On Tue, 17 Aug 2010 21:30:56 +0000 (UTC), Igor Galić
<i.ga...@brainsware.org> wrote:
>> That looks right. I believe I have found one issue with my code. It
>> will
>> get a InitialDirContext with your admin user and password, before it
>> is
>> negotiating TLS. I have attached another ContextFactory, which will
>> remove admin user, password and authentication method prior to TLS
>> negotiation. After (hopefully) establishing TLS it adds those
>> parameters
>> back in. As with the last factory, you should select a package name
>> of
>> your liking.
>
> Done, now the startup looks all fine in the log -- but tshark speaks a
> different language:
>
> r...@iris ~ # tshark host 188.40.115.116
> Running as user "root" and group "root". This could be dangerous.
> Capturing on eth0
> 0.000000 188.40.115.116 -> 188.40.115.121 TCP 42460 > ldap [SYN] Seq=0
...
> 0.488000 188.40.115.116 -> 188.40.115.121 TCP 42460 > ldap [ACK]
Seq=727
> Ack=1914 Win=11648 Len=0 TSV=1189177866 TSER=97730562
>
> This means: We are (disturbingly) sending an SSLv2 Hello, we get an
TLSv1
> reply, and now
> we're happy... Or so I blindly guess from the fact that no error or
> warning are logged..
> I'm still trying to make sense of the ACK, ACK, PSH/ACK -- ACK -- ACK,
> PS/ACK.
Don't know if this is a problem, but I don't think so. You could start
tomcat with -Djavax.net.debug=ssl to see what java thinks about the ssl/tls
handshake.
>
> Anyway, then I try to login, and that's when this happens in the log:
>
> SEVERE: An exception or error occurred in the container during the
request
> processing
> java.lang.reflect.UndeclaredThrowableException
> at $Proxy0.getAttributes(Unknown Source)
> at
>
javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:123)
> at
>
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1217)
> at
>
org.apache.catalina.realm.JNDIRealm.getUserByPattern(JNDIRealm.java:1269)
This means, that you specified userPattern='...' in your realm
configuration. And you since your pattern looks like
'(uid={0})(...)' it is probably wrong. You have specified
userSearch='uid={0}', too. So I believe you want to read the fine
documentation http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html
especially about JNDIRealm and settle using userSearch.
As a side note. I have installed the community version of zimbra and the
default installation seems to be usable without tls at all. It has disabled
simple bind however.
Bye
Felix
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
