.100 (172.27.17.100) > >Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389), >Seq: 219, Ack: 847, Len: 39 >Lightweight Directory Access Protocol, Search Request > Message Id: 8 > Message Type: Search Request (0x03) > Message Length: 32 > Response In: 8 > Base DN: (null) > Scope: Base (0x00) > Dereference: Always (0x03) > Size Limit: 0 > Time Limit: 0 > Attributes Only: False > Filter: (objectClass=*) > >Frame 8 (1514 bytes on wire, 1514 bytes captured) >Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d >Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr: >172.27.20.69 (172.27.20.69) >Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400), >Seq: 847, Ack: 258, Len: 1460 >Lightweight Directory Access Protocol, Search Entry > Message Id: 8 > Message Type: Search Entry (0x04) > Message Length: 1827 > Response To: 7 > Time: 0.001069000 seconds > Distinguished Name: (null) > Attribute: currentTime > Attribute: subschemaSubentry > Attribute: dsServiceName > Attribute: namingContexts > Attribute: defaultNamingContext > Attribute: schemaNamingContext > Attribute: configurationNamingContext > Attribute: rootDomainNamingContext > Attribute: supportedControl > Attribute: supportedLDAPVersion > Attribute: supportedLDAPPolicies > Attribute: highestCommittedUSN > Attribute: supportedSASLMechanisms >[Short Frame: LDAP] > >Frame 9 (458 bytes on wire, 458 bytes captured) > >Ethernet II, Src: 00:03:47:9b:28:84, Dst: 00:30:05:4e:31:1d >Internet Protocol, Src Addr: 172.27.17.100 (172.27.17.100), Dst Addr: >172.27.20.69 (172.27.20.69) >Transmission Control Protocol, Src Port: ldap (389), Dst Port: 4400 (4400), >Seq: 2307, Ack: 258, Len: 404 >Lightweight Directory Access Protocol, Search Result > Message Id: 8 > Message Type: Search Result (0x05) > Message Length: 7 > Result Code: Success (0x00) > Matched DN: (null) > Error Message: (null) > > >Frame 10 (54 bytes on wire, 54 bytes captured) >Ethernet II, Src: 00:30:05:4e:31:1d, Dst: 00:03:47:9b:28:84 >Internet Protocol, Src Addr: 172.27.20.69 (172.27.20.69), Dst Addr: >172.27.17.100 (172.27.17.100) >Transmission Control Protocol, Src Port: 4400 (4400), Dst Port: ldap (389), >Seq: 258, Ack: 2711, Len: 0 > > > > > > > > > > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
